MachMessageServer: add some DCHECKs

util/mach/mach_message_server.cc

 // Copyright 2014 The Crashpad Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
@@ skipping 25 matching lines @@
   mach_msg_header_t* Header() const {
     return reinterpret_cast<mach_msg_header_t*>(vm_.address());
   }
 
   //! \brief Ensures that this object has a buffer of exactly \a size bytes
   //!     available.
   //!
   //! If the existing buffer is a different size, it will be reallocated without
   //! copying any of the old buffer’s contents to the new buffer. The contents
   //! of the buffer are unspecified after this call, even if no reallocation is
-  //! made.
+  //! performed.
   kern_return_t Reallocate(vm_size_t size) {
     // This test uses == instead of > so that a large reallocation to receive a
     // large message doesn’t cause permanent memory bloat for the duration of
     // a MachMessageServer::Run() loop.
     if (size == vm_.size()) {
       return KERN_SUCCESS;
     }
 
     // reset() first, so that two allocations don’t exist simultaneously.
     vm_.reset();
 
-    vm_address_t address;
-    kern_return_t kr =
-        vm_allocate(mach_task_self(),
-                    &address,
-                    size,
-                    VM_FLAGS_ANYWHERE | VM_MAKE_TAG(VM_MEMORY_MACH_MSG));
-    if (kr != KERN_SUCCESS) {
-      return kr;
+    if (size) {
+      vm_address_t address;
+      kern_return_t kr =
+          vm_allocate(mach_task_self(),
+                      &address,
+                      size,
+                      VM_FLAGS_ANYWHERE | VM_MAKE_TAG(VM_MEMORY_MACH_MSG));
+      if (kr != KERN_SUCCESS) {
+        return kr;
+      }
+
+      vm_.reset(address, size);
     }
 
-    vm_.reset(address, size);
     return KERN_SUCCESS;
   }
 
  private:
   base::mac::ScopedMachVM vm_;
 
   DISALLOW_COPY_AND_ASSIGN(MachMessageBuffer);
 };
 
 // Wraps MachMessageWithDeadline(), using a MachMessageBuffer argument which
@@ skipping 55 matching lines @@
   } else {
     options &= ~MACH_RCV_LARGE;
   }
 
   const mach_msg_size_t trailer_alloc = REQUESTED_TRAILER_SIZE(options);
   const mach_msg_size_t expected_receive_size =
       round_msg(interface->MachMessageServerRequestSize()) + trailer_alloc;
   const mach_msg_size_t request_size = (receive_large == kReceiveLargeResize)
                                            ? round_page(expected_receive_size)
                                            : expected_receive_size;
+  DCHECK_GE(request_size, sizeof(mach_msg_empty_rcv_t));
 
   // mach_msg_server() and mach_msg_server_once() would consider whether
   // |options| contains MACH_SEND_TRAILER and include MAX_TRAILER_SIZE in this
   // computation if it does, but that option is ineffective on OS X.
-  const mach_msg_size_t reply_alloc =
-      round_page(interface->MachMessageServerReplySize());
+  const mach_msg_size_t reply_size = interface->MachMessageServerReplySize();
+  DCHECK_GE(reply_size, sizeof(mach_msg_empty_send_t));
+  const mach_msg_size_t reply_alloc = round_page(reply_size);
 
   MachMessageBuffer request;
   MachMessageBuffer reply;
   bool received_any_request = false;
   bool retry;
 
   kern_return_t kr;
 
   do {
     retry = false;
@@ skipping 17 matching lines @@
           // alternatives, which might involve returning MACH_MSG_SUCCESS,
           // MACH_RCV_TIMED_OUT, or MACH_RCV_TOO_LARGE to a caller that
           // specified one-shot behavior, all seem less correct than retrying.
           MACH_LOG(WARNING, kr) << "mach_msg: ignoring large message";
           retry = true;
           continue;
 
         case kReceiveLargeResize: {
           mach_msg_size_t this_request_size = round_page(
               round_msg(request.Header()->msgh_size) + trailer_alloc);
+          DCHECK_GT(this_request_size, request_size);
 
           kr = MachMessageAllocateReceive(&request,
                                           options & ~MACH_RCV_LARGE,
                                           this_request_size,
                                           receive_port,
                                           deadline,
                                           MACH_PORT_NULL,
                                           !received_any_request);
 
           break;
@@ skipping 68 matching lines @@
         }
         return kr;
       }
     }
   } while (persistent == kPersistent || retry);
 
   return kr;
 }
 
 }  // namespace crashpad