diff options
author | 2015-06-16 13:23:03 -0700 | |
---|---|---|
committer | 2015-06-16 13:23:03 -0700 | |
commit | 921827bbc78717f514ebd11bf55ac0dd2fe9308c (patch) | |
tree | 7c32a0723c1bcfbbd379484d6ac92709985c1e46 | |
parent | 85ab55114f3e2d688d0705e3482fc77ec8a46a64 (diff) |
Add a note to SkGlobalInitialization_chromium.cpp.
BUG=chromium:486947
Review URL: https://codereview.chromium.org/1193453004
-rw-r--r-- | src/ports/SkGlobalInitialization_chromium.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/ports/SkGlobalInitialization_chromium.cpp b/src/ports/SkGlobalInitialization_chromium.cpp index 0f7d71b207..b3eb3aa743 100644 --- a/src/ports/SkGlobalInitialization_chromium.cpp +++ b/src/ports/SkGlobalInitialization_chromium.cpp @@ -61,6 +61,23 @@ #include "SkMatrixImageFilter.h" #include "SkXfermodeImageFilter.h" +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// +// Adding new classes to Init() below has security consequences in Chrome. +// +// In particular, it is important that we don't create code paths that +// deserialize untrusted data as SkImageFilters; SkImageFilters are sent from +// Chrome renderers (untrusted) to the main (trusted) process. +// +// If you add a new SkImageFilter here _or_ other effect that can be part of +// an SkImageFilter, it's a good idea to have chrome-security@google.com sign +// off on the CL, and at minimum extend SampleFilterFuzz.cpp to fuzz it. +// +// SkPictures are untrusted data. Please be extremely careful not to allow +// SkPictures created in a Chrome renderer to be deserialized in the main process. +// +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + class SkPrivateEffectInitializer { public: static void Init() { |