OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/pickle.h" | 5 #include "base/pickle.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> // for max() | 9 #include <algorithm> // for max() |
10 #include <limits> | 10 #include <limits> |
(...skipping 23 matching lines...) Expand all Loading... |
34 capacity_(0), | 34 capacity_(0), |
35 variable_buffer_offset_(0) { | 35 variable_buffer_offset_(0) { |
36 DCHECK(static_cast<size_t>(header_size) >= sizeof(Header)); | 36 DCHECK(static_cast<size_t>(header_size) >= sizeof(Header)); |
37 DCHECK(header_size <= kPayloadUnit); | 37 DCHECK(header_size <= kPayloadUnit); |
38 Resize(kPayloadUnit); | 38 Resize(kPayloadUnit); |
39 header_->payload_size = 0; | 39 header_->payload_size = 0; |
40 } | 40 } |
41 | 41 |
42 Pickle::Pickle(const char* data, int data_len) | 42 Pickle::Pickle(const char* data, int data_len) |
43 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))), | 43 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))), |
44 header_size_(data_len - header_->payload_size), | 44 header_size_(0), |
45 capacity_(kCapacityReadOnly), | 45 capacity_(kCapacityReadOnly), |
46 variable_buffer_offset_(0) { | 46 variable_buffer_offset_(0) { |
47 DCHECK(header_size_ >= sizeof(Header)); | 47 if (data_len >= static_cast<int>(sizeof(Header))) |
48 DCHECK(header_size_ == AlignInt(header_size_, sizeof(uint32))); | 48 header_size_ = data_len - header_->payload_size; |
| 49 |
| 50 if (header_size_ > static_cast<unsigned int>(data_len)) |
| 51 header_size_ = 0; |
| 52 |
| 53 if (header_size_ != AlignInt(header_size_, sizeof(uint32))) |
| 54 header_size_ = 0; |
| 55 |
| 56 // If there is anything wrong with the data, we're not going to use it. |
| 57 if (!header_size_) |
| 58 header_ = NULL; |
49 } | 59 } |
50 | 60 |
51 Pickle::Pickle(const Pickle& other) | 61 Pickle::Pickle(const Pickle& other) |
52 : header_(NULL), | 62 : header_(NULL), |
53 header_size_(other.header_size_), | 63 header_size_(other.header_size_), |
54 capacity_(0), | 64 capacity_(0), |
55 variable_buffer_offset_(other.variable_buffer_offset_) { | 65 variable_buffer_offset_(other.variable_buffer_offset_) { |
56 size_t payload_size = header_size_ + other.header_->payload_size; | 66 size_t payload_size = header_size_ + other.header_->payload_size; |
57 bool resized = Resize(payload_size); | 67 bool resized = Resize(payload_size); |
58 CHECK(resized); // Realloc failed. | 68 CHECK(resized); // Realloc failed. |
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
397 DCHECK(header_size <= static_cast<size_t>(kPayloadUnit)); | 407 DCHECK(header_size <= static_cast<size_t>(kPayloadUnit)); |
398 | 408 |
399 const Header* hdr = reinterpret_cast<const Header*>(start); | 409 const Header* hdr = reinterpret_cast<const Header*>(start); |
400 const char* payload_base = start + header_size; | 410 const char* payload_base = start + header_size; |
401 const char* payload_end = payload_base + hdr->payload_size; | 411 const char* payload_end = payload_base + hdr->payload_size; |
402 if (payload_end < payload_base) | 412 if (payload_end < payload_base) |
403 return NULL; | 413 return NULL; |
404 | 414 |
405 return (payload_end > end) ? NULL : payload_end; | 415 return (payload_end > end) ? NULL : payload_end; |
406 } | 416 } |
OLD | NEW |