Chromium Code Reviews Chromium Code Reviews
Issue 8436008:
Add check on invalid file descriptor at both broker and renderer sides. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/pepper_plugin_delegate_impl.h" | 5 #include "content/renderer/pepper_plugin_delegate_impl.h" |
| 6 | 6 |
| 7 #include <cmath> | 7 #include <cmath> |
| 8 #include <queue> | 8 #include <queue> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 473 | 473 |
| 474 BrokerDispatcherWrapper::BrokerDispatcherWrapper() { | 474 BrokerDispatcherWrapper::BrokerDispatcherWrapper() { |
| 475 } | 475 } |
| 476 | 476 |
| 477 BrokerDispatcherWrapper::~BrokerDispatcherWrapper() { | 477 BrokerDispatcherWrapper::~BrokerDispatcherWrapper() { |
| 478 } | 478 } |
| 479 | 479 |
| 480 bool BrokerDispatcherWrapper::Init( | 480 bool BrokerDispatcherWrapper::Init( |
| 481 base::ProcessHandle broker_process_handle, | 481 base::ProcessHandle broker_process_handle, |
| 482 const IPC::ChannelHandle& channel_handle) { | 482 const IPC::ChannelHandle& channel_handle) { |
| 483 if (channel_handle.name.empty()) | |
| 484 return false; | |
| 485 | |
| 486 #if defined(OS_POSIX) | |
| 487 if (channel_handle.socket.fd == -1) | |
| 488 return false; | |
| 489 #endif | |
| 490 | |
| 483 dispatcher_delegate_.reset(new DispatcherDelegate); | 491 dispatcher_delegate_.reset(new DispatcherDelegate); |
| 484 dispatcher_.reset( | 492 dispatcher_.reset( |
| 485 new ppapi::proxy::BrokerHostDispatcher(broker_process_handle)); | 493 new ppapi::proxy::BrokerHostDispatcher(broker_process_handle)); |
| 486 | 494 |
| 487 if (!dispatcher_->InitBrokerWithChannel(dispatcher_delegate_.get(), | 495 if (!dispatcher_->InitBrokerWithChannel(dispatcher_delegate_.get(), |
| 488 channel_handle, | 496 channel_handle, |
| 489 true)) { | 497 true)) { // is_client |
| 490 dispatcher_.reset(); | 498 dispatcher_.reset(); |
| 491 dispatcher_delegate_.reset(); | 499 dispatcher_delegate_.reset(); |
| 492 return false; | 500 return false; |
| 493 } | 501 } |
| 494 dispatcher_->channel()->SetRestrictDispatchToSameChannel(true); | 502 dispatcher_->channel()->SetRestrictDispatchToSameChannel(true); |
| 495 return true; | 503 return true; |
| 496 } | 504 } |
| 497 | 505 |
| 498 // Does not take ownership of the local pipe. | 506 // Does not take ownership of the local pipe. |
| 499 int32_t BrokerDispatcherWrapper::SendHandleToBroker( | 507 int32_t BrokerDispatcherWrapper::SendHandleToBroker( |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 602 Release(); | 610 Release(); |
| 603 } | 611 } |
| 604 | 612 |
| 605 void PpapiBrokerImpl::OnBrokerChannelConnected( | 613 void PpapiBrokerImpl::OnBrokerChannelConnected( |
| 606 base::ProcessHandle broker_process_handle, | 614 base::ProcessHandle broker_process_handle, |
| 607 const IPC::ChannelHandle& channel_handle) { | 615 const IPC::ChannelHandle& channel_handle) { |
| 608 scoped_ptr<BrokerDispatcherWrapper> dispatcher(new BrokerDispatcherWrapper); | 616 scoped_ptr<BrokerDispatcherWrapper> dispatcher(new BrokerDispatcherWrapper); |
| 609 if (dispatcher->Init(broker_process_handle, channel_handle)) { | 617 if (dispatcher->Init(broker_process_handle, channel_handle)) { |
| 610 dispatcher_.reset(dispatcher.release()); | 618 dispatcher_.reset(dispatcher.release()); |
| 611 | 619 |
| 612 // Process all pending channel requests from the renderers. | 620 // Process all pending channel requests from the renderers. |
|
ddorwin
2011/11/07 20:02:28
Please change "renderers" to "plugins". It's my co
xhwang
2011/11/07 22:00:15
Done.
| |
| 613 for (ClientMap::iterator i = pending_connects_.begin(); | 621 for (ClientMap::iterator i = pending_connects_.begin(); |
| 614 i != pending_connects_.end(); ++i) { | 622 i != pending_connects_.end(); ++i) { |
| 615 base::WeakPtr<webkit::ppapi::PPB_Broker_Impl>& weak_ptr = i->second; | 623 base::WeakPtr<webkit::ppapi::PPB_Broker_Impl>& weak_ptr = i->second; |
| 616 if (weak_ptr) | 624 if (weak_ptr) |
| 617 ConnectPluginToBroker(weak_ptr); | 625 ConnectPluginToBroker(weak_ptr); |
| 618 } | 626 } |
| 619 } else { | 627 } else { |
| 620 // Report failure to all clients. | 628 // Report failure to all clients. |
| 621 for (ClientMap::iterator i = pending_connects_.begin(); | 629 for (ClientMap::iterator i = pending_connects_.begin(); |
| 622 i != pending_connects_.end(); ++i) { | 630 i != pending_connects_.end(); ++i) { |
| (...skipping 1114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1737 if (!context) | 1745 if (!context) |
| 1738 return NULL; | 1746 return NULL; |
| 1739 if (!context->makeContextCurrent() || context->isContextLost()) | 1747 if (!context->makeContextCurrent() || context->isContextLost()) |
| 1740 return NULL; | 1748 return NULL; |
| 1741 | 1749 |
| 1742 RendererGLContext* parent_context = context->context(); | 1750 RendererGLContext* parent_context = context->context(); |
| 1743 if (!parent_context) | 1751 if (!parent_context) |
| 1744 return NULL; | 1752 return NULL; |
| 1745 return parent_context; | 1753 return parent_context; |
| 1746 } | 1754 } |
| OLD | NEW |
