base/pickle.cc - Issue 6347013: Check that we've got a complete header before accessing its fields.... - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(1850)

My Issues | Starred Open | Closed | All

Unified Diff: base/pickle.cc

Issue 6347013: Check that we've got a complete header before accessing its fields.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 9 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « base/pickle.h ('k') | base/pickle_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: base/pickle.cc

===================================================================

--- base/pickle.cc (revision 72619)

+++ base/pickle.cc (working copy)

@@ -406,6 +406,9 @@

DCHECK(header_size == AlignInt(header_size, sizeof(uint32)));

DCHECK(header_size <= static_cast<size_t>(kPayloadUnit));

+ if (static_cast<size_t>(end - start) < sizeof(Header))

+ return NULL;

+

const Header* hdr = reinterpret_cast<const Header*>(start);

const char* payload_base = start + header_size;

const char* payload_end = payload_base + hdr->payload_size;

« no previous file with comments | « base/pickle.h ('k') | base/pickle_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698