base/clipboard.cc - Issue 53040: Validate clipboard bitmap size data.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: base/clipboard.cc

Issue 53040: Validate clipboard bitmap size data. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 11 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/clipboard.h"	5 #include "base/clipboard.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8	8

	9 namespace {

	10

	11 // A compromised renderer could send us bad data, so validate it.

	12 bool IsBitmapSafe(const Clipboard::ObjectMapParams& params) {

	13 const gfx::Size* size = reinterpret_cast<const gfx::Size*>(params[1].data());

	14 return params[0].size() ==

	15 static_cast<size_t>(size->width() * size->height() * 4);

	16 }

	17

	18 }

	19

9 void Clipboard::DispatchObject(ObjectType type, const ObjectMapParams& params) {	20 void Clipboard::DispatchObject(ObjectType type, const ObjectMapParams& params) {

10 switch (type) {	21 switch (type) {

11 case CBF_TEXT:	22 case CBF_TEXT:

12 WriteText(&(params[0].front()), params[0].size());	23 WriteText(&(params[0].front()), params[0].size());

13 break;	24 break;

14	25

15 case CBF_HTML:	26 case CBF_HTML:

16 if (params.size() == 2)	27 if (params.size() == 2)

17 WriteHTML(&(params[0].front()), params[0].size(),	28 WriteHTML(&(params[0].front()), params[0].size(),

18 &(params[1].front()), params[1].size());	29 &(params[1].front()), params[1].size());

(...skipping 14 matching lines...) Expand all Loading...
33 case CBF_FILES:	44 case CBF_FILES:

34 WriteFiles(&(params[0].front()), params[0].size());	45 WriteFiles(&(params[0].front()), params[0].size());

35 break;	46 break;

36	47

37 case CBF_WEBKIT:	48 case CBF_WEBKIT:

38 WriteWebSmartPaste();	49 WriteWebSmartPaste();

39 break;	50 break;

40	51

41 #if defined(OS_WIN) \|\| defined(OS_LINUX) // This is just a stub on Linux	52 #if defined(OS_WIN) \|\| defined(OS_LINUX) // This is just a stub on Linux

42 case CBF_BITMAP:	53 case CBF_BITMAP:

	54 if (!IsBitmapSafe(params))

	55 return;

43 WriteBitmap(&(params[0].front()), &(params[1].front()));	56 WriteBitmap(&(params[0].front()), &(params[1].front()));

44 break;	57 break;

45 #endif // defined(OS_WIN) \|\| defined(OS_LINUX)	58 #endif // defined(OS_WIN) \|\| defined(OS_LINUX)

46	59

47 default:	60 default:

48 NOTREACHED();	61 NOTREACHED();

49 }	62 }

50 }	63 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »