C++11 declares a type safe null pointer

content/common/sandbox_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_win.h"
 
 #include <string>
 
 #include "base/base_switches.h"
 #include "base/command_line.h"
@@ skipping 13 matching lines @@
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/sandbox_init.h"
 #include "content/public/common/sandboxed_process_launcher_delegate.h"
 #include "sandbox/win/src/process_mitigations.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_nt_util.h"
 #include "sandbox/win/src/win_utils.h"
 #include "ui/gfx/win/dpi.h"
 
-static sandbox::BrokerServices* g_broker_services = NULL;
-static sandbox::TargetServices* g_target_services = NULL;
+static sandbox::BrokerServices* g_broker_services = nullptr;
+static sandbox::TargetServices* g_target_services = nullptr;
 
 namespace content {
 namespace {
 
 // The DLLs listed here are known (or under strong suspicion) of causing crashes
 // when they are loaded in the renderer. Note: at runtime we generate short
 // versions of the dll name only if the dll has an extension.
 // For more information about how this list is generated, and how to get off
 // of it, see:
 // https://sites.google.com/a/chromium.org/dev/Home/third-party-developers
@@ skipping 130 matching lines @@
   base::FilePath fname(path);
   return (fname.BaseName().value() == module_name);
 }
 
 // Adds a single dll by |module_name| into the |policy| blacklist.
 // If |check_in_browser| is true we only add an unload policy only if the dll
 // is also loaded in this process.
 void BlacklistAddOneDll(const wchar_t* module_name,
                         bool check_in_browser,
                         sandbox::TargetPolicy* policy) {
-  HMODULE module = check_in_browser ? ::GetModuleHandleW(module_name) : NULL;
+  HMODULE module = check_in_browser ? ::GetModuleHandleW(module_name) : nullptr;
   if (!module) {
     // The module could have been loaded with a 8.3 short name. We check
     // the three most common cases: 'thelongname.dll' becomes
     // 'thelon~1.dll', 'thelon~2.dll' and 'thelon~3.dll'.
     std::wstring name(module_name);
     size_t period = name.rfind(L'.');
     DCHECK_NE(std::string::npos, period);
     DCHECK_LE(3U, (name.size() - period));
     if (period <= 8)
       return;
@@ skipping 52 matching lines @@
   if (!cmd_line.HasSwitch(switches::kAllowNoSandboxJob))
     return true;
 
   // Windows 8 allows nested jobs so we don't need to check if we are in other
   // job.
   if (base::win::GetVersion() >= base::win::VERSION_WIN8)
     return true;
 
   BOOL in_job = true;
   // Either there is no job yet associated so we must add our job,
-  if (!::IsProcessInJob(::GetCurrentProcess(), NULL, &in_job))
+  if (!::IsProcessInJob(::GetCurrentProcess(), nullptr, &in_job))
     NOTREACHED() << "IsProcessInJob failed. " << GetLastError();
   if (!in_job)
     return true;
 
   // ...or there is a job but the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit is set.
   JOBOBJECT_EXTENDED_LIMIT_INFORMATION job_info = {0};
-  if (!::QueryInformationJobObject(NULL,
+  if (!::QueryInformationJobObject(nullptr,
                                    JobObjectExtendedLimitInformation, &job_info,
-                                   sizeof(job_info), NULL)) {
+                                   sizeof(job_info), nullptr)) {
     NOTREACHED() << "QueryInformationJobObject failed. " << GetLastError();
     return true;
   }
   if (job_info.BasicLimitInformation.LimitFlags & JOB_OBJECT_LIMIT_BREAKAWAY_OK)
     return true;
 
   return false;
 }
 
 // Adds the generic policy rules to a sandbox TargetPolicy.
@@ skipping 130 matching lines @@
 typedef BOOL (WINAPI *DuplicateHandleFunctionPtr)(HANDLE source_process_handle,
                                                   HANDLE source_handle,
                                                   HANDLE target_process_handle,
                                                   LPHANDLE target_handle,
                                                   DWORD desired_access,
                                                   BOOL inherit_handle,
                                                   DWORD options);
 
 DuplicateHandleFunctionPtr g_iat_orig_duplicate_handle;
 
-NtQueryObject g_QueryObject = NULL;
+NtQueryObject g_QueryObject = nullptr;
 
 static const char* kDuplicateHandleWarning =
     "You are attempting to duplicate a privileged handle into a sandboxed"
     " process.\n Please use the sandbox::BrokerDuplicateHandle API or"
     " contact security@chromium.org for assistance.";
 
 void CheckDuplicateHandle(HANDLE handle) {
   // Get the object type (32 characters is safe; current max is 14).
   BYTE buffer[sizeof(OBJECT_TYPE_INFORMATION) + 32 * sizeof(wchar_t)];
   OBJECT_TYPE_INFORMATION* type_info =
@@ skipping 35 matching lines @@
                                    desired_access, inherit_handle, options))
     return FALSE;
 
   // We're not worried about broker handles or not crossing process boundaries.
   if (source_process_handle == target_process_handle ||
       target_process_handle == ::GetCurrentProcess())
     return TRUE;
 
   // Only sandboxed children are placed in jobs, so just check them.
   BOOL is_in_job = FALSE;
-  if (!::IsProcessInJob(target_process_handle, NULL, &is_in_job)) {
+  if (!::IsProcessInJob(target_process_handle, nullptr, &is_in_job)) {
     // We need a handle with permission to check the job object.
     if (ERROR_ACCESS_DENIED == ::GetLastError()) {
       HANDLE temp_handle;
       CHECK(g_iat_orig_duplicate_handle(::GetCurrentProcess(),
                                         target_process_handle,
                                         ::GetCurrentProcess(),
                                         &temp_handle,
                                         PROCESS_QUERY_INFORMATION,
                                         FALSE, 0));
       base::win::ScopedHandle process(temp_handle);
-      CHECK(::IsProcessInJob(process.Get(), NULL, &is_in_job));
+      CHECK(::IsProcessInJob(process.Get(), nullptr, &is_in_job));
     }
   }
 
   if (is_in_job) {
     // We never allow inheritable child handles.
     CHECK(!inherit_handle) << kDuplicateHandleWarning;
 
     // Duplicate the handle again, to get the final permissions.
     HANDLE temp_handle;
     CHECK(g_iat_orig_duplicate_handle(target_process_handle, *target_handle,
@@ skipping 38 matching lines @@
   // TODO(abarth): DCHECK(CalledOnValidThread());
   //               See <http://b/1287166>.
   DCHECK(broker_services);
   DCHECK(!g_broker_services);
   sandbox::ResultCode result = broker_services->Init();
   g_broker_services = broker_services;
 
   // In non-official builds warn about dangerous uses of DuplicateHandle.
 #ifndef OFFICIAL_BUILD
   BOOL is_in_job = FALSE;
-  CHECK(::IsProcessInJob(::GetCurrentProcess(), NULL, &is_in_job));
+  CHECK(::IsProcessInJob(::GetCurrentProcess(), nullptr, &is_in_job));
   // In a Syzygy-profiled binary, instrumented for import profiling, this
   // patch will end in infinite recursion on the attempted delegation to the
   // original function.
   if (!base::debug::IsBinaryInstrumented() &&
       !is_in_job && !g_iat_patch_duplicate_handle.is_patched()) {
-    HMODULE module = NULL;
+    HMODULE module = nullptr;
     wchar_t module_name[MAX_PATH];
     CHECK(::GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS,
                               reinterpret_cast<LPCWSTR>(InitBrokerServices),
                               &module));
     DWORD result = ::GetModuleFileNameW(module, module_name, MAX_PATH);
     if (result && (result != MAX_PATH)) {
       ResolveNTFunctionPtr("NtQueryObject", &g_QueryObject);
       result = g_iat_patch_duplicate_handle.Patch(
           module_name, "kernel32.dll", "DuplicateHandle",
           DuplicateHandlePatch);
@@ skipping 87 matching lines @@
                                          sandbox::MITIGATION_DEP |
                                          sandbox::MITIGATION_DEP_NO_ATL_THUNK |
                                          sandbox::MITIGATION_SEHOP;
 
  if (base::win::GetVersion() >= base::win::VERSION_WIN8 &&
      type_str == switches::kRendererProcess &&
      browser_command_line.HasSwitch(
         switches::kEnableWin32kRendererLockDown)) {
     if (policy->AddRule(sandbox::TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
                         sandbox::TargetPolicy::FAKE_USER_GDI_INIT,
-                        NULL) != sandbox::SBOX_ALL_OK) {
+                        nullptr) != sandbox::SBOX_ALL_OK) {
       return 0;
     }
     mitigations |= sandbox::MITIGATION_WIN32K_DISABLE;
   }
 
   if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
   mitigations = sandbox::MITIGATION_STRICT_HANDLE_CHECKS |
                 sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK)
     return 0;
 
   SetJobLevel(*cmd_line, sandbox::JOB_LOCKDOWN, 0, policy);
 
   bool disable_default_policy = false;
   base::FilePath exposed_dir;
   if (delegate)
     delegate->PreSandbox(&disable_default_policy, &exposed_dir);
 
   if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy))
     return 0;
 
   if (type_str == switches::kRendererProcess) {
     if (ShouldUseDirectWrite()) {
       AddDirectory(base::DIR_WINDOWS_FONTS,
-                  NULL,
+                  nullptr,
                   true,
                   sandbox::TargetPolicy::FILES_ALLOW_READONLY,
                   policy);
     }
   } else {
     // Hack for Google Desktop crash. Trick GD into not injecting its DLL into
     // this subprocess. See
     // http://code.google.com/p/chromium/issues/detail?id=25580
     cmd_line->AppendSwitchASCII("ignored", " --type=renderer ");
   }
@@ skipping 93 matching lines @@
   }
 
   return false;
 }
 
 bool BrokerAddTargetPeer(HANDLE peer_process) {
   return g_broker_services->AddTargetPeer(peer_process) == sandbox::SBOX_ALL_OK;
 }
 
 }  // namespace content