| Index: base/metrics/persistent_memory_allocator.cc
|
| diff --git a/base/metrics/persistent_memory_allocator.cc b/base/metrics/persistent_memory_allocator.cc
|
| index 8b4c4a4cd759758d64623d19e36f1067f24adeb8..839f912a4a382523cad98eddd126b92561f42514 100644
|
| --- a/base/metrics/persistent_memory_allocator.cc
|
| +++ b/base/metrics/persistent_memory_allocator.cc
|
| @@ -274,7 +274,7 @@ size_t PersistentMemoryAllocator::GetAllocSize(Reference ref) const {
|
| uint32_t size = block->size;
|
| // Header was verified by GetBlock() but a malicious actor could change
|
| // the value between there and here. Check it again.
|
| - if (size <= sizeof(BlockHeader) || ref + size >= mem_size_) {
|
| + if (size <= sizeof(BlockHeader) || ref + size > mem_size_) {
|
| SetCorrupt();
|
| return 0;
|
| }
|
|
|
Chromium Code Reviews
Issue 1654053002:
New test and off-by-one fix for data persisted to disk. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master