Modified visited link shared section to read-only for renderers.

This change modifies the behaviour of the visited link shared section so that it's read-only inside the renderers. This is to prevent a compromised renderer causing a reliability issue by corrupting the copy of the shared hash-table so that all new renderers crash during initialization. The renderers should not need to modify the hash table. BUG=397682 Review URL: https://codereview.chromium.org/421653004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@286354 0039d316-1c4b-4281-b951-d872f2087c98
author: forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-07-30 00:07:53 +0000
committer: forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2014-07-30 00:07:53 +0000
commit: a11cd1e46810f33ca1c2799feba235b85ae70c66 (patch)
tree: 6a8da056640bf5a35e27b56fd65c99e48960f5a6
parent: 91dcc6d3e48fd5ede44e47775dbbe347ebfe487e (diff)
download: chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.zip
chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.tar.gz
chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.tar.bz2
2 files changed, 7 insertions, 2 deletions
diff --git a/components/visitedlink/browser/visitedlink_event_listener.cc b/components/visitedlink/browser/visitedlink_event_listener.cc
index a96a0e3..922e7ee 100644
--- a/components/visitedlink/browser/visitedlink_event_listener.cc
+++ b/components/visitedlink/browser/visitedlink_event_listener.cc
@@ -50,7 +50,8 @@ class VisitedLinkUpdater {
     if (!process)
       return;  // Happens in tests
     base::SharedMemoryHandle handle_for_process;
-    table_memory->ShareToProcess(process->GetHandle(), &handle_for_process);
+    table_memory->ShareReadOnlyToProcess(process->GetHandle(),
+                                         &handle_for_process);
     if (base::SharedMemory::IsHandleValid(handle_for_process))
       process->Send(new ChromeViewMsg_VisitedLink_NewTable(
           handle_for_process));
diff --git a/components/visitedlink/browser/visitedlink_master.cc b/components/visitedlink/browser/visitedlink_master.cc
index ca8c571..5f6074f 100644
--- a/components/visitedlink/browser/visitedlink_master.cc
+++ b/components/visitedlink/browser/visitedlink_master.cc
@@ -675,7 +675,11 @@ bool VisitedLinkMaster::CreateURLTable(int32 num_entries, bool init_to_empty) {
   if (!shared_memory_)
     return false;
 
-  if (!shared_memory_->CreateAndMapAnonymous(alloc_size)) {
+  base::SharedMemoryCreateOptions options;
+  options.size = alloc_size;
+  options.share_read_only = true;
+
+  if (!shared_memory_->Create(options) || !shared_memory_->Map(alloc_size)) {
     delete shared_memory_;
     shared_memory_ = NULL;
     return false;
author	forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-07-30 00:07:53 +0000
committer	forshaw@chromium.org <forshaw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2014-07-30 00:07:53 +0000
commit	a11cd1e46810f33ca1c2799feba235b85ae70c66 (patch)
tree	6a8da056640bf5a35e27b56fd65c99e48960f5a6
parent	91dcc6d3e48fd5ede44e47775dbbe347ebfe487e (diff)
download	chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.zip chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.tar.gz chromium_src-a11cd1e46810f33ca1c2799feba235b85ae70c66.tar.bz2