commit 130c4630769129222db759d82ef65b0cf1994f28
parent bfacad4c284107c39ec7f059c755e8ea60160e7a
Author: Dan Baker <dbaker@mozilla.com>
Date: Wed, 22 Oct 2025 13:49:57 -0600
Bug 1995393 - Vendor libwebrtc from eaddb18033
Upstream commit: https://webrtc.googlesource.com/src/+/eaddb18033d2c40c29a4ff1f28afd54a75c9b901
Fix ubsan error in EphemeralKeyExchangeCipherGroups::Update
In the current code the end iterator of a vector can be passed to the
single-argument variant of std::vector::erase, which is not allowed.
When removing elements using std::remove_if we need to use the two-arg
variant instead.
Detected via the EphemeralKeyExchangeCipherGroupsTest.Update test case
which triggered a nullptr-with-nonzero-offset ubsan error under OpenSSL.
Bug: webrtc:404763475
Change-Id: I9f2a28608c4bc7142783c94c0f931ac91ee43132
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/402643
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Joachim Reiersen <joachimr@meta.com>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#45285}
Diffstat:
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/third_party/libwebrtc/README.mozilla.last-vendor b/third_party/libwebrtc/README.mozilla.last-vendor
@@ -1,4 +1,4 @@
# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
-libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-22T19:47:39.997972+00:00.
+libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-22T19:49:46.993018+00:00.
# base of lastest vendoring
-d9d9d43d83
+eaddb18033
diff --git a/third_party/libwebrtc/api/crypto/crypto_options.cc b/third_party/libwebrtc/api/crypto/crypto_options.cc
@@ -127,16 +127,22 @@ void CryptoOptions::EphemeralKeyExchangeCipherGroups::Update(
field_trials);
// Remove all disabled.
if (disabled_groups) {
- default_groups.erase(std::remove_if(
- default_groups.begin(), default_groups.end(), [&](uint16_t val) {
- return std::find(disabled_groups->begin(), disabled_groups->end(),
- val) != disabled_groups->end();
- }));
- enabled_.erase(
- std::remove_if(enabled_.begin(), enabled_.end(), [&](uint16_t val) {
- return std::find(disabled_groups->begin(), disabled_groups->end(),
- val) != disabled_groups->end();
- }));
+ default_groups.erase(
+ std::remove_if(default_groups.begin(), default_groups.end(),
+ [&](uint16_t val) {
+ return std::find(disabled_groups->begin(),
+ disabled_groups->end(),
+ val) != disabled_groups->end();
+ }),
+ default_groups.end());
+ enabled_.erase(std::remove_if(enabled_.begin(), enabled_.end(),
+ [&](uint16_t val) {
+ return std::find(disabled_groups->begin(),
+ disabled_groups->end(),
+ val) !=
+ disabled_groups->end();
+ }),
+ enabled_.end());
}
// Add those enabled by field-trials first.
