Remove kuint16max.

sandbox/win/src/sandbox_nt_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/sandbox_nt_util.h"
 
+#include <limits>
 #include <string>
 
 #include "base/win/pe_image.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/target_services.h"
 
 namespace sandbox {
 
 // This is the list of all imported symbols from ntdll.dll.
 SANDBOX_INTERCEPT NtExports g_nt;
@@ skipping 266 matching lines @@
       operator delete(handle_name, NT_ALLOC);
       handle_name = NULL;
     }
   }
 
   return ret;
 }
 
 // Hacky code... replace with AllocAndCopyObjectAttributes.
 NTSTATUS AllocAndCopyName(const OBJECT_ATTRIBUTES* in_object,
-                          wchar_t** out_name, uint32* attributes,
+                          wchar_t** out_name,
+                          uint32_t* attributes,
                           HANDLE* root) {
   if (!InitHeap())
     return STATUS_NO_MEMORY;
 
   DCHECK_NT(out_name);
   *out_name = NULL;
   NTSTATUS ret = STATUS_UNSUCCESSFUL;
   __try {
     do {
       if (in_object->RootDirectory != static_cast<HANDLE>(0) && !root)
@@ skipping 122 matching lines @@
                                                    alloc_destination);
   DCHECK_NT(STATUS_BUFFER_OVERFLOW != ret);
   if (!NT_SUCCESS(ret)) {
     operator delete(out_string, NT_ALLOC);
     return NULL;
   }
 
   return out_string;
 }
 
-UNICODE_STRING* GetImageInfoFromModule(HMODULE module, uint32* flags) {
+UNICODE_STRING* GetImageInfoFromModule(HMODULE module, uint32_t* flags) {
   // PEImage's dtor won't be run during SEH unwinding, but that's OK.
 #pragma warning(push)
 #pragma warning(disable: 4509)
   UNICODE_STRING* out_name = NULL;
   __try {
     do {
       *flags = 0;
       base::win::PEImage pe(module);
 
       if (!pe.VerifyMagic())
@@ skipping 75 matching lines @@
   // No path separator found. Use the entire name.
   if (!sep) {
     sep = &module_path->Buffer[-1];
   }
 
   // Add one to the size so we can null terminate the string.
   size_t size_bytes = (start_pos - ix + 1) * sizeof(wchar_t);
 
   // Based on the code above, size_bytes should always be small enough
   // to make the static_cast below safe.
-  DCHECK_NT(kuint16max > size_bytes);
+  DCHECK_NT(std::numeric_limits<uint16_t>::max() > size_bytes);

[cpu_(ooo_6.6-7.5), 2015/11/30 18:33:06]

I don't know about this. If this ever translates to a call, or fetching a
constant from the crt we are in trouble because code in this file can run waaay
before we hit main, in fact kernel32.dll might not even be fully ready.

if you remove the std::numeric_litmits<uint16> calls then lgtm, if you want to
keep this I would need to understand how does this behave both on release and
debug and both with the crt as a dll.

[Mark Mentovai, 2015/11/30 18:38:34]

cpu wrote:
std::numeric_limits<>::max() is constexpr in the C++11 library, but that’s
probably not helpful until MSVS 2015.

This was last discussed in
https://groups.google.com/a/chromium.org/d/topic/chromium-dev/Bvd9QU5pY9Q

[Avi (use Gerrit), 2015/11/30 22:12:24]

I can switch to UINT16_MAX if that would alleviate the concerns.

   char* str_buffer = new(NT_ALLOC) char[size_bytes + sizeof(UNICODE_STRING)];
   if (!str_buffer)
     return NULL;
 
   UNICODE_STRING* out_string = reinterpret_cast<UNICODE_STRING*>(str_buffer);
   out_string->Buffer = reinterpret_cast<wchar_t*>(&out_string[1]);
   out_string->Length = static_cast<USHORT>(size_bytes - sizeof(wchar_t));
   out_string->MaximumLength = static_cast<USHORT>(size_bytes);
 
   NTSTATUS ret = CopyData(out_string->Buffer, &sep[1], out_string->Length);
@@ skipping 35 matching lines @@
   DCHECK_NT(NT_SUCCESS(ret));
 
   changed_ = false;
   address_ = NULL;
   bytes_ = 0;
   old_protect_ = 0;
 
   return ret;
 }
 
-bool IsSupportedRenameCall(FILE_RENAME_INFORMATION* file_info, DWORD length,
-                           uint32 file_info_class) {
+bool IsSupportedRenameCall(FILE_RENAME_INFORMATION* file_info,
+                           DWORD length,
+                           uint32_t file_info_class) {
   if (FileRenameInformation != file_info_class)
     return false;
 
   if (length < sizeof(FILE_RENAME_INFORMATION))
     return false;
 
   // Make sure file name length doesn't exceed the message length
   if (length - offsetof(FILE_RENAME_INFORMATION, FileName) <
       file_info->FileNameLength)
     return false;
 
   // We don't support a root directory.
   if (file_info->RootDirectory)
     return false;
 
   static const wchar_t kPathPrefix[] = { L'\\', L'?', L'?', L'\\'};
 
   // Check if it starts with \\??\\. We don't support relative paths.
   if (file_info->FileNameLength < sizeof(kPathPrefix) ||
-      file_info->FileNameLength > kuint16max)
+      file_info->FileNameLength > std::numeric_limits<uint16_t>::max())

[cpu_(ooo_6.6-7.5), 2015/11/30 18:33:06]

same here.

     return false;
 
   if (file_info->FileName[0] != kPathPrefix[0] ||
       file_info->FileName[1] != kPathPrefix[1] ||
       file_info->FileName[2] != kPathPrefix[2] ||
       file_info->FileName[3] != kPathPrefix[3])
     return false;
 
   return true;
 }
@@ skipping 43 matching lines @@
 
 void* __cdecl operator new(size_t size,
                            void* buffer,
                            sandbox::AllocationType type) {
   return buffer;
 }
 
 void __cdecl operator delete(void* memory,
                              void* buffer,
                              sandbox::AllocationType type) {}