diff options
| author | reillyg <reillyg@chromium.org> | 2015-06-25 15:27:57 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-06-25 22:28:26 +0000 |
| commit | ad9a3016826d4a7625da00000745b56c68533aa6 (patch) | |
| tree | 8b5408b3e98be0d3b8eaed73ac10ed389a6a833f /dbus | |
| parent | bdb5eaf31dd67beaf7f720e9a11d8184dfef63e7 (diff) | |
| download | chromium_src-ad9a3016826d4a7625da00000745b56c68533aa6.zip chromium_src-ad9a3016826d4a7625da00000745b56c68533aa6.tar.gz chromium_src-ad9a3016826d4a7625da00000745b56c68533aa6.tar.bz2 | |
Don't attempt to validate invalid DBus-passed file descriptors.
If an invalid file descriptor (i.e. -1) is passed over DBus then it is
impossible to determine if it is valid because the value() accessor
requires CheckValidity() to be called first and this will trigger a
DCHECK in base::File::GetInfo() because the file descriptor is invalid.
The solution is to abort the validity check if file.IsValid() is false.
This way after calling CheckValidity() is_valid() will indicate either
that the file descriptor was unsafe (i.e. a directory) or invalid (i.e.
-1).
BUG=496469
Review URL: https://codereview.chromium.org/1211093002
Cr-Commit-Position: refs/heads/master@{#336276}
Diffstat (limited to 'dbus')
| -rw-r--r-- | dbus/file_descriptor.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/dbus/file_descriptor.cc b/dbus/file_descriptor.cc index c67a9e1..c740f28 100644 --- a/dbus/file_descriptor.cc +++ b/dbus/file_descriptor.cc @@ -49,6 +49,11 @@ int FileDescriptor::TakeValue() { void FileDescriptor::CheckValidity() { base::File file(value_); + if (!file.IsValid()) { + valid_ = false; + return; + } + base::File::Info info; bool ok = file.GetInfo(&info); file.TakePlatformFile(); // Prevent |value_| from being closed by |file|. |