Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: device/bluetooth/bluetooth_low_energy_win.cc

Issue 375703009: Fix buffer overrun in Bluetooth LE code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "device/bluetooth/bluetooth_low_energy_win.h" 5 #include "device/bluetooth/bluetooth_low_energy_win.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/memory/scoped_ptr.h" 8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/sys_string_conversions.h" 9 #include "base/strings/sys_string_conversions.h"
10 #include "base/win/windows_version.h" 10 #include "base/win/windows_version.h"
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after
123 return true; 123 return true;
124 } 124 }
125 125
126 // Represents a device registry property value 126 // Represents a device registry property value
127 class DeviceRegistryPropertyValue { 127 class DeviceRegistryPropertyValue {
128 public: 128 public:
129 static scoped_ptr<DeviceRegistryPropertyValue> 129 static scoped_ptr<DeviceRegistryPropertyValue>
130 Create(DWORD property_type, scoped_ptr<UINT8[]> value, size_t value_size) { 130 Create(DWORD property_type, scoped_ptr<UINT8[]> value, size_t value_size) {
131 if (property_type == REG_SZ) { 131 if (property_type == REG_SZ) {
132 // Ensure string is zero terminated. 132 // Ensure string is zero terminated.
133 CHECK_GE(value_size, 1u); 133 size_t character_size = value_size / sizeof(WCHAR);
134 CHECK_EQ(character_size * sizeof(WCHAR), value_size);
135 CHECK_GE(character_size, 1u);
134 WCHAR* value_string = reinterpret_cast<WCHAR*>(value.get()); 136 WCHAR* value_string = reinterpret_cast<WCHAR*>(value.get());
135 value_string[value_size - 1] = 0; 137 value_string[character_size - 1] = 0;
136 } 138 }
137 return scoped_ptr<DeviceRegistryPropertyValue>( 139 return scoped_ptr<DeviceRegistryPropertyValue>(
138 new DeviceRegistryPropertyValue( 140 new DeviceRegistryPropertyValue(
139 property_type, value.Pass(), value_size)); 141 property_type, value.Pass(), value_size));
140 } 142 }
141 143
142 bool AsString(std::string* value, std::string* error) { 144 bool AsString(std::string* value, std::string* error) {
143 if (property_type_ != REG_SZ) { 145 if (property_type_ != REG_SZ) {
144 *error = "Property is not a string"; 146 *error = "Property is not a string";
145 return false; 147 return false;
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
223 &required_length); 225 &required_length);
224 if (!CheckSuccess(!!success, kDeviceInfoError, error)) 226 if (!CheckSuccess(!!success, kDeviceInfoError, error))
225 return false; 227 return false;
226 if (!CheckExpectedLength( 228 if (!CheckExpectedLength(
227 actual_length, required_length, kDeviceInfoError, error)) { 229 actual_length, required_length, kDeviceInfoError, error)) {
228 return false; 230 return false;
229 } 231 }
230 232
231 if (actual_length >= 1) { 233 if (actual_length >= 1) {
232 // Ensure string is zero terminated. 234 // Ensure string is zero terminated.
233 instance_id.get()[actual_length - 1] = 0; 235 instance_id.get()[actual_length - 1] = 0;
xiyuan 2014/07/08 23:26:33 Would this have similar problem since |instance_id
rpaquay 2014/07/08 23:51:13 I don't believe so. The msdn doc mentions that the
234 device_info->id = base::SysWideToUTF8(instance_id.get()); 236 device_info->id = base::SysWideToUTF8(instance_id.get());
235 } 237 }
236 return true; 238 return true;
237 } 239 }
238 240
239 bool CollectDeviceFriendlyName( 241 bool CollectDeviceFriendlyName(
240 const ScopedDeviceInfoSetHandle& device_info_handle, 242 const ScopedDeviceInfoSetHandle& device_info_handle,
241 PSP_DEVINFO_DATA device_info_data, 243 PSP_DEVINFO_DATA device_info_data,
242 scoped_ptr<device::win::BluetoothLowEnergyDeviceInfo>& device_info, 244 scoped_ptr<device::win::BluetoothLowEnergyDeviceInfo>& device_info,
243 std::string* error) { 245 std::string* error) {
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
454 456
455 bool ExtractBluetoothAddressFromDeviceInstanceIdForTesting( 457 bool ExtractBluetoothAddressFromDeviceInstanceIdForTesting(
456 const std::string& instance_id, 458 const std::string& instance_id,
457 BLUETOOTH_ADDRESS* btha, 459 BLUETOOTH_ADDRESS* btha,
458 std::string* error) { 460 std::string* error) {
459 return ExtractBluetoothAddressFromDeviceInstanceId(instance_id, btha, error); 461 return ExtractBluetoothAddressFromDeviceInstanceId(instance_id, btha, error);
460 } 462 }
461 463
462 } // namespace win 464 } // namespace win
463 } // namespace device 465 } // namespace device
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698