Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(128)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/utility/safe_browsing/mac/hfs.cc

Issue 2141963002: Validate safe_browsing::dmg::UDIFBlock data before attempting to read at its offsets. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address comments Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/utility/safe_browsing/mac/udif.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/utility/safe_browsing/mac/hfs.h" 5 #include "chrome/utility/safe_browsing/mac/hfs.h"
6 6
7 #include <libkern/OSByteOrder.h> 7 #include <libkern/OSByteOrder.h>
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 10
(...skipping 351 matching lines...) Expand 10 before | Expand all | Expand 10 after
362 362
363 auto extent_size = 363 auto extent_size =
364 base::CheckedNumeric<size_t>(extent->blockCount) * hfs_->block_size(); 364 base::CheckedNumeric<size_t>(extent->blockCount) * hfs_->block_size();
365 if (!extent_size.IsValid()) { 365 if (!extent_size.IsValid()) {
366 DLOG(ERROR) << "Extent blockCount overflows"; 366 DLOG(ERROR) << "Extent blockCount overflows";
367 return false; 367 return false;
368 } 368 }
369 369
370 // Read the entire extent now, to avoid excessive seeking and re-reading. 370 // Read the entire extent now, to avoid excessive seeking and re-reading.
371 if (!read_current_extent_) { 371 if (!read_current_extent_) {
372 hfs_->SeekToBlock(extent->startBlock); 372 if (!hfs_->SeekToBlock(extent->startBlock)) {
373 DLOG(ERROR) << "Failed to seek to block " << extent->startBlock;
374 return false;
375 }
373 current_extent_data_.resize(extent_size.ValueOrDie()); 376 current_extent_data_.resize(extent_size.ValueOrDie());
374 if (!hfs_->stream()->ReadExact(&current_extent_data_[0], 377 if (!hfs_->stream()->ReadExact(&current_extent_data_[0],
375 extent_size.ValueOrDie())) { 378 extent_size.ValueOrDie())) {
376 DLOG(ERROR) << "Failed to read extent " << current_extent_; 379 DLOG(ERROR) << "Failed to read extent " << current_extent_;
377 return false; 380 return false;
378 } 381 }
379 382
380 read_current_extent_ = true; 383 read_current_extent_ = true;
381 } 384 }
382 385
(...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after
642 return object; 645 return object;
643 } 646 }
644 647
645 bool HFSBTreeIterator::IsKeyUnexported(const base::string16& key) { 648 bool HFSBTreeIterator::IsKeyUnexported(const base::string16& key) {
646 return key == kHFSDirMetadataFolder || 649 return key == kHFSDirMetadataFolder ||
647 key == kHFSMetadataFolder; 650 key == kHFSMetadataFolder;
648 } 651 }
649 652
650 } // namespace dmg 653 } // namespace dmg
651 } // namespace safe_browsing 654 } // namespace safe_browsing
OLDNEW
« no previous file with comments | « no previous file | chrome/utility/safe_browsing/mac/udif.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698