diff options
| author | joshia@google.com <joshia@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-04 17:59:54 +0000 |
|---|---|---|
| committer | joshia@google.com <joshia@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-04 17:59:54 +0000 |
| commit | 5e165473f8b211c86b352e69ac05265e3a066cc3 (patch) | |
| tree | eec625a920f25d5a30444d8d8297f7c1c39274c2 /base/iat_patch.cc | |
| parent | 0f0192261299f7c03053bbd1f56fa5c95d4ca013 (diff) | |
| download | chromium_src-5e165473f8b211c86b352e69ac05265e3a066cc3.zip chromium_src-5e165473f8b211c86b352e69ac05265e3a066cc3.tar.gz chromium_src-5e165473f8b211c86b352e69ac05265e3a066cc3.tar.bz2 | |
Hands off the intercept if 'unpatch' fails
If IATPatchFunction::Unpatch fails during RestoreImportedFunction
it means that we cannot safely unpatch the import address table
patch. In this case its better to be hands off the intercept as
trying to unpatch again in the destructor of IATPatchFunction is
not going to be any safer.
In real world, when we patch a plugin's SetCursor, we intercept
npswf.dll's IAT entry of SetCursor. It seems that our unpatch
fails when the plugin ref count goes to 0. It could be because
some one else has patched on top of us. Then, during CRT
uninitialization at process shutdown, the destructor of
IATPatchFunction is called. It detects that we haven't unpatched
yet and tries to unpatch. But at this time the plugin DLL is
unloaded and the IAT thunk is invalid. There's no point in
trying to unpatch unloaded DLL's IAT :)
BUG=6886
Review URL: http://codereview.chromium.org/21044
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9142 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/iat_patch.cc')
| -rw-r--r-- | base/iat_patch.cc | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/base/iat_patch.cc b/base/iat_patch.cc index 562078f..713aa92 100644 --- a/base/iat_patch.cc +++ b/base/iat_patch.cc @@ -208,12 +208,17 @@ DWORD IATPatchFunction::Unpatch() { DWORD error = RestoreImportedFunction(intercept_function_, original_function_, iat_thunk_); - - if (NO_ERROR == error) { - intercept_function_ = NULL; - original_function_ = NULL; - iat_thunk_ = NULL; - } + DCHECK(NO_ERROR == error); + + // Hands off the intercept if we fail to unpatch. + // If IATPatchFunction::Unpatch fails during RestoreImportedFunction + // it means that we cannot safely unpatch the import address table + // patch. In this case its better to be hands off the intercept as + // trying to unpatch again in the destructor of IATPatchFunction is + // not going to be any safer + intercept_function_ = NULL; + original_function_ = NULL; + iat_thunk_ = NULL; return error; } |