mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1461421 Use OffsetOf to calculate the location of parameters_ rather than making assumptions about the parent class r=bobowen 

MozReview-Commit-ID: D7REZiAIMpN

--HG--
extra : rebase_source : 5b320ee658589feec6d95b01448def7eb0a56b69
This commit is contained in:
Tom Ritter 2018-06-07 13:08:27 -05:00
Родитель 028d1b3c75
Коммит 6b740111c1
2 изменённых файлов: 46 добавлений и 15 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/sandbox/chromium/sandbox/win/src/crosscall_params.h
Просмотреть файл

@ -60,6 +60,7 @@ union MultiType {
// - Add another Callback typedef to Dispatcher.
// - Add another case to the switch on SharedMemIPCServer::InvokeCallback.
// - Add another case to the switch in GetActualAndMaxBufferSize
// - Add another case to the switch in GetMinDeclaredActualCallParamsSize
const int kMaxIpcParams = 9;
// Contains the information about a parameter in the ipc buffer.
@ -276,6 +277,8 @@ class ActualCallParams : public CrossCallParams {
char parameters_[BLOCK_SIZE - sizeof(CrossCallParams)
- sizeof(ParamInfo) * (NUMBER_PARAMS + 1)];
DISALLOW_COPY_AND_ASSIGN(ActualCallParams);
friend uint32_t GetMinDeclaredActualCallParamsSize(uint32_t param_count);
};
static_assert(sizeof(ActualCallParams<1, 1024>) == 1024, "bad size buffer");

58
security/sandbox/chromium/sandbox/win/src/crosscall_server.cc
Просмотреть файл

@ -27,20 +27,21 @@ const size_t kMaxBufferSize = sandbox::kIPCChannelSize;
namespace sandbox {
// The template types are used to calculate the maximum expected size.
typedef ActualCallParams<0, kMaxBufferSize> ActualCP0;
typedef ActualCallParams<1, kMaxBufferSize> ActualCP1;
typedef ActualCallParams<2, kMaxBufferSize> ActualCP2;
typedef ActualCallParams<3, kMaxBufferSize> ActualCP3;
typedef ActualCallParams<4, kMaxBufferSize> ActualCP4;
typedef ActualCallParams<5, kMaxBufferSize> ActualCP5;
typedef ActualCallParams<6, kMaxBufferSize> ActualCP6;
typedef ActualCallParams<7, kMaxBufferSize> ActualCP7;
typedef ActualCallParams<8, kMaxBufferSize> ActualCP8;
typedef ActualCallParams<9, kMaxBufferSize> ActualCP9;
// Returns the actual size for the parameters in an IPC buffer. Returns
// zero if the |param_count| is zero or too big.
uint32_t GetActualBufferSize(uint32_t param_count, void* buffer_base) {
// The template types are used to calculate the maximum expected size.
typedef ActualCallParams<1, kMaxBufferSize> ActualCP1;
typedef ActualCallParams<2, kMaxBufferSize> ActualCP2;
typedef ActualCallParams<3, kMaxBufferSize> ActualCP3;
typedef ActualCallParams<4, kMaxBufferSize> ActualCP4;
typedef ActualCallParams<5, kMaxBufferSize> ActualCP5;
typedef ActualCallParams<6, kMaxBufferSize> ActualCP6;
typedef ActualCallParams<7, kMaxBufferSize> ActualCP7;
typedef ActualCallParams<8, kMaxBufferSize> ActualCP8;
typedef ActualCallParams<9, kMaxBufferSize> ActualCP9;
// Retrieve the actual size and the maximum size of the params buffer.
switch (param_count) {
case 0:
@ -68,6 +69,35 @@ uint32_t GetActualBufferSize(uint32_t param_count, void* buffer_base) {
}
}
// Returns the minimum size for the parameters in an IPC buffer. Returns
// zero if the |param_count| is less than zero or too big.
uint32_t GetMinDeclaredActualCallParamsSize(uint32_t param_count) {
switch (param_count) {
case 0:
return offsetof(ActualCP0, parameters_);
case 1:
return offsetof(ActualCP1, parameters_);
case 2:
return offsetof(ActualCP2, parameters_);
case 3:
return offsetof(ActualCP3, parameters_);
case 4:
return offsetof(ActualCP4, parameters_);
case 5:
return offsetof(ActualCP5, parameters_);
case 6:
return offsetof(ActualCP6, parameters_);
case 7:
return offsetof(ActualCP7, parameters_);
case 8:
return offsetof(ActualCP8, parameters_);
case 9:
return offsetof(ActualCP9, parameters_);
default:
return 0;
}
}
// Verifies that the declared sizes of an IPC buffer are within range.
bool IsSizeWithinRange(uint32_t buffer_size,
uint32_t min_declared_size,
@ -137,8 +167,7 @@ CrossCallParamsEx* CrossCallParamsEx::CreateFromBuffer(void* buffer_base,
// Check against the minimum size given the number of stated params
// if too small we bail out.
param_count = call_params->GetParamsCount();
min_declared_size = sizeof(CrossCallParams) +
((param_count + 1) * sizeof(ParamInfo));
min_declared_size = GetMinDeclaredActualCallParamsSize(param_count);
// Retrieve the declared size which if it fails returns 0.
declared_size = GetActualBufferSize(param_count, buffer_base);
@ -157,8 +186,7 @@ CrossCallParamsEx* CrossCallParamsEx::CreateFromBuffer(void* buffer_base,
// should be actually read.
_ReadWriteBarrier();
min_declared_size = sizeof(CrossCallParams) +
((param_count + 1) * sizeof(ParamInfo));
min_declared_size = GetMinDeclaredActualCallParamsSize(param_count);
// Check that the copied buffer is still valid.
if (copied_params->GetParamsCount() != param_count ||