rpms/chromium
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
chromium/fix-page-allocator-overflow.patch
Than Ngo 8afd224270 - Update to 144.0.7559.59 
* CVE-2026-0899: Out of bounds memory access in V8
  * CVE-2026-0900: Inappropriate implementation in V8
  * CVE-2026-0901: Inappropriate implementation in Blink
  * CVE-2026-0902: Inappropriate implementation in V8
  * CVE-2026-0903: Insufficient validation of untrusted input in Downloads
  * CVE-2026-0904: Incorrect security UI in Digital Credentials
  * CVE-2026-0905: Insufficient policy enforcement in Network
  * CVE-2026-0906: Incorrect security UI
  * CVE-2026-0907: Incorrect security UI in Split View
  * CVE-2026-0908: Use after free in ANGLE
2026-01-14 11:03:27 +01:00

26 lines
1.6 KiB
Diff
Raw Permalink Blame History

Index: chromium-144.0.7559.59/base/allocator/dispatcher/tls.h
===================================================================
--- chromium-144.0.7559.59.orig/base/allocator/dispatcher/tls.h
+++ chromium-144.0.7559.59/base/allocator/dispatcher/tls.h
@@ -88,6 +88,8 @@ struct BASE_EXPORT MMapAllocator {
constexpr static size_t AllocationChunkSize = 16384;
#elif BUILDFLAG(IS_LINUX) && defined(ARCH_CPU_ARM64)
constexpr static size_t AllocationChunkSize = 16384;
+#elif BUILDFLAG(IS_LINUX) && defined(ARCH_CPU_PPC64)
+ constexpr static size_t AllocationChunkSize = 16384;
#else
constexpr static size_t AllocationChunkSize = 4096;
#endif
Index: chromium-144.0.7559.59/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_constants.h
===================================================================
--- chromium-144.0.7559.59.orig/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_constants.h
+++ chromium-144.0.7559.59/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_constants.h
@@ -399,7 +399,7 @@ PA_ALWAYS_INLINE constexpr size_t MaxDir
// TODO(casey.smalley@arm.com): under 64k pages we can end up in a situation
// where a normal slot span will be large enough to contain multiple items,
// but the address will go over the final partition page after being aligned.
-#if PA_BUILDFLAG(IS_LINUX) && PA_BUILDFLAG(PA_ARCH_CPU_ARM64)
+#if PA_BUILDFLAG(IS_LINUX) && (PA_BUILDFLAG(PA_ARCH_CPU_ARM64) || PA_BUILDFLAG(PA_ARCH_CPU_PPC64))
constexpr size_t kMaxSupportedAlignment = kSuperPageSize / 4;
#else
constexpr size_t kMaxSupportedAlignment = kSuperPageSize / 2;
Reference in a new issue View git blame Copy permalink