[mojo-edk] Better validation of untrusted message data

mojo/edk/system/channel_win.cc

Index: mojo/edk/system/channel_win.cc
diff --git a/mojo/edk/system/channel_win.cc b/mojo/edk/system/channel_win.cc
index 1eeb2f644fe3ace5f2acb1f354f35de61d7c787a..465ba62dbba2021d6d498451ac9b4043e86a30b9 100644
--- a/mojo/edk/system/channel_win.cc
+++ b/mojo/edk/system/channel_win.cc
@@ -9,6 +9,8 @@
 
 #include <algorithm>
 #include <deque>
+#include <limits>
+#include <memory>
 
 #include "base/bind.h"
 #include "base/location.h"
@@ -119,18 +121,20 @@ class ChannelWin : public Channel,
     }
   }
 
-  ScopedPlatformHandleVectorPtr GetReadPlatformHandles(
+  bool GetReadPlatformHandles(
       size_t num_handles,
       const void* extra_header,
-      size_t extra_header_size) override {
+      size_t extra_header_size,
+      ScopedPlatformHandleVectorPtr* handles) override {
+    if (num_handles > std::numeric_limits<uint16_t>::max())
+      return false;
     size_t handles_size = sizeof(PlatformHandle) * num_handles;
     if (handles_size > extra_header_size)
-      return nullptr;
-
-    ScopedPlatformHandleVectorPtr handles(
-        new PlatformHandleVector(num_handles));
-    memcpy(handles->data(), extra_header, handles_size);
-    return handles;
+      return false;
+    DCHECK(extra_header);
+    handles->reset(new PlatformHandleVector(num_handles));
+    memcpy((*handles)->data(), extra_header, handles_size);
+    return true;
   }
 
  private: