diff options
| author | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-03 01:04:55 +0000 |
|---|---|---|
| committer | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-03 01:04:55 +0000 |
| commit | df0c0672637d8958827c16522790c0c50714eff9 (patch) | |
| tree | 34648839ab5983000212a32f7853f5399b6376aa /sandbox | |
| parent | 1c61fe00d0474a0eb7d78a9b680ce3aacd6216d7 (diff) | |
| download | chromium_src-df0c0672637d8958827c16522790c0c50714eff9.zip chromium_src-df0c0672637d8958827c16522790c0c50714eff9.tar.gz chromium_src-df0c0672637d8958827c16522790c0c50714eff9.tar.bz2 | |
Sandbox: Verify that members of TargetProcess are valid before freeing them.
SpawnCleanup may trigger the destruction of a partially created TargetProcess.
BUG=139898
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10831133
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149763 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/win/src/target_process.cc | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/sandbox/win/src/target_process.cc b/sandbox/win/src/target_process.cc index 601d80b..074a483 100644 --- a/sandbox/win/src/target_process.cc +++ b/sandbox/win/src/target_process.cc @@ -106,16 +106,19 @@ TargetProcess::~TargetProcess() { // it. http://b/893891 // For now, this wait is there only to do a best effort to prevent some leaks // from showing up in purify. - ::WaitForSingleObject(sandbox_process_info_.process_handle(), 50); - if (!::GetExitCodeProcess(sandbox_process_info_.process_handle(), - &exit_code) || (STILL_ACTIVE == exit_code)) { - // It is an error to destroy this object while the target process is still - // alive because we need to destroy the IPC subsystem and cannot risk to - // have an IPC reach us after this point. - shared_section_.Take(); - SharedMemIPCServer* server = ipc_server_.release(); - sandbox_process_info_.TakeProcessHandle(); - return; + if (sandbox_process_info_.IsValid()) { + ::WaitForSingleObject(sandbox_process_info_.process_handle(), 50); + if (!::GetExitCodeProcess(sandbox_process_info_.process_handle(), + &exit_code) || (STILL_ACTIVE == exit_code)) { + // It is an error to destroy this object while the target process is still + // alive because we need to destroy the IPC subsystem and cannot risk to + // have an IPC reach us after this point. + if (shared_section_.IsValid()) + shared_section_.Take(); + SharedMemIPCServer* server = ipc_server_.release(); + sandbox_process_info_.TakeProcessHandle(); + return; + } } // ipc_server_ references our process handle, so make sure the former is shut |