summaryrefslogtreecommitdiffstats
path: root/chrome/browser/sessions/tab_restore_service.cc
diff options
context:
space:
mode:
authorjhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-09-16 19:52:04 +0000
committerjhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-09-16 19:52:04 +0000
commit3ca7e00339fdc2e0c7533b1af6e75d6b3d123166 (patch)
tree6981b08a183de8683d99940ec27757f74031ece4 /chrome/browser/sessions/tab_restore_service.cc
parent154c671a50a862fc146857eb63081ae2e2a10470 (diff)
downloadchromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.zip
chromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.tar.gz
chromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.tar.bz2
valgrind: memset the window command data structure. |timestamp| is aligned on a 16 byte boundary leaving 4 bytes of uninitialized data in the middle of the struct. We write this data to disk, which is a possible security risk.
BUG=22031 TEST=TabRestoreUITest.RestoreToDifferentWindow Review URL: http://codereview.chromium.org/196144 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26379 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/sessions/tab_restore_service.cc')
-rw-r--r--chrome/browser/sessions/tab_restore_service.cc10
1 files changed, 8 insertions, 2 deletions
diff --git a/chrome/browser/sessions/tab_restore_service.cc b/chrome/browser/sessions/tab_restore_service.cc
index 3eefdf2..a5f8545 100644
--- a/chrome/browser/sessions/tab_restore_service.cc
+++ b/chrome/browser/sessions/tab_restore_service.cc
@@ -6,6 +6,7 @@
#include <algorithm>
#include <iterator>
+#include <map>
#include "base/scoped_vector.h"
#include "base/stl_util-inl.h"
@@ -63,7 +64,8 @@ namespace {
typedef int32 RestoredEntryPayload;
// Payload used for the start of a window close. This is the old struct that is
-// used for backwards compat when it comes to reading the session files.
+// used for backwards compat when it comes to reading the session files. This
+// struct must be POD, because we memset the contents.
struct WindowPayload {
SessionID::id_type window_id;
int32 selected_tab_index;
@@ -77,7 +79,8 @@ struct SelectedNavigationInTabPayload {
int32 index;
};
-// Payload used for the start of a window close.
+// Payload used for the start of a window close. This struct must be POD,
+// because we memset the contents.
struct WindowPayload2 : WindowPayload {
int64 timestamp;
};
@@ -502,6 +505,9 @@ SessionCommand* TabRestoreService::CreateWindowCommand(SessionID::id_type id,
int num_tabs,
Time timestamp) {
WindowPayload2 payload;
+ // |timestamp| is aligned on a 16 byte boundary, leaving 4 bytes of
+ // uninitialized memory in the struct.
+ memset(&payload, 0, sizeof(payload));
payload.window_id = id;
payload.selected_tab_index = selected_tab_index;
payload.num_tabs = num_tabs;