dev-qt/qtwebengine: Fixup fix for CVE-2022-0796

Thanks-to: Michael <voron1@gmail.com>
Thanks-to: Jimi Huotari <chiitoo@gentoo.org>
Closes: https://bugs.gentoo.org/853097
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

2 files changed, 49 insertions, 0 deletions

diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch
new file mode 100644
index 000000000000..c38bf1bdeeb3
--- /dev/null
+++ b/dev-qt/qtwebengine/files/qtwebengine-5.15.5_p20220618-fixup-CVE-2022-0796.patch
@@ -0,0 +1,48 @@
+From 7e11d69b957595a172a3eb60db17141daed29d63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20Br=C3=BCning?= <michael.bruning@qt.io>
+Date: Mon, 20 Jun 2022 17:19:58 +0200
+Subject: Fixup: CVE-2022-0796: Use after free in Media
+
+Commit ecc2bb74f1f accidentally introduced a build break due to an
+apparent typo.
+
+This fixes it.
+
+Change-Id: I746c6f10ecd2b212b847a291677e24e527d6b922
+Reviewed-by: Michal Klocek <michal.klocek@qt.io>
+---
+ chromium/content/renderer/media/batching_media_log.h | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
+index b68535aea42..a28d426878f 100644
+--- a/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
++++ b/src/3rdparty/chromium/content/renderer/media/batching_media_log.h
+@@ -72,18 +72,18 @@ class CONTENT_EXPORT BatchingMediaLog : public media::MediaLog {
+   // guarantees provided by MediaLog, since SendQueuedMediaEvents must also
+   // be synchronized with respect to AddEvent.
+   mutable base::Lock lock_;
+-  const base::TickClock* tick_clock_ GUARDED_BY(LOCK);
+-  base::TimeTicks last_ipc_send_time_ GUARDED_BY(LOCK);
+-  std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(LOCK);
++  const base::TickClock* tick_clock_ GUARDED_BY(lock_);
++  base::TimeTicks last_ipc_send_time_ GUARDED_BY(lock_);
++  std::vector<media::MediaLogRecord> queued_media_events_ GUARDED_BY(lock_);
+ 
+   // impl for sending queued events.
+-  std::vector<std::unique_ptr<EventHandler>> event_handlers_ GUARDED_BY(LOCK);
++  std::vector<std::unique_ptr<EventHandler>> event_handlers_ GUARDED_BY(lock_);
+ 
+   // For enforcing max 1 pending send.
+-  bool ipc_send_pending_ GUARDED_BY(LOCK);
++  bool ipc_send_pending_ GUARDED_BY(lock_);
+ 
+   // Limits the number of events we send over IPC to one.
+-  std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ GUARDED_BY(LOCK);
++  std::unique_ptr<media::MediaLogRecord> last_duration_changed_event_ GUARDED_BY(lock_);
+ 
+   // Holds the earliest MEDIA_ERROR_LOG_ENTRY event added to this log. This is
+   // most likely to contain the most specific information available describing
+-- 
+cgit v1.2.1
+
diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
index 3c78403a9c2b..43b46b0fbaab 100644
--- a/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
+++ b/dev-qt/qtwebengine/qtwebengine-5.15.5_p20220618.ebuild
@@ -112,6 +112,7 @@ PATCHES=(
 	"${FILESDIR}/${PN}-5.15.3_p20220406-gcc12-includes.patch" # by openSUSE, bug 840326
 	"${WORKDIR}/${PN}-5.15.2_p20211019-jumbo-build.patch" # bug 813957
 	"${WORKDIR}/${PN}-5.15.3_p20220406-patchset" # bug 698988 (py2--), pipewire-3
+	"${FILESDIR}/${P}-fixup-CVE-2022-0796.patch" # bug 853097
 )
 
 qtwebengine_check-reqs() {