| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/pickle.h" | 5 #include "base/pickle.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> // for max() | 9 #include <algorithm> // for max() |
| 10 #include <limits> | 10 #include <limits> |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 capacity_(0), | 34 capacity_(0), |
| 35 variable_buffer_offset_(0) { | 35 variable_buffer_offset_(0) { |
| 36 DCHECK(static_cast<size_t>(header_size) >= sizeof(Header)); | 36 DCHECK(static_cast<size_t>(header_size) >= sizeof(Header)); |
| 37 DCHECK(header_size <= kPayloadUnit); | 37 DCHECK(header_size <= kPayloadUnit); |
| 38 Resize(kPayloadUnit); | 38 Resize(kPayloadUnit); |
| 39 header_->payload_size = 0; | 39 header_->payload_size = 0; |
| 40 } | 40 } |
| 41 | 41 |
| 42 Pickle::Pickle(const char* data, int data_len) | 42 Pickle::Pickle(const char* data, int data_len) |
| 43 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))), | 43 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))), |
| 44 header_size_(data_len - header_->payload_size), | 44 header_size_(0), |
| 45 capacity_(kCapacityReadOnly), | 45 capacity_(kCapacityReadOnly), |
| 46 variable_buffer_offset_(0) { | 46 variable_buffer_offset_(0) { |
| 47 DCHECK(header_size_ >= sizeof(Header)); | 47 if (data_len >= static_cast<int>(sizeof(Header))) |
| 48 DCHECK(header_size_ == AlignInt(header_size_, sizeof(uint32))); | 48 header_size_ = data_len - header_->payload_size; |
| 49 |
| 50 if (header_size_ > static_cast<unsigned int>(data_len)) |
| 51 header_size_ = 0; |
| 52 |
| 53 if (header_size_ != AlignInt(header_size_, sizeof(uint32))) |
| 54 header_size_ = 0; |
| 55 |
| 56 // If there is anything wrong with the data, we're not going to use it. |
| 57 if (!header_size_) |
| 58 header_ = NULL; |
| 49 } | 59 } |
| 50 | 60 |
| 51 Pickle::Pickle(const Pickle& other) | 61 Pickle::Pickle(const Pickle& other) |
| 52 : header_(NULL), | 62 : header_(NULL), |
| 53 header_size_(other.header_size_), | 63 header_size_(other.header_size_), |
| 54 capacity_(0), | 64 capacity_(0), |
| 55 variable_buffer_offset_(other.variable_buffer_offset_) { | 65 variable_buffer_offset_(other.variable_buffer_offset_) { |
| 56 size_t payload_size = header_size_ + other.header_->payload_size; | 66 size_t payload_size = header_size_ + other.header_->payload_size; |
| 57 bool resized = Resize(payload_size); | 67 bool resized = Resize(payload_size); |
| 58 CHECK(resized); // Realloc failed. | 68 CHECK(resized); // Realloc failed. |
| (...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 397 DCHECK(header_size <= static_cast<size_t>(kPayloadUnit)); | 407 DCHECK(header_size <= static_cast<size_t>(kPayloadUnit)); |
| 398 | 408 |
| 399 const Header* hdr = reinterpret_cast<const Header*>(start); | 409 const Header* hdr = reinterpret_cast<const Header*>(start); |
| 400 const char* payload_base = start + header_size; | 410 const char* payload_base = start + header_size; |
| 401 const char* payload_end = payload_base + hdr->payload_size; | 411 const char* payload_end = payload_base + hdr->payload_size; |
| 402 if (payload_end < payload_base) | 412 if (payload_end < payload_base) |
| 403 return NULL; | 413 return NULL; |
| 404 | 414 |
| 405 return (payload_end > end) ? NULL : payload_end; | 415 return (payload_end > end) ? NULL : payload_end; |
| 406 } | 416 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4716006:
Pickle: handle invalid data on 64 bit systems.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/