Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1180)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/indexed_db/database_impl.cc

Issue 2516303004: Report invalid blob file paths from the IO thread. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/indexed_db/database_impl.cc
diff --git a/content/browser/indexed_db/database_impl.cc b/content/browser/indexed_db/database_impl.cc
index 3bd8fc8b2789e28a65d40295ffc6bce0a332b1dc..1037ae4a7645376351a4370000f97bd927850e9e 100644
--- a/content/browser/indexed_db/database_impl.cc
+++ b/content/browser/indexed_db/database_impl.cc
@@ -21,6 +21,7 @@ namespace content {
namespace {
const char kInvalidBlobUuid[] = "Blob UUID is invalid";
+const char kInvalidBlobFilePath[] = "Blob file path is invalid";
} // namespace
class DatabaseImpl::IDBThreadHelper {
@@ -68,6 +69,7 @@ class DatabaseImpl::IDBThreadHelper {
int64_t object_store_id,
::indexed_db::mojom::ValuePtr value,
std::vector<std::unique_ptr<storage::BlobDataHandle>> handles,
+ std::vector<IndexedDBBlobInfo> blob_info,
const IndexedDBKey& key,
blink::WebIDBPutMode mode,
const std::vector<IndexedDBIndexKeys>& index_keys,
@@ -251,8 +253,15 @@ void DatabaseImpl::Put(
blink::WebIDBPutMode mode,
const std::vector<IndexedDBIndexKeys>& index_keys,
::indexed_db::mojom::CallbacksAssociatedPtrInfo callbacks_info) {
- std::vector<std::unique_ptr<storage::BlobDataHandle>> handles;
- for (const auto& info : value->blob_or_file_info) {
+ ChildProcessSecurityPolicyImpl* policy =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+
+ std::vector<std::unique_ptr<storage::BlobDataHandle>> handles(
+ value->blob_or_file_info.size());
+ std::vector<IndexedDBBlobInfo> blob_info(value->blob_or_file_info.size());
+ for (size_t i = 0; i < value->blob_or_file_info.size(); ++i) {
+ ::indexed_db::mojom::BlobInfoPtr& info = value->blob_or_file_info[i];
+
std::unique_ptr<storage::BlobDataHandle> handle =
dispatcher_host_->blob_storage_context()->GetBlobDataFromUUID(
info->uuid);
@@ -260,17 +269,35 @@ void DatabaseImpl::Put(
mojo::ReportBadMessage(kInvalidBlobUuid);
return;
}
- handles.push_back(std::move(handle));
+ handles[i] = std::move(handle);
+
+ if (info->file) {
+ if (!info->file->path.empty() &&
+ !policy->CanReadFile(dispatcher_host_->ipc_process_id(),
+ info->file->path)) {
+ mojo::ReportBadMessage(kInvalidBlobFilePath);
+ return;
+ }
+ blob_info[i] = IndexedDBBlobInfo(info->uuid, info->file->path,
+ info->file->name, info->mime_type);
+ if (info->size != static_cast<uint64_t>(-1)) {
cmumford 2016/11/21 21:11:56 Why is BlobInfo.size currently an unsigned 64-bit
+ blob_info[i].set_last_modified(info->file->last_modified);
+ blob_info[i].set_size(info->size);
+ }
+ } else {
+ blob_info[i] = IndexedDBBlobInfo(info->uuid, info->mime_type, info->size);
+ }
}
scoped_refptr<IndexedDBCallbacks> callbacks(new IndexedDBCallbacks(
dispatcher_host_.get(), origin_, std::move(callbacks_info)));
idb_runner_->PostTask(
- FROM_HERE, base::Bind(&IDBThreadHelper::Put, base::Unretained(helper_),
- transaction_id, object_store_id,
- base::Passed(&value), base::Passed(&handles), key,
- mode, index_keys, base::Passed(&callbacks)));
+ FROM_HERE,
+ base::Bind(&IDBThreadHelper::Put, base::Unretained(helper_),
+ transaction_id, object_store_id, base::Passed(&value),
+ base::Passed(&handles), base::Passed(&blob_info), key, mode,
+ index_keys, base::Passed(&callbacks)));
}
void DatabaseImpl::SetIndexKeys(
@@ -547,6 +574,7 @@ void DatabaseImpl::IDBThreadHelper::Put(
int64_t object_store_id,
::indexed_db::mojom::ValuePtr mojo_value,
std::vector<std::unique_ptr<storage::BlobDataHandle>> handles,
+ std::vector<IndexedDBBlobInfo> blob_info,
const IndexedDBKey& key,
blink::WebIDBPutMode mode,
const std::vector<IndexedDBIndexKeys>& index_keys,
@@ -556,33 +584,6 @@ void DatabaseImpl::IDBThreadHelper::Put(
int64_t host_transaction_id =
dispatcher_host_->HostTransactionId(transaction_id);
-
- ChildProcessSecurityPolicyImpl* policy =
- ChildProcessSecurityPolicyImpl::GetInstance();
- std::vector<IndexedDBBlobInfo> blob_info(
- mojo_value->blob_or_file_info.size());
- for (size_t i = 0; i < mojo_value->blob_or_file_info.size(); ++i) {
- const auto& info = mojo_value->blob_or_file_info[i];
- if (info->file) {
- if (!info->file->path.empty()) {
- if (!policy->CanReadFile(dispatcher_host_->ipc_process_id(),
- info->file->path)) {
- bad_message::ReceivedBadMessage(dispatcher_host_.get(),
- bad_message::IDBDH_CAN_READ_FILE);
- return;
- }
- }
- blob_info[i] = IndexedDBBlobInfo(info->uuid, info->file->path,
- info->file->name, info->mime_type);
- if (info->size != static_cast<uint64_t>(-1)) {
- blob_info[i].set_last_modified(info->file->last_modified);
- blob_info[i].set_size(info->size);
- }
- } else {
- blob_info[i] = IndexedDBBlobInfo(info->uuid, info->mime_type, info->size);
- }
- }
-
uint64_t commit_size = mojo_value->bits.size();
IndexedDBValue value;
swap(value.bits, mojo_value->bits);
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698