summaryrefslogtreecommitdiffstats
path: root/net/disk_cache/block_files.cc
diff options
context:
space:
mode:
authormattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-08-07 20:43:20 +0000
committermattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-08-07 20:43:20 +0000
commit69747cd586c65d34da6e31d1f6da787db864cbe6 (patch)
tree6aee9db29ae633c2c161091af450a90fcb2e232e /net/disk_cache/block_files.cc
parent9c28813beb4322b56e93734da7a6f81008243f0f (diff)
downloadchromium_src-69747cd586c65d34da6e31d1f6da787db864cbe6.zip
chromium_src-69747cd586c65d34da6e31d1f6da787db864cbe6.tar.gz
chromium_src-69747cd586c65d34da6e31d1f6da787db864cbe6.tar.bz2
Check blockfile size before attempting to read the header.
Reading past the last page of a mmapped file will SIGBUS. BUG=18174 TEST=truncate Default/Cache/data_* to zero bytes, launch chrome, try to load a website. It shouldn't crash. Review URL: http://codereview.chromium.org/164132 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22781 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/disk_cache/block_files.cc')
-rw-r--r--net/disk_cache/block_files.cc6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/disk_cache/block_files.cc b/net/disk_cache/block_files.cc
index cd7e5cf..0e9eb04 100644
--- a/net/disk_cache/block_files.cc
+++ b/net/disk_cache/block_files.cc
@@ -247,6 +247,12 @@ bool BlockFiles::OpenBlockFile(int index) {
return false;
}
+ if (file->GetLength() < static_cast<size_t>(kBlockHeaderSize)) {
+ LOG(ERROR) << "File too small " << name;
+ file->Release();
+ return false;
+ }
+
block_files_[index] = file;
BlockFileHeader* header = reinterpret_cast<BlockFileHeader*>(file->buffer());
generated by cgit v1.1 at 2025-02-01 10:54:49 +0000