content/renderer/pepper_plugin_delegate_impl.cc - Issue 8436008: Add check on invalid file descriptor at both broker and renderer sides.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/renderer/pepper_plugin_delegate_impl.cc

Issue 8436008: Add check on invalid file descriptor at both broker and renderer sides. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Synced and resolved conflict. Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/renderer/pepper_plugin_delegate_impl.cc

diff --git a/content/renderer/pepper_plugin_delegate_impl.cc b/content/renderer/pepper_plugin_delegate_impl.cc

index d621a45e03307c21fb17a9be708dcd148d419ec5..94bbaf0e4cce424d697c16076a095b7b1920c4a2 100644

--- a/content/renderer/pepper_plugin_delegate_impl.cc

+++ b/content/renderer/pepper_plugin_delegate_impl.cc

@@ -363,13 +363,22 @@ class HostDispatcherWrapper

PP_Module pp_module,

ppapi::proxy::Dispatcher::GetInterfaceFunc local_get_interface,

const ppapi::Preferences& preferences) {

+ if (channel_handle.name.empty())

+ return false;

+#if defined(OS_POSIX)

+ if (channel_handle.socket.fd == -1)

+ return false;

+#endif

dispatcher_delegate_.reset(new DispatcherDelegate);

dispatcher_.reset(new ppapi::proxy::HostDispatcher(

plugin_process_handle, pp_module, local_get_interface));

- if (!dispatcher_->InitHostWithChannel(

- dispatcher_delegate_.get(),

- channel_handle, true, preferences)) {

+ if (!dispatcher_->InitHostWithChannel(dispatcher_delegate_.get(),

+ channel_handle,

+ true, // Client.

+ preferences)) {

dispatcher_.reset();

dispatcher_delegate_.reset();

return false;

@@ -480,13 +489,21 @@ BrokerDispatcherWrapper::~BrokerDispatcherWrapper() {

bool BrokerDispatcherWrapper::Init(

base::ProcessHandle broker_process_handle,

const IPC::ChannelHandle& channel_handle) {

+ if (channel_handle.name.empty())

+ return false;

+#if defined(OS_POSIX)

+ if (channel_handle.socket.fd == -1)

+ return false;

+#endif

dispatcher_delegate_.reset(new DispatcherDelegate);

dispatcher_.reset(

new ppapi::proxy::BrokerHostDispatcher(broker_process_handle));

if (!dispatcher_->InitBrokerWithChannel(dispatcher_delegate_.get(),

channel_handle,

- true)) {

+ true)) { // Client.

dispatcher_.reset();

dispatcher_delegate_.reset();

return false;

@@ -609,7 +626,7 @@ void PpapiBrokerImpl::OnBrokerChannelConnected(

if (dispatcher->Init(broker_process_handle, channel_handle)) {

dispatcher_.reset(dispatcher.release());

- // Process all pending channel requests from the renderers.

+ // Process all pending channel requests from the plugins.

for (ClientMap::iterator i = pending_connects_.begin();

i != pending_connects_.end(); ++i) {

base::WeakPtr<webkit::ppapi::PPB_Broker_Impl>& weak_ptr = i->second;

« no previous file with comments | « content/ppapi_plugin/ppapi_thread.cc ('k') | content/renderer/pepper_plugin_delegate_impl_unittest.cc » ('j') | no next file with comments »