Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1128903006: Fix a stack overflow in the windows sandbox SpawnTarget function. (Closed)

Created:
5 years, 7 months ago by ananta
Modified:
5 years, 7 months ago
Reviewers:
cpu_(ooo_6.6-7.5)
CC:
chromium-reviews, wfh+watch_chromium.org, rickyz+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix a stack overflow in the windows sandbox SpawnTarget function. This was caused by my recent change to allow handles other than STDOUT and STDERR to be shared with the target. Reason for the crash was copying additional handles to the HANDLE array which had space for 2 handles only. Fix is to use scoped_ptr instead and allocate appropriate space for all handles being shared. BUG=486434 R=cpu Committed: https://crrev.com/a6ddf97af304f1aa7e88e28473e593e2c08c9157 Cr-Commit-Position: refs/heads/master@{#329276}

Patch Set 1 #

Total comments: 2

Patch Set 2 : Use vector for inherited handle list #

Unified diffs Side-by-side diffs Delta from patch set Stats (+15 lines, -11 lines) Patch
M sandbox/win/src/broker_services.cc View 1 3 chunks +15 lines, -11 lines 0 comments Download

Messages

Total messages: 8 (1 generated)
ananta
5 years, 7 months ago (2015-05-11 20:43:37 UTC) #1
cpu_(ooo_6.6-7.5)
https://codereview.chromium.org/1128903006/diff/1/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): https://codereview.chromium.org/1128903006/diff/1/sandbox/win/src/broker_services.cc#newcode419 sandbox/win/src/broker_services.cc:419: new HANDLE[policy_handle_list.size() + 2]); this is too strange now ...
5 years, 7 months ago (2015-05-11 22:35:45 UTC) #2
ananta
https://codereview.chromium.org/1128903006/diff/1/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): https://codereview.chromium.org/1128903006/diff/1/sandbox/win/src/broker_services.cc#newcode419 sandbox/win/src/broker_services.cc:419: new HANDLE[policy_handle_list.size() + 2]); On 2015/05/11 22:35:45, cpu wrote: ...
5 years, 7 months ago (2015-05-11 22:42:24 UTC) #3
cpu_(ooo_6.6-7.5)
lgtm
5 years, 7 months ago (2015-05-11 23:33:14 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1128903006/20001
5 years, 7 months ago (2015-05-11 23:35:43 UTC) #6
commit-bot: I haz the power
Committed patchset #2 (id:20001)
5 years, 7 months ago (2015-05-11 23:46:05 UTC) #7
commit-bot: I haz the power
5 years, 7 months ago (2015-05-11 23:47:50 UTC) #8
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/a6ddf97af304f1aa7e88e28473e593e2c08c9157
Cr-Commit-Position: refs/heads/master@{#329276}

Powered by Google App Engine
This is Rietveld 408576698