diff options
| author | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-22 23:38:14 +0000 |
|---|---|---|
| committer | cpu@chromium.org <cpu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-22 23:38:14 +0000 |
| commit | e9b676190a37d4f1f57cc6b9f2f3bad634449101 (patch) | |
| tree | 814cdb0287b1fece49be866bbc8a221f0106ed0b /sandbox/src/crosscall_params.h | |
| parent | da17b37430e97d518b7d640b98831c8e338b478c (diff) | |
| download | chromium_src-e9b676190a37d4f1f57cc6b9f2f3bad634449101.zip chromium_src-e9b676190a37d4f1f57cc6b9f2f3bad634449101.tar.gz chromium_src-e9b676190a37d4f1f57cc6b9f2f3bad634449101.tar.bz2 | |
Fix integer overflow in sbox
BUG=32915
TEST= unit test included
Review URL: http://codereview.chromium.org/553061
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36923 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/src/crosscall_params.h')
| -rw-r--r-- | sandbox/src/crosscall_params.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sandbox/src/crosscall_params.h b/sandbox/src/crosscall_params.h index 5e562cc..f6de823 100644 --- a/sandbox/src/crosscall_params.h +++ b/sandbox/src/crosscall_params.h @@ -202,6 +202,13 @@ class ActualCallParams : public CrossCallParams { param_info_[0].offset_ = parameters_ - reinterpret_cast<char*>(this); } + // Testing-only constructor. Allows setting the |number_params| to a + // wrong value. + ActualCallParams(uint32 tag, uint32 number_params) + : CrossCallParams(tag, number_params) { + param_info_[0].offset_ = parameters_ - reinterpret_cast<char*>(this); + } + // Copies each paramter into the internal buffer. For each you must supply: // index: 0 for the first param, 1 for the next an so on bool CopyParamIn(size_t index, const void* parameter_address, size_t size, |