Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: base/pickle.cc

Issue 4716006: Pickle: handle invalid data on 64 bit systems.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « base/pickle.h ('k') | base/pickle_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: base/pickle.cc
===================================================================
--- base/pickle.cc (revision 65620)
+++ base/pickle.cc (working copy)
@@ -41,11 +41,21 @@
Pickle::Pickle(const char* data, int data_len)
: header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
- header_size_(data_len - header_->payload_size),
+ header_size_(0),
capacity_(kCapacityReadOnly),
variable_buffer_offset_(0) {
- DCHECK(header_size_ >= sizeof(Header));
- DCHECK(header_size_ == AlignInt(header_size_, sizeof(uint32)));
+ if (data_len >= static_cast<int>(sizeof(Header)))
+ header_size_ = data_len - header_->payload_size;
+
+ if (header_size_ > static_cast<unsigned int>(data_len))
+ header_size_ = 0;
+
+ if (header_size_ != AlignInt(header_size_, sizeof(uint32)))
+ header_size_ = 0;
+
+ // If there is anything wrong with the data, we're not going to use it.
+ if (!header_size_)
+ header_ = NULL;
}
Pickle::Pickle(const Pickle& other)
« no previous file with comments | « base/pickle.h ('k') | base/pickle_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698