diff options
| author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-17 21:48:19 +0000 |
|---|---|---|
| committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-09-17 21:48:19 +0000 |
| commit | 3eae1bc38d05cde67b27979c71a1b1826ad44b97 (patch) | |
| tree | 8828e2aa69b78e214bc79143e9beb8db186cc173 /content | |
| parent | 1de0fc0a13233dcf1a0757b2e8b7c138b360c9b1 (diff) | |
| download | chromium_src-3eae1bc38d05cde67b27979c71a1b1826ad44b97.zip chromium_src-3eae1bc38d05cde67b27979c71a1b1826ad44b97.tar.gz chromium_src-3eae1bc38d05cde67b27979c71a1b1826ad44b97.tar.bz2 | |
Remove memory hole mitigation for Flash Windows plugin
Review URL: https://chromiumcodereview.appspot.com/10892045
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@157206 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/plugin/plugin_main.cc | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/content/plugin/plugin_main.cc b/content/plugin/plugin_main.cc index 14db48e0..696a5d6 100644 --- a/content/plugin/plugin_main.cc +++ b/content/plugin/plugin_main.cc @@ -89,41 +89,6 @@ void DestroyIMEForFlash() { } } -// VirtualAlloc doesn't randomize well, so we use these calls to poke a -// random-sized hole in the address space and set an event to later remove it. -void FreeRandomMemoryHole(void *hole) { - ::VirtualFree(hole, 0, MEM_RELEASE); -} - -bool CreateRandomMemoryHole() { - const uint32_t kRandomValueMax = 8 * 1024; // Yields a 512mb max hole. - const uint32_t kRandomValueDivisor = 8; - const uint32_t kMaxWaitSeconds = 18 * 60; // 18 Minutes in seconds. - COMPILE_ASSERT((kMaxWaitSeconds > (kRandomValueMax / kRandomValueDivisor)), - kMaxWaitSeconds_value_too_small); - - uint32_t rand_val; - if (rand_s(&rand_val) != S_OK) { - DVLOG(ERROR) << "rand_s() failed"; - } - - rand_val %= kRandomValueMax; - // Reserve a (randomly selected) range of address space. - if (void* hole = ::VirtualAlloc(NULL, 65536 * (1 + rand_val), - MEM_RESERVE, PAGE_NOACCESS)) { - // Set up an event to remove the memory hole. Base the wait time on the - // inverse of the allocation size, meaning a bigger hole gets a shorter - // wait (ranging from 1-18 minutes). - const uint32_t wait = kMaxWaitSeconds - (rand_val / kRandomValueDivisor); - MessageLoop::current()->PostDelayedTask(FROM_HERE, - base::Bind(&FreeRandomMemoryHole, hole), - base::TimeDelta::FromSeconds(wait)); - return true; - } - - return false; -} - #endif // main() routine for running as the plugin process. @@ -185,11 +150,6 @@ int PluginMain(const content::MainFunctionParams& parameters) { if (IsPluginBuiltInFlash(parsed_command_line)) { DVLOG(1) << "Sandboxing flash"; - // Poke hole in the address space to improve randomization. - if (!CreateRandomMemoryHole()) { - DVLOG(ERROR) << "Failed to create random memory hole"; - } - if (!PreloadIMEForFlash()) DVLOG(1) << "IME preload failed"; DelayedLowerToken(target_services); |