Google Git
Sign in
dawn / dawn / 3310636f526a43b73fc886995e904baddbe788c4
commit3310636f526a43b73fc886995e904baddbe788c4[log] [tgz]
authordan sinclair <dsinclair@chromium.org>Thu Nov 14 15:35:03 2024 +0000
committerDawn LUCI CQ <dawn-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Nov 14 15:35:03 2024 +0000
tree4c503402450c37236164071c5662c73e9d9122ba
parent32363954436092f4d0c5f2c8dd5f1fa8f2ff00af [diff]
Fix(deps): protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

[CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786)
[CWE-835](https://cwe.mitre.org/data/definitions/835.html)

This is an imported pull request from
https://github.com/google/dawn/pull/22

GITHUB_PR_HEAD_SHA=30aa39816b04b31d567a3b85d778a96b92bdf30c
ORIGINAL_AUTHOR=ANDRI ANDRI <47277287+lamcodeofpwnosec@users.noreply.github.com>

GitOrigin-RevId: 5747c0b9a226aa47901ce1d071be1243f4530a87
Change-Id: I58843b166d7b54ebd587ce4c80db5b51a87c30dc
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/214894
Commit-Queue: dan sinclair <dsinclair@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
2 files changed
tree: 4c503402450c37236164071c5662c73e9d9122ba
  1. .github/
  2. .vscode/
  3. build_overrides/
  4. docs/
  5. generator/
  6. include/
  7. infra/
  8. scripts/
  9. src/
  10. test/
  11. third_party/
  12. tools/
  13. webgpu-cts/
  14. build
  15. buildtools
  16. testing
  17. .bazelrc
  18. .clang-format
  19. .clang-tidy
  20. .git-blame-ignore-revs
  21. .gitattributes
  22. .gitignore
  23. .gitmodules
  24. .gn
  25. AUTHORS
  26. BUILD.bazel
  27. BUILD.gn
  28. CMakeLists.txt
  29. CMakeSettings.json
  30. CODE_OF_CONDUCT.md
  31. codereview.settings
  32. CONTRIBUTING.md
  33. CPPLINT.cfg
  34. DEPS
  35. DIR_METADATA
  36. go.mod
  37. go.sum
  38. go_presubmit_support.py
  39. LICENSE
  40. OWNERS
  41. PRESUBMIT.py
  42. README.chromium
  43. README.md
  44. WATCHLISTS
  45. WORKSPACE.bazel
README.md

Build Status Matrix Space

Dawn, a WebGPU implementation

Dawn is an open-source and cross-platform implementation of the WebGPU standard. More precisely it implements webgpu.h that is a one-to-one mapping with the WebGPU IDL. Dawn is meant to be integrated as part of a larger system and is the underlying implementation of WebGPU in Chromium.

Dawn provides several WebGPU building blocks:

  • WebGPU C/C++ headers that applications and other building blocks use.
    • The webgpu.h version that Dawn implements.
    • A C++ wrapper for the webgpu.h.
  • A “native” implementation of WebGPU using platforms' GPU APIs: D3D12, Metal, Vulkan and OpenGL. See per API support for more details.
  • A client-server implementation of WebGPU for applications that are in a sandbox without access to native drivers
  • Tint is a compiler for the WebGPU Shader Language (WGSL) that can be used in standalone to convert shaders from and to WGSL.

Helpful links:

Documentation table of content

Developer documentation:

User documentation: (TODO, figure out what overlaps with the webgpu.h docs)

License

BSD 3-Clause License, please see LICENSE.

Disclaimer

This is not an officially supported Google product.