Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(303)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/common_param_traits.cc

Issue 1582023: Apply a sanity limit to objects with width & height. (Closed) Base URL: svn://chrome-svn.corp.google.com/chrome/trunk/src/
Patch Set: '' Created 10 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/common/common_param_traits.h" 5 #include "chrome/common/common_param_traits.h"
6 6
7 #include "chrome/common/chrome_constants.h" 7 #include "chrome/common/chrome_constants.h"
8 #include "gfx/rect.h" 8 #include "gfx/rect.h"
9 #include "googleurl/src/gurl.h" 9 #include "googleurl/src/gurl.h"
10 #ifndef EXCLUDE_SKIA_DEPENDENCIES 10 #ifndef EXCLUDE_SKIA_DEPENDENCIES
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 m->WriteInt(p.height()); 140 m->WriteInt(p.height());
141 } 141 }
142 142
143 bool ParamTraits<gfx::Rect>::Read(const Message* m, void** iter, gfx::Rect* r) { 143 bool ParamTraits<gfx::Rect>::Read(const Message* m, void** iter, gfx::Rect* r) {
144 int x, y, w, h; 144 int x, y, w, h;
145 if (!m->ReadInt(iter, &x) || 145 if (!m->ReadInt(iter, &x) ||
146 !m->ReadInt(iter, &y) || 146 !m->ReadInt(iter, &y) ||
147 !m->ReadInt(iter, &w) || 147 !m->ReadInt(iter, &w) ||
148 !m->ReadInt(iter, &h)) 148 !m->ReadInt(iter, &h))
149 return false; 149 return false;
150 if (x < 0 || y < 0 || x >= (INT_MAX - w) || y >= (INT_MAX - h) ||
151 w < 0 || h < 0 || h >= ((INT_MAX / 16) / (w ? w : 1)))
152 return false;
150 r->set_x(x); 153 r->set_x(x);
151 r->set_y(y); 154 r->set_y(y);
152 r->set_width(w); 155 r->set_width(w);
153 r->set_height(h); 156 r->set_height(h);
154 return true; 157 return true;
155 } 158 }
156 159
157 void ParamTraits<gfx::Rect>::Log(const gfx::Rect& p, std::wstring* l) { 160 void ParamTraits<gfx::Rect>::Log(const gfx::Rect& p, std::wstring* l) {
158 l->append(StringPrintf(L"(%d, %d, %d, %d)", p.x(), p.y(), 161 l->append(StringPrintf(L"(%d, %d, %d, %d)", p.x(), p.y(),
159 p.width(), p.height())); 162 p.width(), p.height()));
160 } 163 }
161 164
162 165
163 void ParamTraits<gfx::Size>::Write(Message* m, const gfx::Size& p) { 166 void ParamTraits<gfx::Size>::Write(Message* m, const gfx::Size& p) {
164 m->WriteInt(p.width()); 167 m->WriteInt(p.width());
165 m->WriteInt(p.height()); 168 m->WriteInt(p.height());
166 } 169 }
167 170
168 bool ParamTraits<gfx::Size>::Read(const Message* m, void** iter, gfx::Size* r) { 171 bool ParamTraits<gfx::Size>::Read(const Message* m, void** iter, gfx::Size* r) {
169 int w, h; 172 int w, h;
170 if (!m->ReadInt(iter, &w) || 173 if (!m->ReadInt(iter, &w) ||
171 !m->ReadInt(iter, &h)) 174 !m->ReadInt(iter, &h))
172 return false; 175 return false;
176 if (w < 0 || h < 0 || h >= ((INT_MAX / 16) / (w ? w : 1)))
177 return false;
173 r->set_width(w); 178 r->set_width(w);
174 r->set_height(h); 179 r->set_height(h);
175 return true; 180 return true;
176 } 181 }
177 182
178 void ParamTraits<gfx::Size>::Log(const gfx::Size& p, std::wstring* l) { 183 void ParamTraits<gfx::Size>::Log(const gfx::Size& p, std::wstring* l) {
179 l->append(StringPrintf(L"(%d, %d)", p.width(), p.height())); 184 l->append(StringPrintf(L"(%d, %d)", p.width(), p.height()));
180 } 185 }
181 186
182 void ParamTraits<ContentSettings>::Write( 187 void ParamTraits<ContentSettings>::Write(
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 L"%.6f %.6f %.6f ", 301 L"%.6f %.6f %.6f ",
297 p.latitude, p.longitude, p.accuracy, p.altitude, 302 p.latitude, p.longitude, p.accuracy, p.altitude,
298 p.altitude_accuracy, p.speed, p.heading)); 303 p.altitude_accuracy, p.speed, p.heading));
299 LogParam(p.timestamp, l); 304 LogParam(p.timestamp, l);
300 l->append(L" "); 305 l->append(L" ");
301 l->append(p.error_message); 306 l->append(p.error_message);
302 LogParam(p.error_code, l); 307 LogParam(p.error_code, l);
303 } 308 }
304 309
305 } // namespace IPC 310 } // namespace IPC
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698