| Index: src/ports/SkGlobalInitialization_chromium.cpp
|
| diff --git a/src/ports/SkGlobalInitialization_chromium.cpp b/src/ports/SkGlobalInitialization_chromium.cpp
|
| index 0f7d71b207bc9c1f5d491bb00976d644f688d98d..b3eb3aa74352be5366bb2919d5e3acaeeceaeecb 100644
|
| --- a/src/ports/SkGlobalInitialization_chromium.cpp
|
| +++ b/src/ports/SkGlobalInitialization_chromium.cpp
|
| @@ -61,6 +61,23 @@
|
| #include "SkMatrixImageFilter.h"
|
| #include "SkXfermodeImageFilter.h"
|
|
|
| +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
| +//
|
| +// Adding new classes to Init() below has security consequences in Chrome.
|
| +//
|
| +// In particular, it is important that we don't create code paths that
|
| +// deserialize untrusted data as SkImageFilters; SkImageFilters are sent from
|
| +// Chrome renderers (untrusted) to the main (trusted) process.
|
| +//
|
| +// If you add a new SkImageFilter here _or_ other effect that can be part of
|
| +// an SkImageFilter, it's a good idea to have chrome-security@google.com sign
|
| +// off on the CL, and at minimum extend SampleFilterFuzz.cpp to fuzz it.
|
| +//
|
| +// SkPictures are untrusted data. Please be extremely careful not to allow
|
| +// SkPictures created in a Chrome renderer to be deserialized in the main process.
|
| +//
|
| +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
| +
|
| class SkPrivateEffectInitializer {
|
| public:
|
| static void Init() {
|
|
|
Chromium Code Reviews
Issue 1193453004:
Add a note to SkGlobalInitialization_chromium.cpp. (Closed)
Base URL: https://skia.googlesource.com/skia@master