diff options
| author | yoz@chromium.org <yoz@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-20 18:03:22 +0000 |
|---|---|---|
| committer | yoz@chromium.org <yoz@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-20 18:03:22 +0000 |
| commit | 47a5438afb624d7e15f411e41db8ae9d9173ee3f (patch) | |
| tree | cffbc9be5693a2b2d0ab43b82b9161053710e323 /chrome | |
| parent | cfe868c0b603e604716a90597d7c85f9a1752a1b (diff) | |
| download | chromium_src-47a5438afb624d7e15f411e41db8ae9d9173ee3f.zip chromium_src-47a5438afb624d7e15f411e41db8ae9d9173ee3f.tar.gz chromium_src-47a5438afb624d7e15f411e41db8ae9d9173ee3f.tar.bz2 | |
Sanitize chrome://extension-icon/ URL inputs.
BUG=86044
TEST=No crashing on invalid chrome://extension-icon/ URLs (see bug)
Review URL: http://codereview.chromium.org/7192020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89685 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/ui/webui/extension_icon_source.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/chrome/browser/ui/webui/extension_icon_source.cc b/chrome/browser/ui/webui/extension_icon_source.cc index 8981179..0bfa300 100644 --- a/chrome/browser/ui/webui/extension_icon_source.cc +++ b/chrome/browser/ui/webui/extension_icon_source.cc @@ -264,12 +264,18 @@ bool ExtensionIconSource::ParseData(const std::string& path, if (!base::StringToInt(size_param, &size_num)) return false; size = static_cast<Extension::Icons>(size_num); + if (size <= 0) + return false; ExtensionIconSet::MatchType match_type; int match_num; if (!base::StringToInt(match_param, &match_num)) return false; match_type = static_cast<ExtensionIconSet::MatchType>(match_num); + if (!(match_type == ExtensionIconSet::MATCH_EXACTLY || + match_type == ExtensionIconSet::MATCH_SMALLER || + match_type == ExtensionIconSet::MATCH_BIGGER)) + match_type = ExtensionIconSet::MATCH_EXACTLY; std::string extension_id = path_parts.at(0); const Extension* extension = |