Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(667)

Unified Diff: sandbox/src/ipc_unittest.cc

Issue 555093: Merge 36923 - Fix integer overflow in sbox... (Closed) Base URL: svn://svn.chromium.org/chrome/branches/249s/src/
Patch Set: Created 10 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/src/crosscall_server.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/src/ipc_unittest.cc
===================================================================
--- sandbox/src/ipc_unittest.cc (revision 37077)
+++ sandbox/src/ipc_unittest.cc (working copy)
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "base/basictypes.h"
#include "sandbox/src/crosscall_client.h"
#include "sandbox/src/crosscall_server.h"
#include "sandbox/src/sharedmem_ipc_client.h"
@@ -214,6 +215,44 @@
delete [] reinterpret_cast<char*>(client_control);
}
+TEST(IPCTest, CrossCallValidation) {
+ // First a sanity test with a well formed parameter object.
+ unsigned long value = 124816;
+ const uint32 kTag = 33;
+ ActualCallParams<1, 128> params_1(kTag);
+ params_1.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE);
+ void* buffer = const_cast<void*>(params_1.GetBuffer());
+
+ size_t out_size = 0;
+ CrossCallParamsEx* ccp = 0;
+ ccp = CrossCallParamsEx::CreateFromBuffer(buffer, params_1.GetSize(),
+ &out_size);
+ ASSERT_TRUE(NULL != ccp);
+ EXPECT_TRUE(ccp->GetBuffer() != buffer);
+ EXPECT_EQ(kTag, ccp->GetTag());
+ EXPECT_EQ(1, ccp->GetParamsCount());
+ delete[] (reinterpret_cast<char*>(ccp));
+
+#if defined(NDEBUG)
+ // Test hat we handle integer overflow on the number of params
+ // correctly. We use a test-only ctor for ActualCallParams that
+ // allows to create malformed cross-call buffers.
+ const int32 kPtrDiffSz = sizeof(ptrdiff_t);
+ for (int32 ix = -1; ix != 3; ++ix) {
+ uint32 fake_num_params = (kuint32max / kPtrDiffSz) + ix;
+ ActualCallParams<1, 128> params_2(kTag, fake_num_params);
+ params_2.CopyParamIn(0, &value, sizeof(value), false, ULONG_TYPE);
+ buffer = const_cast<void*>(params_2.GetBuffer());
+
+ EXPECT_TRUE(NULL != buffer);
+ ccp = CrossCallParamsEx::CreateFromBuffer(buffer, params_2.GetSize(),
+ &out_size);
+ // If the buffer is malformed the return is NULL.
+ EXPECT_TRUE(NULL == ccp);
+ }
+#endif // defined(NDEBUG)
+}
+
// This structure is passed to the mock server threads to simulate
// the server side IPC so it has the required kernel objects.
struct ServerEvents {
« no previous file with comments | « sandbox/src/crosscall_server.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698