Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1198)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipc/ipc_message.cc

Issue 1367543002: Revert of bugging for ipc related crash. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase against top of tree. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « ipc/ipc_channel_win.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "ipc/ipc_message.h" 5 #include "ipc/ipc_message.h"
6 6
7 #include <limits.h> 7 #include <limits.h>
8 8
9 #include "base/atomic_sequence_num.h" 9 #include "base/atomic_sequence_num.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
163 const char* pickle_end = 163 const char* pickle_end =
164 base::Pickle::FindNext(sizeof(Header), range_start, range_end); 164 base::Pickle::FindNext(sizeof(Header), range_start, range_end);
165 if (!pickle_end) 165 if (!pickle_end)
166 return; 166 return;
167 info->pickle_end = pickle_end; 167 info->pickle_end = pickle_end;
168 168
169 #if USE_ATTACHMENT_BROKER 169 #if USE_ATTACHMENT_BROKER
170 // The data is not copied. 170 // The data is not copied.
171 size_t pickle_len = static_cast<size_t>(pickle_end - range_start); 171 size_t pickle_len = static_cast<size_t>(pickle_end - range_start);
172 Message message(range_start, static_cast<int>(pickle_len)); 172 Message message(range_start, static_cast<int>(pickle_len));
173 size_t num_attachments = message.header()->num_brokered_attachments; 173 int num_attachments = message.header()->num_brokered_attachments;
174 174
175 // Check for possible overflows. 175 // Check for possible overflows.
176 size_t max_size_t = std::numeric_limits<size_t>::max(); 176 size_t max_size_t = std::numeric_limits<size_t>::max();
177 if (num_attachments >= max_size_t / BrokerableAttachment::kNonceSize) 177 if (num_attachments >= max_size_t / BrokerableAttachment::kNonceSize)
178 return; 178 return;
179 179
180 size_t attachment_length = num_attachments * BrokerableAttachment::kNonceSize; 180 size_t attachment_length = num_attachments * BrokerableAttachment::kNonceSize;
181 if (pickle_len > max_size_t - attachment_length) 181 if (pickle_len > max_size_t - attachment_length)
182 return; 182 return;
183 183
184 // Check whether the range includes the attachments. 184 // Check whether the range includes the attachments.
185 size_t buffer_length = static_cast<size_t>(range_end - range_start); 185 size_t buffer_length = static_cast<size_t>(range_end - range_start);
186 if (buffer_length < attachment_length + pickle_len) 186 if (buffer_length < attachment_length + pickle_len)
187 return; 187 return;
188 188
189 for (size_t i = 0; i < num_attachments; ++i) { 189 for (int i = 0; i < num_attachments; ++i) {
190 const char* attachment_start = 190 const char* attachment_start =
191 pickle_end + i * BrokerableAttachment::kNonceSize; 191 pickle_end + i * BrokerableAttachment::kNonceSize;
192 BrokerableAttachment::AttachmentId id(attachment_start, 192 BrokerableAttachment::AttachmentId id(attachment_start,
193 BrokerableAttachment::kNonceSize); 193 BrokerableAttachment::kNonceSize);
194 info->attachment_ids.push_back(id); 194 info->attachment_ids.push_back(id);
195 } 195 }
196 info->message_end = 196 info->message_end =
197 pickle_end + num_attachments * BrokerableAttachment::kNonceSize; 197 pickle_end + num_attachments * BrokerableAttachment::kNonceSize;
198 #else 198 #else
199 info->message_end = pickle_end; 199 info->message_end = pickle_end;
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
238 bool Message::HasMojoHandles() const { 238 bool Message::HasMojoHandles() const {
239 return attachment_set_.get() && attachment_set_->num_mojo_handles() > 0; 239 return attachment_set_.get() && attachment_set_->num_mojo_handles() > 0;
240 } 240 }
241 241
242 bool Message::HasBrokerableAttachments() const { 242 bool Message::HasBrokerableAttachments() const {
243 return attachment_set_.get() && 243 return attachment_set_.get() &&
244 attachment_set_->num_brokerable_attachments() > 0; 244 attachment_set_->num_brokerable_attachments() > 0;
245 } 245 }
246 246
247 } // namespace IPC 247 } // namespace IPC
OLDNEW
« no previous file with comments | « ipc/ipc_channel_win.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698