Make Linux crash death signal message constant sized.

BUG=none
TEST=none
Review URL: http://codereview.chromium.org/149709

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20803 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 48 insertions, 31 deletions

diff --git a/chrome/app/breakpad_linux.cc b/chrome/app/breakpad_linux.cc
index 6f73d81..beaae2c 100644
--- a/chrome/app/breakpad_linux.cc
+++ b/chrome/app/breakpad_linux.cc
@@ -2,11 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "chrome/app/breakpad_linux.h"
+
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 #include <unistd.h>
 
+#include <algorithm>
 #include <string>
 
 #include "base/command_line.h"
@@ -480,6 +483,14 @@ RendererCrashHandler(const void* crash_context, size_t crash_context_size,
   const int fd = (int) context;
   int fds[2];
   socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+  char guid[kGuidSize] = {0};
+  char crash_url[kMaxActiveURLSize + 1] = {0};
+  const unsigned guid_len = std::min(google_update::linux_guid.size(),
+                                     kGuidSize);
+  const unsigned crash_url_len =
+      std::min(child_process_logging::active_url.size(), kMaxActiveURLSize);
+  memcpy(guid, google_update::linux_guid.data(), guid_len);
+  memcpy(crash_url, child_process_logging::active_url.data(), crash_url_len);
 
   // The length of the control message:
   static const unsigned kControlMsgSize = CMSG_SPACE(sizeof(int));
@@ -489,10 +500,10 @@ RendererCrashHandler(const void* crash_context, size_t crash_context_size,
   struct kernel_iovec iov[3];
   iov[0].iov_base = const_cast<void*>(crash_context);
   iov[0].iov_len = crash_context_size;
-  iov[1].iov_base = const_cast<char*>(google_update::linux_guid.data());
-  iov[1].iov_len = google_update::linux_guid.size();
-  iov[2].iov_base = const_cast<char*>(child_process_logging::active_url.data());
-  iov[2].iov_len = child_process_logging::active_url.size();
+  iov[1].iov_base = guid;
+  iov[1].iov_len = kGuidSize + 1;
+  iov[2].iov_base = crash_url;
+  iov[2].iov_len = kMaxActiveURLSize + 1;
 
   msg.msg_iov = iov;
   msg.msg_iovlen = 3;
diff --git a/chrome/app/breakpad_linux.h b/chrome/app/breakpad_linux.h
index 3e82383a..977adf0 100644
--- a/chrome/app/breakpad_linux.h
+++ b/chrome/app/breakpad_linux.h
@@ -6,6 +6,11 @@
 #define CHROME_APP_BREAKPAD_LINUX_H_
 
 extern void InitCrashReporter();
+
+#if defined(GOOGLE_CHROME_BUILD)
+static const unsigned kMaxActiveURLSize = 1024;
+static const unsigned kGuidSize = 32;  // 128 bits = 32 chars in hex.
+
 extern int UploadCrashDump(const char* filename,
                            const char* process_type,
                            unsigned process_type_length,
@@ -13,5 +18,6 @@ extern int UploadCrashDump(const char* filename,
                            unsigned crash_url_length,
                            const char* guid,
                            unsigned guid_length);
+#endif  // defined(GOOGLE_CHROME_BUILD)
 
 #endif  // CHROME_APP_BREAKPAD_LINUX_H_
diff --git a/chrome/browser/renderer_host/render_crash_handler_host_linux.cc b/chrome/browser/renderer_host/render_crash_handler_host_linux.cc
index c3facf8..6a60a6a 100644
--- a/chrome/browser/renderer_host/render_crash_handler_host_linux.cc
+++ b/chrome/browser/renderer_host/render_crash_handler_host_linux.cc
@@ -6,6 +6,7 @@
 
 #include <dirent.h>
 #include <stdint.h>
+#include <string.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/uio.h>
@@ -199,35 +200,40 @@ void RenderCrashHandlerHostLinux::OnFileCanReadWithoutBlocking(int fd) {
   // The length of the regular payload:
   static const unsigned kCrashContextSize =
       sizeof(google_breakpad::ExceptionHandler::CrashContext);
-  static const unsigned kMaxActiveURLSize = 1024;
-  static const unsigned kGuidSize = 32;  // 128 bits = 32 chars in hex.
 
   struct msghdr msg = {0};
-  struct iovec iov;
-  char context[kCrashContextSize + kMaxActiveURLSize + kGuidSize];
+  struct iovec iov[3];
+  char crash_context[kCrashContextSize];
+  char guid[kGuidSize + 1];
+  char crash_url[kMaxActiveURLSize + 1];
   char control[kControlMsgSize];
-  iov.iov_base = context;
-  iov.iov_len = sizeof(context);
-  msg.msg_iov = &iov;
-  msg.msg_iovlen = 1;
+  const ssize_t expected_msg_size = sizeof(crash_context) + sizeof(guid) +
+      sizeof(crash_url);
+
+  iov[0].iov_base = crash_context;
+  iov[0].iov_len = sizeof(crash_context);
+  iov[1].iov_base = guid;
+  iov[1].iov_len = sizeof(guid);
+  iov[2].iov_base = crash_url;
+  iov[2].iov_len = sizeof(crash_url);
+  msg.msg_iov = iov;
+  msg.msg_iovlen = 3;
   msg.msg_control = control;
   msg.msg_controllen = kControlMsgSize;
 
-  const ssize_t n = HANDLE_EINTR(recvmsg(browser_socket_, &msg, 0));
-  if (n < 1) {
+  const ssize_t msg_size = HANDLE_EINTR(recvmsg(browser_socket_, &msg, 0));
+  if (msg_size != expected_msg_size) {
     LOG(ERROR) << "Error reading from death signal socket. Crash dumping"
                << " is disabled."
-               << " n:" << n
+               << " msg_size:" << msg_size
                << " errno:" << errno;
     file_descriptor_watcher_.StopWatchingFileDescriptor();
     return;
   }
 
-  if (n < static_cast<ssize_t>(kCrashContextSize) ||
-      msg.msg_controllen != kControlMsgSize ||
+  if (msg.msg_controllen != kControlMsgSize ||
       msg.msg_flags & ~MSG_TRUNC) {
     LOG(ERROR) << "Received death signal message with the wrong size;"
-               << " n:" << n
                << " msg.msg_controllen:" << msg.msg_controllen
                << " msg.msg_flags:" << msg.msg_flags
                << " kCrashContextSize:" << kCrashContextSize
@@ -235,13 +241,6 @@ void RenderCrashHandlerHostLinux::OnFileCanReadWithoutBlocking(int fd) {
     return;
   }
 
-  // After the message contents we have the guid.
-  const char* const guid = &context[kCrashContextSize];
-
-  // Anything in the guid after the crash context is the crashing URL.
-  const char* const crash_url = &context[kCrashContextSize + kGuidSize];
-  const unsigned crash_url_len = n - kCrashContextSize - kGuidSize;
-
   // Walk the control payload an extract the file descriptor and validated pid.
   pid_t crashing_pid = -1;
   int signal_fd = -1;
@@ -304,7 +303,7 @@ void RenderCrashHandlerHostLinux::OnFileCanReadWithoutBlocking(int fd) {
   const std::string minidump_filename =
       StringPrintf("/tmp/chromium-renderer-minidump-%016" PRIx64 ".dmp", rand);
   if (!google_breakpad::WriteMinidump(minidump_filename.c_str(),
-                                      crashing_pid, context,
+                                      crashing_pid, crash_context,
                                       kCrashContextSize)) {
     LOG(ERROR) << "Failed to write crash dump for pid " << crashing_pid;
     HANDLE_EINTR(close(signal_fd));
@@ -312,9 +311,10 @@ void RenderCrashHandlerHostLinux::OnFileCanReadWithoutBlocking(int fd) {
 
   // Send the done signal to the renderer: it can exit now.
   memset(&msg, 0, sizeof(msg));
-  iov.iov_base = const_cast<char*>("\x42");
-  iov.iov_len = 1;
-  msg.msg_iov = &iov;
+  struct iovec done_iov;
+  done_iov.iov_base = const_cast<char*>("\x42");
+  done_iov.iov_len = 1;
+  msg.msg_iov = &done_iov;
   msg.msg_iovlen = 1;
 
   HANDLE_EINTR(sendmsg(signal_fd, &msg, MSG_DONTWAIT | MSG_NOSIGNAL));
@@ -322,8 +322,8 @@ void RenderCrashHandlerHostLinux::OnFileCanReadWithoutBlocking(int fd) {
 
   UploadCrashDump(minidump_filename.c_str(),
                   "renderer", 8,
-                  crash_url, crash_url_len,
-                  guid, kGuidSize);
+                  crash_url, strlen(crash_url),
+                  guid, strlen(guid));
 }
 
 void RenderCrashHandlerHostLinux::WillDestroyCurrentMessageLoop() {