diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-10 02:16:24 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-10 02:16:24 +0000 |
| commit | 374f1a835278298311bb922faf84161f7c2851dd (patch) | |
| tree | f95a04524f17ab74bd68ba7c0d135e433dffb5fc /base/shared_memory_win.cc | |
| parent | 0064b506bd144f919de894d5d09266153a57ded3 (diff) | |
| download | chromium_src-374f1a835278298311bb922faf84161f7c2851dd.zip chromium_src-374f1a835278298311bb922faf84161f7c2851dd.tar.gz chromium_src-374f1a835278298311bb922faf84161f7c2851dd.tar.bz2 | |
The correct type for the size of a chunk of memory is size_t.
By using uint32, we have bugs on 64-bit platforms: callers passing in a size_t, will have their size truncated, potentially allocating a smaller
chunk than requested. There are a few places this happens, including on the
receiving ends of IPCs(!)
However, coversely, other callers of the API might directly assign the
memory chunk's length to uint32, leading to a different possible truncation
problem. This is guaraded against by limiting operations internally to
std::numeric_limits<uint32_t> in size for now.
There's some minor cascade effects that make the CL look larger than it is.
BUG=164678
Review URL: https://codereview.chromium.org/11446048
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175987 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/shared_memory_win.cc')
| -rw-r--r-- | base/shared_memory_win.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/base/shared_memory_win.cc b/base/shared_memory_win.cc index b0fdafe3..877ccd7 100644 --- a/base/shared_memory_win.cc +++ b/base/shared_memory_win.cc @@ -70,7 +70,7 @@ void SharedMemory::CloseHandle(const SharedMemoryHandle& handle) { ::CloseHandle(handle); } -bool SharedMemory::CreateAndMapAnonymous(uint32 size) { +bool SharedMemory::CreateAndMapAnonymous(size_t size) { return CreateAnonymous(size) && Map(size); } @@ -80,6 +80,9 @@ bool SharedMemory::Create(const SharedMemoryCreateOptions& options) { if (options.size == 0) return false; + if (options.size > static_cast<size_t>(std::numeric_limits<int>::max())) + return false; + // NaCl's memory allocator requires 0mod64K alignment and size for // shared memory objects. To allow passing shared memory to NaCl, // therefore we round the size actually created to the nearest 64K unit. @@ -131,10 +134,13 @@ bool SharedMemory::Open(const std::string& name, bool read_only) { return false; } -bool SharedMemory::Map(uint32 bytes) { +bool SharedMemory::Map(size_t bytes) { if (mapped_file_ == NULL) return false; + if (bytes > static_cast<size_t>(std::numeric_limits<int>::max())) + return false; + memory_ = MapViewOfFile(mapped_file_, read_only_ ? FILE_MAP_READ : FILE_MAP_ALL_ACCESS, 0, 0, bytes); if (memory_ != NULL) { |