Chromium Code Reviews Chromium Code Reviews
Issue 160490:
Add defensive code in pickle to preclude realloc of shared header_ memory.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: base/pickle.cc |
| =================================================================== |
| --- base/pickle.cc (revision 22260) |
| +++ base/pickle.cc (working copy) |
| @@ -65,12 +65,16 @@ |
| } |
| Pickle& Pickle::operator=(const Pickle& other) { |
|
cpu_(ooo_6.6-7.5)
2009/08/03 16:18:57
this operator is lacking a check against self assi
jar (doing other things)
2009/08/03 20:11:22
I'll create a CL that handles this explicitly.
|
| - if (header_size_ != other.header_size_ && capacity_ != kCapacityReadOnly) { |
| + if (capacity_ == kCapacityReadOnly) { |
| + header_ = NULL; |
| + capacity_ = 0; |
| + } |
| + if (header_size_ != other.header_size_) { |
| free(header_); |
| header_ = NULL; |
| header_size_ = other.header_size_; |
| } |
| - bool resized = Resize(other.header_size_ + other.header_->payload_size); |
| + bool resized = Resize(header_size_ + other.header_->payload_size); |
|
cpu_(ooo_6.6-7.5)
2009/08/03 16:18:57
I don't get the change in line 73. It seems more c
jar (doing other things)
2009/08/03 20:11:22
The goal was to have the argument of the memcpy (t
|
| CHECK(resized); // Realloc failed. |
| memcpy(header_, other.header_, header_size_ + other.header_->payload_size); |
| variable_buffer_offset_ = other.variable_buffer_offset_; |
| @@ -365,6 +369,7 @@ |
| bool Pickle::Resize(size_t new_capacity) { |
| new_capacity = AlignInt(new_capacity, kPayloadUnit); |
| + CHECK(capacity_ != kCapacityReadOnly); |
| void* p = realloc(header_, new_capacity); |
| if (!p) |
| return false; |
