Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(434)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/heap_helper.cc

Issue 2726733003: CSRSS lockdown: destroy CSRSS heap (Closed)
Patch Set: refactor heap code to heap_helper, add some explicit tests of these heap_helper functions Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/win/src/heap_helper.h ('k') | sandbox/win/src/lpc_policy_test.cc » ('j') | sandbox/win/src/lpc_policy_test.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/heap_helper.cc
diff --git a/sandbox/win/src/heap_helper.cc b/sandbox/win/src/heap_helper.cc
new file mode 100644
index 0000000000000000000000000000000000000000..83d648a4d11744fc7a6534e88f51dac7e517096b
--- /dev/null
+++ b/sandbox/win/src/heap_helper.cc
@@ -0,0 +1,51 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "sandbox/win/src/heap_helper.h"
+
+#include <windows.h>
+
+#include "base/memory/ref_counted.h"
+
+namespace sandbox {
+
+// These are undocumented, but readily found on the internet.
+#define HEAP_CLASS_8 0x00008000 // CSR port heap
+#define HEAP_CLASS_MASK 0x0000f000
+
+// This structure is not documented, but we only care about the flags field.
+struct _HEAP {
+ char reserved[0x70];
+ DWORD flags;
+};
+
+DWORD HeapFlags(HANDLE handle) {
+ _HEAP* heap = reinterpret_cast<_HEAP*>(handle);
Will Harris 2017/03/22 19:21:49 is there any validation that can be done here that
liamjm (20p) 2017/04/14 17:27:20 I've added nullptr checks. We could use ntdll!Rtl
+ return heap->flags;
+}
+
+HANDLE FindCsrPortHeap() {
+ DWORD number_of_heaps = ::GetProcessHeaps(0, NULL);
+ std::unique_ptr<HANDLE[]> all_heaps(new HANDLE[number_of_heaps]);
+ if (::GetProcessHeaps(number_of_heaps, all_heaps.get()) != number_of_heaps)
+ return nullptr;
+
+ // Let's search for the CSR port heap handle, which we identify purely based
Will Harris 2017/03/22 19:21:49 nit: in chromium convention is to avoid use of 'us
liamjm (20p) 2017/04/14 17:27:20 Done.
+ // on flags.
+ HANDLE csr_port_heap = nullptr;
+ for (size_t i = 0; i < number_of_heaps; ++i) {
+ HANDLE handle = all_heaps[i];
+ DWORD flags = HeapFlags(handle);
+ if ((flags & HEAP_CLASS_MASK) == HEAP_CLASS_8) {
+ if (nullptr != csr_port_heap) {
+ LOG(ERROR) << "Found multiple suitable CSR Port heaps";
+ return nullptr;
+ }
+ csr_port_heap = handle;
+ }
+ }
+ return csr_port_heap;
+}
+
+} // namespace sandbox
« no previous file with comments | « sandbox/win/src/heap_helper.h ('k') | sandbox/win/src/lpc_policy_test.cc » ('j') | sandbox/win/src/lpc_policy_test.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698