diff options
| author | luken@chromium.org <luken@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-05 02:12:35 +0000 |
|---|---|---|
| committer | luken@chromium.org <luken@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-05 02:12:35 +0000 |
| commit | 7b985f4e7fa7eda966f0ff195bc2692de51f2698 (patch) | |
| tree | 2ea17b8e11feeaa7c5bc5d99fd33583e6705d550 /sandbox | |
| parent | 79b8d01c3ed1e600032edc5d066a2575377baf38 (diff) | |
| download | chromium_src-7b985f4e7fa7eda966f0ff195bc2692de51f2698.zip chromium_src-7b985f4e7fa7eda966f0ff195bc2692de51f2698.tar.gz chromium_src-7b985f4e7fa7eda966f0ff195bc2692de51f2698.tar.bz2 | |
refactor ResolveNTFunctionPtr
makes access to ntdll thread-safe
removes retry/sleep loop
BUG=11789
Test=Chrome loads on Windows without crashing
Review URL: https://codereview.chromium.org/185063003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254921 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/win/src/win_utils.cc | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/sandbox/win/src/win_utils.cc b/sandbox/win/src/win_utils.cc index d24db9c..ea68c07 100644 --- a/sandbox/win/src/win_utils.cc +++ b/sandbox/win/src/win_utils.cc @@ -7,6 +7,7 @@ #include <map> #include "base/memory/scoped_ptr.h" +#include "base/win/pe_image.h" #include "sandbox/win/src/internal_types.h" #include "sandbox/win/src/nt_internals.h" #include "sandbox/win/src/sandbox_nt_util.h" @@ -299,26 +300,22 @@ bool WriteProtectedChildMemory(HANDLE child_process, void* address, }; // namespace sandbox -// TODO(jschuh): http://crbug.com/11789 -// I'm guessing we have a race where some "security" software is messing -// with ntdll/imports underneath us. So, we retry a few times, and in the -// worst case we sleep briefly before a few more attempts. (Normally sleeping -// would be very bad, but it's better than crashing in this case.) void ResolveNTFunctionPtr(const char* name, void* ptr) { - const int max_tries = 5; - const int sleep_threshold = 2; + static volatile HMODULE ntdll = NULL; - static HMODULE ntdll = ::GetModuleHandle(sandbox::kNtdllName); + if (!ntdll) { + HMODULE ntdll_local = ::GetModuleHandle(sandbox::kNtdllName); + // Use PEImage to sanity-check that we have a valid ntdll handle. + base::win::PEImage ntdll_peimage(ntdll_local); + CHECK_NT(ntdll_peimage.VerifyMagic()); + // Race-safe way to set static ntdll. + ::InterlockedCompareExchangePointer( + reinterpret_cast<PVOID volatile*>(&ntdll), ntdll_local, NULL); - FARPROC* function_ptr = reinterpret_cast<FARPROC*>(ptr); - *function_ptr = ::GetProcAddress(ntdll, name); - - for (int tries = 1; !(*function_ptr) && tries < max_tries; ++tries) { - if (tries >= sleep_threshold) - ::Sleep(1); - ntdll = ::GetModuleHandle(sandbox::kNtdllName); - *function_ptr = ::GetProcAddress(ntdll, name); } + CHECK_NT(ntdll); + FARPROC* function_ptr = reinterpret_cast<FARPROC*>(ptr); + *function_ptr = ::GetProcAddress(ntdll, name); CHECK_NT(*function_ptr); } |