diff options
| author | vandebo@chromium.org <vandebo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-23 21:31:12 +0000 |
|---|---|---|
| committer | vandebo@chromium.org <vandebo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-23 21:31:12 +0000 |
| commit | e22e136b67ca8ec02722c28964572b2328a4b33d (patch) | |
| tree | 8024788e1580d6830e269905d16f134e3ad8f4cf /net/base | |
| parent | e53f536b1bc1965fa62e6056783d40d38360be9e (diff) | |
| download | chromium_src-e22e136b67ca8ec02722c28964572b2328a4b33d.zip chromium_src-e22e136b67ca8ec02722c28964572b2328a4b33d.tar.gz chromium_src-e22e136b67ca8ec02722c28964572b2328a4b33d.tar.bz2 | |
A large Content-Length header followed by a connection close could trigger an out of memory condition. Fixed problem, added unit test, and clarified the API. This is probably the real problem in issue 25826.
BUG=28346, 25826
TEST=HttpNetworkTransactionTest.LargeContentLengthThenReset
Review URL: http://codereview.chromium.org/418035
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32856 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/io_buffer.cc | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/net/base/io_buffer.cc b/net/base/io_buffer.cc index 4aa469a..9ad0570 100644 --- a/net/base/io_buffer.cc +++ b/net/base/io_buffer.cc @@ -20,11 +20,9 @@ void DrainableIOBuffer::SetOffset(int bytes) { } void GrowableIOBuffer::SetCapacity(int capacity) { - CHECK(capacity >= 0); + DCHECK(capacity >= 0); // realloc will crash if it fails. real_data_.reset(static_cast<char*>(realloc(real_data_.release(), capacity))); - // Sanity check. - CHECK(real_data_.get() != NULL || capacity == 0); capacity_ = capacity; if (offset_ > capacity) set_offset(capacity); |