summaryrefslogtreecommitdiffstats
path: root/ipc/ipc_channel_posix.cc
diff options
context:
space:
mode:
authorjeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-26 10:04:05 +0000
committerjeremy@chromium.org <jeremy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-26 10:04:05 +0000
commit00a13d2d2808d3e6f055cd7ce9a83ebbfea37a68 (patch)
tree3650cb2c9c1bb438a422f75412e9b58f99c5fb44 /ipc/ipc_channel_posix.cc
parent1677229632b3e4410030e280f637c7d7d5c5ca31 (diff)
downloadchromium_src-00a13d2d2808d3e6f055cd7ce9a83ebbfea37a68.zip
chromium_src-00a13d2d2808d3e6f055cd7ce9a83ebbfea37a68.tar.gz
chromium_src-00a13d2d2808d3e6f055cd7ce9a83ebbfea37a68.tar.bz2
Better handle oversized IPC messages
* Shoot down oversized messages on the sending side so we fail faster. * Add DCHECKs to identify oversized messages early. The real fix for the underlying bug is not to send oversized messages in the first place, but the current state of things is that it takes a long while for the renderer to crash. This change should speed the failure up a bit. BUG=26822 TEST=Chrome should continue to load web pages. Review URL: http://codereview.chromium.org/546047 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37102 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc/ipc_channel_posix.cc')
-rw-r--r--ipc/ipc_channel_posix.cc13
1 files changed, 13 insertions, 0 deletions
diff --git a/ipc/ipc_channel_posix.cc b/ipc/ipc_channel_posix.cc
index 545ad0c..4e00964 100644
--- a/ipc/ipc_channel_posix.cc
+++ b/ipc/ipc_channel_posix.cc
@@ -734,6 +734,10 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() {
while (!output_queue_.empty()) {
Message* msg = output_queue_.front();
+ // Oversized messages should be rejected in Send().
+ DCHECK_LE(msg->size(), kMaximumMessageSize)
+ << "Attempt to send oversized message";
+
#if defined(OS_LINUX)
scoped_ptr<Message> hello;
if (remote_fd_pipe_ != -1 &&
@@ -884,6 +888,15 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() {
}
bool Channel::ChannelImpl::Send(Message* message) {
+ if(message->size(), kMaximumMessageSize) {
+ LOG(ERROR) << "Attempt to send oversized message "
+ << message->size()
+ << " type="
+ << message->type();
+ Close();
+ delete message;
+ return false;
+ }
#ifdef IPC_MESSAGE_DEBUG_EXTRA
DLOG(INFO) << "sending message @" << message << " on channel @" << this
<< " with type " << message->type()