diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-12 01:31:04 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-12 01:31:04 +0000 |
| commit | d12e147eb2efaf70a6c3ba4a07101510bac0984e (patch) | |
| tree | 5f6f66431496d1630585ea05d0975d121e7207fc /app/clipboard | |
| parent | 9ecbadb8e1c370cdc787898a1598abc12a202bbe (diff) | |
| download | chromium_src-d12e147eb2efaf70a6c3ba4a07101510bac0984e.zip chromium_src-d12e147eb2efaf70a6c3ba4a07101510bac0984e.tar.gz chromium_src-d12e147eb2efaf70a6c3ba4a07101510bac0984e.tar.bz2 | |
Make sure an evil renderer can't mess up state of the clipboard, later causing
an untrusted blob to be treated as a GdkPixmap.
BUG=32014
TEST=NONE
Review URL: http://codereview.chromium.org/547014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35982 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'app/clipboard')
| -rw-r--r-- | app/clipboard/clipboard_linux.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/clipboard/clipboard_linux.cc b/app/clipboard/clipboard_linux.cc index f36c480..aec46da 100644 --- a/app/clipboard/clipboard_linux.cc +++ b/app/clipboard/clipboard_linux.cc @@ -215,6 +215,10 @@ void Clipboard::WriteData(const char* format_name, size_t format_len, char* data = new char[data_len]; memcpy(data, data_data, data_len); std::string format(format_name, format_len); + // We assume that certain mapping types are only written by trusted code. + // Therefore we must upkeep their integrity. + if (format == kMimeBmp || format == kMimeURI) + return; InsertMapping(format.c_str(), data, data_len); } |