Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6518)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/extension_metrics_module.cc

Issue 9113002: Prevent calling internal metrics code with invalid values. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: 2011 -> 2012 Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « base/metrics/histogram.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_metrics_module.cc
diff --git a/chrome/browser/extensions/extension_metrics_module.cc b/chrome/browser/extensions/extension_metrics_module.cc
index 48e5d0821093446bf1b9ea2f863f0f661f549ebf..0c63a7aee1ab21c182ef9a2a8e31b8e5692539df 100644
--- a/chrome/browser/extensions/extension_metrics_module.cc
+++ b/chrome/browser/extensions/extension_metrics_module.cc
@@ -1,9 +1,11 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/extensions/extension_metrics_module.h"
+#include <algorithm>
+
#include "base/metrics/histogram.h"
#include "chrome/common/extensions/extension.h"
#include "content/public/browser/user_metrics.h"
@@ -12,6 +14,10 @@ using base::Histogram;
using base::LinearHistogram;
using content::UserMetricsAction;
+const size_t kMaxBuckets = 10000; // We don't ever want more than these many
+ // buckets; there is no real need for them
+ // and would cause crazy memory usage
+
bool MetricsRecordUserActionFunction::RunImpl() {
std::string name;
EXTENSION_FUNCTION_VALIDATE(args_->GetString(0, &name));
@@ -33,6 +39,19 @@ bool MetricsHistogramHelperFunction::RecordValue(const std::string& name,
int max,
size_t buckets,
int sample) {
+ // Make sure toxic values don't get to internal code.
+ // Fix for maximums
+ min = std::min(min, INT_MAX - 3);
+ max = std::min(max, INT_MAX - 3);
+ buckets = std::min(buckets, kMaxBuckets);
+ // Fix for minimums.
+ min = std::max(min, 1);
+ max = std::max(max, min + 1);
+ buckets = std::max(buckets, static_cast<size_t>(3));
+ // Trim buckets down to a maximum of the given range + over/underflow buckets
+ if (buckets > static_cast<size_t>(max - min + 2))
+ buckets = max - min + 2;
+
Histogram* counter;
if (type == Histogram::LINEAR_HISTOGRAM) {
counter = LinearHistogram::FactoryGet(name,
« no previous file with comments | « base/metrics/histogram.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698