diff options
| author | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-02 00:52:21 +0000 |
|---|---|---|
| committer | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-02 00:52:21 +0000 |
| commit | 2408380ce8f8b90dd577a0403958bb292aec0d68 (patch) | |
| tree | 0d4fd40e93b9985832be7dccc9ac5f09584b602b /net/disk_cache | |
| parent | 347867b7b712fb62a5340da298b69f30e3443c49 (diff) | |
| download | chromium_src-2408380ce8f8b90dd577a0403958bb292aec0d68.zip chromium_src-2408380ce8f8b90dd577a0403958bb292aec0d68.tar.gz chromium_src-2408380ce8f8b90dd577a0403958bb292aec0d68.tar.bz2 | |
Fixing a crash in disk_cache::SparseControl::UpdateRange()
TEST=net_unittests --gtest_filter=DiskCacheEntryTest::PArtialSparseEntry
If we do a partial write with the following criteria, disk_cache::SparseControl
will crash:
1. first_byte and last_byte in the same 1KB block
2. first_byte % 1024 != 0
3. (first_byte >> 10) % 32 == 31
Review URL: http://codereview.chromium.org/176067
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25134 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/disk_cache')
| -rw-r--r-- | net/disk_cache/bitmap.cc | 2 | ||||
| -rw-r--r-- | net/disk_cache/entry_unittest.cc | 7 | ||||
| -rw-r--r-- | net/disk_cache/sparse_control.cc | 7 |
3 files changed, 15 insertions, 1 deletions
diff --git a/net/disk_cache/bitmap.cc b/net/disk_cache/bitmap.cc index 79606c5..e025090 100644 --- a/net/disk_cache/bitmap.cc +++ b/net/disk_cache/bitmap.cc @@ -107,6 +107,7 @@ void Bitmap::SetMap(const uint32* map, int size) { void Bitmap::SetWordBits(int start, int len, bool value) { DCHECK_LT(len, kIntBits); + DCHECK_GE(len, 0); if (!len) return; @@ -123,6 +124,7 @@ void Bitmap::SetWordBits(int start, int len, bool value) { } void Bitmap::SetRange(int begin, int end, bool value) { + DCHECK_LE(begin, end); int start_offset = begin & (kIntBits - 1); if (start_offset) { // Set the bits in the first word. diff --git a/net/disk_cache/entry_unittest.cc b/net/disk_cache/entry_unittest.cc index 1c81995..f65f593 100644 --- a/net/disk_cache/entry_unittest.cc +++ b/net/disk_cache/entry_unittest.cc @@ -1216,12 +1216,17 @@ void DiskCacheEntryTest::PartialSparseEntry() { // We should be able to deal with IO that is not aligned to the block size // of a sparse entry, at least to write a big range without leaving holes. const int kSize = 4 * 1024; + const int kSmallSize = 128; scoped_refptr<net::IOBuffer> buf1 = new net::IOBuffer(kSize); CacheTestFillBuffer(buf1->data(), kSize, false); - // The first write is just to extend the entry. + // The first write is just to extend the entry. The third write occupies + // a 1KB block partially, it may not be written internally depending on the + // implementation. EXPECT_EQ(kSize, entry->WriteSparseData(20000, buf1, kSize, NULL)); EXPECT_EQ(kSize, entry->WriteSparseData(500, buf1, kSize, NULL)); + EXPECT_EQ(kSmallSize, + entry->WriteSparseData(1080321, buf1, kSmallSize, NULL)); entry->Close(); ASSERT_TRUE(cache_->OpenEntry(key, &entry)); diff --git a/net/disk_cache/sparse_control.cc b/net/disk_cache/sparse_control.cc index 66096a2..d2e66d9 100644 --- a/net/disk_cache/sparse_control.cc +++ b/net/disk_cache/sparse_control.cc @@ -506,6 +506,13 @@ void SparseControl::UpdateRange(int result) { int last_bit = (child_offset_ + result) >> 10; block_offset = (child_offset_ + result) & (kBlockSize - 1); + // This condition will hit with the following criteria: + // 1. The first byte doesn't follow the last write. + // 2. The first byte is in the middle of a block. + // 3. The first byte and the last byte are in the same block. + if (first_bit > last_bit) + return; + if (block_offset && !child_map_.Get(last_bit)) { // The last block is not completely filled; save it for later. child_data_.header.last_block = last_bit; |