Tags: abseil/abseil-cpp
Tags
Abseil LTS Branch, Jan 2025, Patch 1 (#1857) -- Fix buffer overflow the internal demangling function The overflow can happen during rollback after a parsing failure, where the null terminator is written without verifying the buffer bounds. Credit to www.code-intelligence.com for reporting this issue PiperOrigin-RevId: 732995553 Change-Id: Ic5075f53e510d270e1784d593defcd53f9121d02 -- Actually use the hint space instruction to strip PAC bits for return addresses in stack traces as the comment says https://android.googlesource.com/platform/libcore/+/71f2c75111e87091616f0f3b86bea6c4d345dad1/src/hotspot/os_cpu/linux_aarch64/pauth_linux_aarch64.inline.hpp PiperOrigin-RevId: 724360415 Change-Id: I691160e43354131a04919765ce283e07c3c933a9
PR #1819: fix compilation with AppleClang (#1820) Imported from GitHub PR #1819 Fix the following error: absl/random/internal/randen_detect.cc:123:12: error: no member named 'nullopt' in namespace 'std'; did you mean 'absl::nullopt'? 123 | return std::nullopt; | ^~~~~~~~~~~~ | absl::nullopt absl/types/optional.h:86:43: note: 'absl::nullopt' declared here 86 | ABSL_INTERNAL_INLINE_CONSTEXPR(nullopt_t, nullopt, | ^ Merge b9a2d39 into 7253ff8 Merging this change closes #1819 COPYBARA_INTEGRATE_REVIEW=#1819 from clementperon:master b9a2d39 PiperOrigin-RevId: 722599523 Change-Id: Ie66cbf9daf3b115668194da8b74acd6a43e12a03 Co-authored-by: Clément Péron <[email protected]>
PR #1819: fix compilation with AppleClang (#1820) Imported from GitHub PR #1819 Fix the following error: absl/random/internal/randen_detect.cc:123:12: error: no member named 'nullopt' in namespace 'std'; did you mean 'absl::nullopt'? 123 | return std::nullopt; | ^~~~~~~~~~~~ | absl::nullopt absl/types/optional.h:86:43: note: 'absl::nullopt' declared here 86 | ABSL_INTERNAL_INLINE_CONSTEXPR(nullopt_t, nullopt, | ^ Merge b9a2d39 into 7253ff8 Merging this change closes #1819 COPYBARA_INTEGRATE_REVIEW=#1819 from clementperon:master b9a2d39 PiperOrigin-RevId: 722599523 Change-Id: Ie66cbf9daf3b115668194da8b74acd6a43e12a03 Co-authored-by: Clément Péron <[email protected]>
Fix potential integer overflow in hash container create/resize (#1811) The sized constructors, reserve(), and rehash() methods of absl::{flat,node}_hash_{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store. Subsequent accesses to the container might then access out-of-bounds memory. The fix is in two parts: 1) Update max_size() to return the maximum number of items that can be stored in the container 2) Validate the size arguments to the constructors, reserve(), and rehash() methods, and abort the program when the argument is invalid We've looked at uses of these containers in Google codebases like Chrome, and determined this vulnerability is likely to be difficult to exploit. This is primarily because container sizes are rarely attacker-controlled. The bug was discovered by Dmitry Vyukov <[email protected]>.
Fix potential integer overflow in hash container create/resize (#1812) The sized constructors, reserve(), and rehash() methods of absl::{flat,node}_hash_{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store. Subsequent accesses to the container might then access out-of-bounds memory. The fix is in two parts: 1) Update max_size() to return the maximum number of items that can be stored in the container 2) Validate the size arguments to the constructors, reserve(), and rehash() methods, and abort the program when the argument is invalid We've looked at uses of these containers in Google codebases like Chrome, and determined this vulnerability is likely to be difficult to exploit. This is primarily because container sizes are rarely attacker-controlled. The bug was discovered by Dmitry Vyukov <[email protected]>.
Fix potential integer overflow in hash container create/resize (#1813) The sized constructors, reserve(), and rehash() methods of absl::{flat,node}_hash_{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store. Subsequent accesses to the container might then access out-of-bounds memory. The fix is in two parts: 1) Update max_size() to return the maximum number of items that can be stored in the container 2) Validate the size arguments to the constructors, reserve(), and rehash() methods, and abort the program when the argument is invalid We've looked at uses of these containers in Google codebases like Chrome, and determined this vulnerability is likely to be difficult to exploit. This is primarily because container sizes are rarely attacker-controlled. The bug was discovered by Dmitry Vyukov <[email protected]>.
Update GoogleTest dependency to 1.15.2 (#1736) This updates to a version of GoogleTest that fixes google/googletest#4581 for downstream users of rules_python Cherry-pick of d0159ea
Apply LTS transformations for 20240722 LTS branch (#1724)
PreviousNext