Issue 8142009: Add a second line of defense for receiving a bad message in the renderer.

Issue 8142009: Add a second line of defense for receiving a bad message in the renderer. (Closed)

Created:
9 years, 2 months ago by Charlie Reis

Modified:
9 years, 2 months ago

Reviewers:
jschuh, brettw

CC:
chromium-reviews, Avi (use Gerrit), dpranke+watch-content_chromium.org, jam, joi+watch-content_chromium.org, darin-cc_chromium.org, brettw-cc_chromium.org, supersat

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

Description

Add a second line of defense for receiving a bad message in the renderer. BUG=88949 TEST=none Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=104010

Patch Set 2 : Update comment. #

Created: 9 years, 2 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+13 lines, -5 lines)			Patch
	M	content/browser/tab_contents/tab_contents.cc	View		1 chunk	+4 lines, -4 lines	0 comments	Download
	M	content/renderer/render_view.cc	View	1	2 chunks	+9 lines, -1 line	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

Charlie Reis

I used the same IPC_BEGIN_MESSAGE_EX approach as RenderViewHost to handle the failed IPC deserialization, with ...

9 years, 2 months ago (2011-10-04 20:45:01 UTC) #1

jschuh

One documentation nit. Other than that lgtm. http://codereview.chromium.org/8142009/diff/1/content/renderer/render_view.cc File content/renderer/render_view.cc (right): http://codereview.chromium.org/8142009/diff/1/content/renderer/render_view.cc#newcode695 content/renderer/render_view.cc:695: // Kill ...

9 years, 2 months ago (2011-10-04 21:08:10 UTC) #2

Charlie Reis

9 years, 2 months ago (2011-10-04 21:58:38 UTC) #4

Thanks!

http://codereview.chromium.org/8142009/diff/1/content/renderer/render_view.cc
File content/renderer/render_view.cc (right):

http://codereview.chromium.org/8142009/diff/1/content/renderer/render_view.cc...
content/renderer/render_view.cc:695: // Kill the renderer.
On 2011/10/04 21:08:10, Justin Schuh wrote:
> Nit: "Kill the renderer" seems too terse. I worry someone might be inclined to
> remove it. How about something like "kill the renderer to avoid potential
> spoofing attacks."

Done.

Expand Messages | Collapse Messages