diff options
| author | derat@chromium.org <derat@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-12 19:59:39 +0000 |
|---|---|---|
| committer | derat@chromium.org <derat@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-12 19:59:39 +0000 |
| commit | 375a8463858537aa295b904a71073784dfa4de6a (patch) | |
| tree | ffda46a1d09ae53d657c12ea4b22f194b5f3f2fa /base/posix | |
| parent | ffabb1ea75e662308da91e916a0ffc922525aa18 (diff) | |
| download | chromium_src-375a8463858537aa295b904a71073784dfa4de6a.zip chromium_src-375a8463858537aa295b904a71073784dfa4de6a.tar.gz chromium_src-375a8463858537aa295b904a71073784dfa4de6a.tar.bz2 | |
linux: Crash browser on too-big messages to zygote.
This adds CHECKs to the browser if it attempts to send a
message to the zygote that exceeds the maximum message size
(which causes an EMSGSIZE error in the zygote) or that
contains too many file descriptors.
I'm hoping that this will help make the source of the
problem more apparent when we hit the message size limit,
which we appear to have done multiple times (it was
originally 1 KB and is now 2 KB).
BUG=154409
Review URL: https://chromiumcodereview.appspot.com/11108019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161645 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/posix')
| -rw-r--r-- | base/posix/unix_domain_socket.cc | 6 | ||||
| -rw-r--r-- | base/posix/unix_domain_socket.h | 5 |
2 files changed, 7 insertions, 4 deletions
diff --git a/base/posix/unix_domain_socket.cc b/base/posix/unix_domain_socket.cc index da8be63..bd11292 100644 --- a/base/posix/unix_domain_socket.cc +++ b/base/posix/unix_domain_socket.cc @@ -14,6 +14,8 @@ #include "base/pickle.h" #include "base/stl_util.h" +const size_t UnixDomainSocket::kMaxFileDescriptors = 16; + // static bool UnixDomainSocket::SendMsg(int fd, const void* buf, @@ -52,8 +54,6 @@ ssize_t UnixDomainSocket::RecvMsg(int fd, void* buf, size_t length, std::vector<int>* fds) { - static const unsigned kMaxDescriptors = 16; - fds->clear(); struct msghdr msg; @@ -62,7 +62,7 @@ ssize_t UnixDomainSocket::RecvMsg(int fd, msg.msg_iov = &iov; msg.msg_iovlen = 1; - char control_buffer[CMSG_SPACE(sizeof(int) * kMaxDescriptors)]; + char control_buffer[CMSG_SPACE(sizeof(int) * kMaxFileDescriptors)]; msg.msg_control = control_buffer; msg.msg_controllen = sizeof(control_buffer); diff --git a/base/posix/unix_domain_socket.h b/base/posix/unix_domain_socket.h index d08d170..cb2a0b8 100644 --- a/base/posix/unix_domain_socket.h +++ b/base/posix/unix_domain_socket.h @@ -15,6 +15,9 @@ class Pickle; class BASE_EXPORT UnixDomainSocket { public: + // Maximum number of file descriptors that can be read by RecvMsg(). + static const size_t kMaxFileDescriptors; + // Use sendmsg to write the given msg and include a vector of file // descriptors. Returns true if successful. static bool SendMsg(int fd, @@ -23,7 +26,7 @@ class BASE_EXPORT UnixDomainSocket { const std::vector<int>& fds); // Use recvmsg to read a message and an array of file descriptors. Returns - // -1 on failure. Note: will read, at most, 16 descriptors. + // -1 on failure. Note: will read, at most, |kMaxFileDescriptors| descriptors. static ssize_t RecvMsg(int fd, void* msg, size_t length, |