Pickle: handle invalid data on 64 bit systems.

There was a problem with pointer arithmetic for 64 bit systems
so invalid data was not properly detected. Now we do explicit tests.

BUG=56449
TEST=base_unittests

Review URL: http://codereview.chromium.org/4716006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66149 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 13 insertions, 3 deletions

diff --git a/base/pickle.cc b/base/pickle.cc
index 06a3be1..3f376e3 100644
--- a/base/pickle.cc
+++ b/base/pickle.cc
@@ -41,11 +41,21 @@ Pickle::Pickle(int header_size)
 
 Pickle::Pickle(const char* data, int data_len)
     : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
-      header_size_(data_len - header_->payload_size),
+      header_size_(0),
       capacity_(kCapacityReadOnly),
       variable_buffer_offset_(0) {
-  DCHECK(header_size_ >= sizeof(Header));
-  DCHECK(header_size_ == AlignInt(header_size_, sizeof(uint32)));
+  if (data_len >= static_cast<int>(sizeof(Header)))
+    header_size_ = data_len - header_->payload_size;
+
+  if (header_size_ > static_cast<unsigned int>(data_len))
+    header_size_ = 0;
+
+  if (header_size_ != AlignInt(header_size_, sizeof(uint32)))
+    header_size_ = 0;
+
+  // If there is anything wrong with the data, we're not going to use it.
+  if (!header_size_)
+    header_ = NULL;
 }
 
 Pickle::Pickle(const Pickle& other)