Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/pepper/pepper_renderer_connection.cc

Issue 2955703002: Validate in-process plugin instance messages. (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/renderer_host/pepper/pepper_renderer_connection.h" 5 #include "content/browser/renderer_host/pepper/pepper_renderer_connection.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdint.h> 8 #include <stdint.h>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after
225 // Note: All of the pending host IDs that were added as part of this 225 // Note: All of the pending host IDs that were added as part of this
226 // operation will automatically be sent to the plugin when |creator| is 226 // operation will automatically be sent to the plugin when |creator| is
227 // released. This may happen immediately, or (if there are asynchronous 227 // released. This may happen immediately, or (if there are asynchronous
228 // requests to create resource hosts), once all of them complete. 228 // requests to create resource hosts), once all of them complete.
229 } 229 }
230 230
231 void PepperRendererConnection::OnMsgDidCreateInProcessInstance( 231 void PepperRendererConnection::OnMsgDidCreateInProcessInstance(
232 PP_Instance instance, 232 PP_Instance instance,
233 const PepperRendererInstanceData& instance_data) { 233 const PepperRendererInstanceData& instance_data) {
234 PepperRendererInstanceData data = instance_data; 234 PepperRendererInstanceData data = instance_data;
235 // It's important that we supply the render process ID ourselves since the
236 // message may be coming from a compromised renderer.
235 data.render_process_id = render_process_id_; 237 data.render_process_id = render_process_id_;
238 // 'instance' is possibly invalid. The host must be careful not to trust it.
236 in_process_host_->AddInstance(instance, data); 239 in_process_host_->AddInstance(instance, data);
237 } 240 }
238 241
239 void PepperRendererConnection::OnMsgDidDeleteInProcessInstance( 242 void PepperRendererConnection::OnMsgDidDeleteInProcessInstance(
240 PP_Instance instance) { 243 PP_Instance instance) {
244 // 'instance' is possibly invalid. The host must be careful not to trust it.
241 in_process_host_->DeleteInstance(instance); 245 in_process_host_->DeleteInstance(instance);
242 } 246 }
243 247
244 } // namespace content 248 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/pepper/browser_ppapi_host_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698