Fix check for maximum IPC message size.

If the incoming message length is larger than Channel::kMaximumMessageSize, the RHS for the check for message size will become negative - since both sides are promoted to unsigned, the negative will simply become a very large value hence breaking the check.

R=tsepez@chromium.org
BUG=None.

Review URL: https://codereview.chromium.org/11413204

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@170072 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 2 insertions, 2 deletions

diff --git a/ipc/ipc_channel_reader.cc b/ipc/ipc_channel_reader.cc
index 4c3a86b..9055deb 100644
--- a/ipc/ipc_channel_reader.cc
+++ b/ipc/ipc_channel_reader.cc
@@ -53,8 +53,8 @@ bool ChannelReader::DispatchInputData(const char* input_data,
     p = input_data;
     end = input_data + input_data_len;
   } else {
-    if (input_overflow_buf_.size() >
-        Channel::kMaximumMessageSize - input_data_len) {
+    if (input_overflow_buf_.size() + input_data_len >
+        Channel::kMaximumMessageSize) {
       input_overflow_buf_.clear();
       LOG(ERROR) << "IPC message is too big";
       return false;