Index: sandbox/win/src/process_mitigations_win32k_dispatcher.cc |
diff --git a/sandbox/win/src/process_mitigations_win32k_dispatcher.cc b/sandbox/win/src/process_mitigations_win32k_dispatcher.cc |
index f27711de6f32f844aa964bde80a893de312dfd5c..b44164001bbcde94d0d9a544e1e901f149166a5d 100644 |
--- a/sandbox/win/src/process_mitigations_win32k_dispatcher.cc |
+++ b/sandbox/win/src/process_mitigations_win32k_dispatcher.cc |
@@ -21,7 +21,8 @@ namespace sandbox { |
namespace { |
base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, |
- HANDLE handle) { |
+ HANDLE handle, |
+ size_t size) { |
HANDLE result_handle = nullptr; |
intptr_t handle_int = reinterpret_cast<intptr_t>(handle); |
if (handle_int <= 0 || |
@@ -29,7 +30,7 @@ base::SharedMemoryHandle GetSharedMemoryHandle(const ClientInfo& client_info, |
&result_handle, 0, FALSE, DUPLICATE_SAME_ACCESS)) { |
result_handle = nullptr; |
} |
- return base::SharedMemoryHandle(result_handle, |
+ return base::SharedMemoryHandle(result_handle, size, |
base::UnguessableToken::Create()); |
} |
@@ -411,8 +412,8 @@ bool ProcessMitigationsWin32KDispatcher::GetCertificate( |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |
} |
- base::SharedMemoryHandle handle = |
- GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); |
+ base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
+ *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
if (!handle.IsValid()) { |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |
@@ -516,7 +517,8 @@ bool ProcessMitigationsWin32KDispatcher::ConfigureOPMProtectedOutput( |
return true; |
}; |
base::SharedMemoryHandle handle = |
- GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); |
+ GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle, |
+ sizeof(DXGKMDT_OPM_CONFIGURE_PARAMETERS)); |
if (!handle.IsValid()) { |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |
@@ -547,17 +549,18 @@ bool ProcessMitigationsWin32KDispatcher::GetOPMInformation( |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |
} |
- base::SharedMemoryHandle handle = |
- GetSharedMemoryHandle(*ipc->client_info, shared_buffer_handle); |
+ size_t shared_buffer_size = |
+ std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), |
+ sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
+ |
+ base::SharedMemoryHandle handle = GetSharedMemoryHandle( |
+ *ipc->client_info, shared_buffer_handle, shared_buffer_size); |
if (!handle.IsValid()) { |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |
} |
base::SharedMemory buffer(handle, false); |
- size_t shared_buffer_size = |
- std::max(sizeof(DXGKMDT_OPM_GET_INFO_PARAMETERS), |
- sizeof(DXGKMDT_OPM_REQUESTED_INFORMATION)); |
if (!buffer.Map(shared_buffer_size)) { |
ipc->return_info.nt_status = STATUS_ACCESS_DENIED; |
return true; |