Resize IPC input buffer to fit the next message.

ipc/ipc_channel_reader.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ipc/ipc_channel_reader.h"
 
 #include <algorithm>
 
 #include "ipc/ipc_listener.h"
 #include "ipc/ipc_logging.h"
@@ skipping 60 matching lines @@
 bool ChannelReader::TranslateInputData(const char* input_data,
                                        int input_data_len) {
   const char* p;
   const char* end;
 
   // Possibly combine with the overflow buffer to make a larger buffer.
   if (input_overflow_buf_.empty()) {
     p = input_data;
     end = input_data + input_data_len;
   } else {
-    if (input_overflow_buf_.size() + input_data_len >
-        Channel::kMaximumMessageSize) {
-      input_overflow_buf_.clear();
-      LOG(ERROR) << "IPC message is too big";
+    if (!CheckMessageSize(input_overflow_buf_.size() + input_data_len))
       return false;
-    }
     input_overflow_buf_.append(input_data, input_data_len);
     p = input_overflow_buf_.data();
     end = p + input_overflow_buf_.size();
   }
 
+  size_t next_message_size = 0;
+
   // Dispatch all complete messages in the data buffer.
   while (p < end) {
     Message::NextMessageInfo info;
     Message::FindNext(p, end, &info);
     if (info.message_found) {
       int pickle_len = static_cast<int>(info.pickle_end - p);
       Message translated_message(p, pickle_len);
 
       for (const auto& id : info.attachment_ids)
         translated_message.AddPlaceholderBrokerableAttachmentWithId(id);
@@ skipping 18 matching lines @@
         blocked_ids_.swap(blocked_ids);
         StartObservingAttachmentBroker();
       }
 
       // Make a deep copy of |translated_message| to add to the queue.
       scoped_ptr<Message> m(new Message(translated_message));
       queued_messages_.push_back(m.release());
       p = info.message_end;
     } else {
       // Last message is partial.
+      next_message_size = info.message_size;
+      if (!CheckMessageSize(next_message_size))
+        return false;
       break;
     }
   }
 
   // Save any partial data in the overflow buffer.
   input_overflow_buf_.assign(p, end - p);
 
+  if (!input_overflow_buf_.empty()) {
+    // We have something in the overflow buffer, which means that we will
+    // append the next data chunk (instead of parsing it directly). So we
+    // resize the buffer to fit the next message, to avoid repeatedly
+    // growing the buffer as we receive all message' data chunks.
+    next_message_size += Channel::kReadBufferSize - 1;
+    if (next_message_size > input_overflow_buf_.capacity()) {
+      input_overflow_buf_.reserve(next_message_size);
+    }
+  }
+
   if (input_overflow_buf_.empty() && !DidEmptyInputBuffers())
     return false;
   return true;
 }
 
+bool ChannelReader::CheckMessageSize(size_t size) {

[Maria, 2015/09/25 22:23:00]

order of declarations in cc should match order of definition in .h

[Dmitry Skiba, 2015/09/28 17:37:17]

Done.

+  if (size <= Channel::kMaximumMessageSize) {
+    return true;
+  }
+  input_overflow_buf_.clear();
+  LOG(ERROR) << "IPC message is too big: " << size;
+  return false;
+}
+
 ChannelReader::DispatchState ChannelReader::DispatchMessages() {
   while (!queued_messages_.empty()) {
     if (!blocked_ids_.empty())
       return DISPATCH_WAITING_ON_BROKER;
 
     Message* m = queued_messages_.front();
 
     AttachmentIdSet blocked_ids = GetBrokeredAttachments(m);
     if (!blocked_ids.empty()) {
       blocked_ids_.swap(blocked_ids);
@@ skipping 92 matching lines @@
 }
 
 void ChannelReader::StopObservingAttachmentBroker() {
 #if USE_ATTACHMENT_BROKER
   GetAttachmentBroker()->RemoveObserver(this);
 #endif  // USE_ATTACHMENT_BROKER
 }
 
 }  // namespace internal
 }  // namespace IPC