Disk Cache: Perform extra validations to data comming from

disk to detect obvious corruption going undetected.

BUG=77841
TEST=net_unittests
Review URL: http://codereview.chromium.org/6840035

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81646 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 93 insertions, 11 deletions

diff --git a/net/disk_cache/addr.cc b/net/disk_cache/addr.cc
index aa84c01..c4b95ef 100644
--- a/net/disk_cache/addr.cc
+++ b/net/disk_cache/addr.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -26,4 +26,18 @@ bool Addr::SetFileNumber(int file_number) {
   return true;
 }
 
+bool Addr::SanityCheck() const {
+  if (!is_initialized())
+    return !value_;
+
+  if (((value_ & kFileTypeMask) >> kFileTypeOffset) > 4)
+    return false;
+
+  if (is_separate_file())
+    return true;
+
+  const uint32 kReservedBitsMask = 0x0c000000;
+  return !(value_ & kReservedBitsMask);
+}
+
 }  // namespace disk_cache
diff --git a/net/disk_cache/addr.h b/net/disk_cache/addr.h
index c10dcc3..d754ec5 100644
--- a/net/disk_cache/addr.h
+++ b/net/disk_cache/addr.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -119,6 +119,9 @@ class Addr {
       return EXTERNAL;
   }
 
+  // Returns true if this address looks like a valid one.
+  bool SanityCheck() const;
+
  private:
   static const uint32 kInitializedMask    = 0x80000000;
   static const uint32 kFileTypeMask       = 0x70000000;
diff --git a/net/disk_cache/addr_unittest.cc b/net/disk_cache/addr_unittest.cc
index 551310e..09088c4 100644
--- a/net/disk_cache/addr_unittest.cc
+++ b/net/disk_cache/addr_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -34,4 +34,24 @@ TEST_F(DiskCacheTest, CacheAddr_InvalidValues) {
   EXPECT_EQ(4096, addr3.BlockSize());
 }
 
+TEST_F(DiskCacheTest, CacheAddr_SanityCheck) {
+  // First a few valid values.
+  EXPECT_TRUE(Addr(0).SanityCheck());
+  EXPECT_TRUE(Addr(0x80001000).SanityCheck());
+  EXPECT_TRUE(Addr(0xC3FFFFFF).SanityCheck());
+  EXPECT_TRUE(Addr(0xC0FFFFFF).SanityCheck());
+
+  // Not initialized.
+  EXPECT_FALSE(Addr(0x20).SanityCheck());
+  EXPECT_FALSE(Addr(0x10001000).SanityCheck());
+
+  // Invalid file type.
+  EXPECT_FALSE(Addr(0xD0001000).SanityCheck());
+  EXPECT_FALSE(Addr(0xF0000000).SanityCheck());
+
+  // Reserved bits.
+  EXPECT_FALSE(Addr(0x14000000).SanityCheck());
+  EXPECT_FALSE(Addr(0x18000000).SanityCheck());
+}
+
 }  // namespace disk_cache
diff --git a/net/disk_cache/backend_unittest.cc b/net/disk_cache/backend_unittest.cc
index 185d29c..96cf9cc 100644
--- a/net/disk_cache/backend_unittest.cc
+++ b/net/disk_cache/backend_unittest.cc
@@ -1256,13 +1256,11 @@ void DiskCacheBackendTest::BackendRecoverRemove() {
   BackendTransaction("remove_load3", 100, true);
   ASSERT_TRUE(success_) << "remove_load3";
 
-#ifdef NDEBUG
-  // This case cannot be reverted, so it will assert on debug builds.
+  // This case cannot be reverted.
   BackendTransaction("remove_one4", 0, false);
   ASSERT_TRUE(success_) << "remove_one4";
   BackendTransaction("remove_head4", 1, false);
   ASSERT_TRUE(success_) << "remove_head4";
-#endif
 }
 
 TEST_F(DiskCacheBackendTest, RecoverRemove) {
diff --git a/net/disk_cache/entry_impl.cc b/net/disk_cache/entry_impl.cc
index 2db4988..73c67df 100644
--- a/net/disk_cache/entry_impl.cc
+++ b/net/disk_cache/entry_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -12,6 +12,7 @@
 #include "net/disk_cache/backend_impl.h"
 #include "net/disk_cache/bitmap.h"
 #include "net/disk_cache/cache_util.h"
+#include "net/disk_cache/hash.h"
 #include "net/disk_cache/histogram_macros.h"
 #include "net/disk_cache/net_log_parameters.h"
 #include "net/disk_cache/sparse_control.h"
@@ -559,19 +560,56 @@ void EntryImpl::SetPointerForInvalidEntry(int32 new_id) {
 }
 
 bool EntryImpl::SanityCheck() {
-  if (!entry_.Data()->rankings_node || !entry_.Data()->key_len)
+  EntryStore* stored = entry_.Data();
+  if (!stored->rankings_node || stored->key_len <= 0)
     return false;
 
-  Addr rankings_addr(entry_.Data()->rankings_node);
+  if (stored->reuse_count < 0 || stored->refetch_count < 0)
+    return false;
+
+  Addr rankings_addr(stored->rankings_node);
   if (!rankings_addr.is_initialized() || rankings_addr.is_separate_file() ||
       rankings_addr.file_type() != RANKINGS)
     return false;
 
-  Addr next_addr(entry_.Data()->next);
+  Addr next_addr(stored->next);
   if (next_addr.is_initialized() &&
       (next_addr.is_separate_file() || next_addr.file_type() != BLOCK_256))
     return false;
 
+  if (!rankings_addr.SanityCheck() || !next_addr.SanityCheck())
+    return false;
+
+  if (stored->state > ENTRY_DOOMED || stored->state < ENTRY_NORMAL)
+    return false;
+
+  Addr key_addr(stored->long_key);
+  if (stored->key_len <= kMaxInternalKeyLength && key_addr.is_initialized())
+    return false;
+
+  if (!key_addr.SanityCheck())
+    return false;
+
+  if (stored->hash != Hash(GetKey()))
+    return false;
+
+  for (int i = 0; i < kNumStreams; i++) {
+    Addr data_addr(stored->data_addr[i]);
+    int data_size = stored->data_size[i];
+    if (data_size < 0)
+      return false;
+    if (!data_size && data_addr.is_initialized())
+      return false;
+    if (!data_addr.SanityCheck())
+      return false;
+    if (!data_size)
+      continue;
+    if (data_size <= kMaxBlockSize && data_addr.is_separate_file())
+      return false;
+    if (data_size > kMaxBlockSize && data_addr.is_block_file())
+      return false;
+  }
+
   return true;
 }
 
diff --git a/net/disk_cache/rankings.cc b/net/disk_cache/rankings.cc
index 3644932..12ccdd6 100644
--- a/net/disk_cache/rankings.cc
+++ b/net/disk_cache/rankings.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -508,6 +508,15 @@ bool Rankings::SanityCheck(CacheRankingsBlock* node, bool from_list) {
   if ((node->address().value() == data->next) && !IsTail(data->next, &list))
     return false;
 
+  if (!data->next && !data->prev)
+    return true;
+
+  Addr next_addr(data->next);
+  Addr prev_addr(data->prev);
+  if (!next_addr.SanityCheck() || next_addr.file_type() != RANKINGS ||
+      !prev_addr.SanityCheck() || prev_addr.file_type() != RANKINGS)
+    return false;
+
   return true;
 }