[mojo-edk] Better validation of untrusted message data

mojo/edk/system/channel_win.cc

Index: mojo/edk/system/channel_win.cc
diff --git a/mojo/edk/system/channel_win.cc b/mojo/edk/system/channel_win.cc
index 816c849411938cb91f1ce71a13b69cb88744c463..be862f999bb593f87c41eb830cacca7f8b718342 100644
--- a/mojo/edk/system/channel_win.cc
+++ b/mojo/edk/system/channel_win.cc
@@ -9,6 +9,7 @@
 
 #include <algorithm>
 #include <deque>
+#include <limits>
 #include <memory>
 
 #include "base/bind.h"
@@ -114,18 +115,20 @@ class ChannelWin : public Channel,
     }
   }
 
-  ScopedPlatformHandleVectorPtr GetReadPlatformHandles(
+  bool GetReadPlatformHandles(
       size_t num_handles,
       const void* extra_header,
-      size_t extra_header_size) override {
+      size_t extra_header_size,
+      ScopedPlatformHandleVectorPtr* handles) override {
+    if (num_handles > std::numeric_limits<uint16_t>::max())
+      return false;
     size_t handles_size = sizeof(PlatformHandle) * num_handles;
     if (handles_size > extra_header_size)
-      return nullptr;
-
-    ScopedPlatformHandleVectorPtr handles(
-        new PlatformHandleVector(num_handles));
-    memcpy(handles->data(), extra_header, handles_size);
-    return handles;
+      return false;
+    DCHECK(extra_header);
+    handles->reset(new PlatformHandleVector(num_handles));
+    memcpy((*handles)->data(), extra_header, handles_size);
+    return true;
   }
 
  private: