diff options
| author | jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-16 19:52:04 +0000 |
|---|---|---|
| committer | jhawkins@chromium.org <jhawkins@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-16 19:52:04 +0000 |
| commit | 3ca7e00339fdc2e0c7533b1af6e75d6b3d123166 (patch) | |
| tree | 6981b08a183de8683d99940ec27757f74031ece4 /chrome | |
| parent | 154c671a50a862fc146857eb63081ae2e2a10470 (diff) | |
| download | chromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.zip chromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.tar.gz chromium_src-3ca7e00339fdc2e0c7533b1af6e75d6b3d123166.tar.bz2 | |
valgrind: memset the window command data structure. |timestamp| is aligned on a 16 byte boundary leaving 4 bytes of uninitialized data in the middle of the struct. We write this data to disk, which is a possible security risk.
BUG=22031
TEST=TabRestoreUITest.RestoreToDifferentWindow
Review URL: http://codereview.chromium.org/196144
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26379 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/sessions/tab_restore_service.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/chrome/browser/sessions/tab_restore_service.cc b/chrome/browser/sessions/tab_restore_service.cc index 3eefdf2..a5f8545 100644 --- a/chrome/browser/sessions/tab_restore_service.cc +++ b/chrome/browser/sessions/tab_restore_service.cc @@ -6,6 +6,7 @@ #include <algorithm> #include <iterator> +#include <map> #include "base/scoped_vector.h" #include "base/stl_util-inl.h" @@ -63,7 +64,8 @@ namespace { typedef int32 RestoredEntryPayload; // Payload used for the start of a window close. This is the old struct that is -// used for backwards compat when it comes to reading the session files. +// used for backwards compat when it comes to reading the session files. This +// struct must be POD, because we memset the contents. struct WindowPayload { SessionID::id_type window_id; int32 selected_tab_index; @@ -77,7 +79,8 @@ struct SelectedNavigationInTabPayload { int32 index; }; -// Payload used for the start of a window close. +// Payload used for the start of a window close. This struct must be POD, +// because we memset the contents. struct WindowPayload2 : WindowPayload { int64 timestamp; }; @@ -502,6 +505,9 @@ SessionCommand* TabRestoreService::CreateWindowCommand(SessionID::id_type id, int num_tabs, Time timestamp) { WindowPayload2 payload; + // |timestamp| is aligned on a 16 byte boundary, leaving 4 bytes of + // uninitialized memory in the struct. + memset(&payload, 0, sizeof(payload)); payload.window_id = id; payload.selected_tab_index = selected_tab_index; payload.num_tabs = num_tabs; |