diff options
author | simonb <simonb@chromium.org> | 2015-01-08 09:40:44 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-01-08 17:41:40 +0000 |
commit | b20ced7b5460d61cb83013e871a9ab9789e11cf7 (patch) | |
tree | 9689efe68e0e2d0d3683d3180064bd8e489eb50e /third_party/android_crazy_linker | |
parent | 60e8018f8e429f5817036ca1bf36ec48b77d4dfb (diff) | |
download | chromium_src-b20ced7b5460d61cb83013e871a9ab9789e11cf7.zip chromium_src-b20ced7b5460d61cb83013e871a9ab9789e11cf7.tar.gz chromium_src-b20ced7b5460d61cb83013e871a9ab9789e11cf7.tar.bz2 |
Fix bug in code that grows the line reader buffer.
If buff_ is resized by realloc and did not originally point to
buff0_, then memcpy is called erroneously and with a byte count that
is larger than the size of buff0_. This is a bug.
Fix by removing buff0_ and replacing it with code that allocates
buff_ on object construction or reset, so that buff_ can safely
be realloc'ed in all circumstances.
BUG=444714
Review URL: https://codereview.chromium.org/845513002
Cr-Commit-Position: refs/heads/master@{#310528}
Diffstat (limited to 'third_party/android_crazy_linker')
3 files changed, 18 insertions, 22 deletions
diff --git a/third_party/android_crazy_linker/README.chromium b/third_party/android_crazy_linker/README.chromium index a5b452d..43f8877 100644 --- a/third_party/android_crazy_linker/README.chromium +++ b/third_party/android_crazy_linker/README.chromium @@ -66,3 +66,5 @@ Local Modifications: - Fix unit test crash caused by use of deleted data inside an unload callback. +- Fix for crbug/444714 (Chrome_Android: Crash Report - -1DB24FB5) + diff --git a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp index 8c63370..1efa1d7 100644 --- a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp +++ b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp @@ -13,30 +13,29 @@ namespace crazy { -LineReader::LineReader() : fd_(), buff_(buff0_) { - Reset(); - eof_ = true; +LineReader::LineReader() : fd_(), buff_(NULL) { + Reset(true); } -LineReader::LineReader(const char* path) : fd_(), buff_(buff0_) { Open(path); } +LineReader::LineReader(const char* path) : fd_(), buff_(NULL) { + Open(path); +} -LineReader::~LineReader() { Reset(); } +LineReader::~LineReader() { + ::free(buff_); +} void LineReader::Open(const char* path) { - Reset(); - eof_ = !fd_.OpenReadOnly(path); + Reset(!fd_.OpenReadOnly(path)); } -void LineReader::Reset() { - if (buff_ != buff0_) - ::free(buff_); - - eof_ = false; +void LineReader::Reset(bool eof) { + eof_ = eof; line_start_ = 0; line_len_ = 0; buff_size_ = 0; - buff_capacity_ = sizeof buff0_; - buff_ = buff0_; + buff_capacity_ = 128; + buff_ = static_cast<char*>(::realloc(buff_, buff_capacity_)); } bool LineReader::GetNextLine() { @@ -102,13 +101,9 @@ bool LineReader::GetNextLine() { // Before reading more data, grow the buffer if needed. if (buff_size_ == buff_capacity_) { - size_t new_capacity = buff_capacity_ * 2; - void* old_buff = (buff_ == buff0_) ? NULL : buff_; - buff_ = static_cast<char*>(::realloc(old_buff, new_capacity)); - if (old_buff != buff_) - ::memcpy(buff_, buff0_, buff_capacity_); + buff_capacity_ *= 2; + buff_ = static_cast<char*>(::realloc(buff_, buff_capacity_)); - buff_capacity_ = new_capacity; LLOG("%s: GROW buff_size=%d buff_capacity=%d '%.*s'\n", __FUNCTION__, buff_size_, diff --git a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.h b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.h index 0a77f29..fda9053 100644 --- a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.h +++ b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.h @@ -43,7 +43,7 @@ class LineReader { size_t length() const; private: - void Reset(); + void Reset(bool eof); FileDescriptor fd_; bool eof_; @@ -52,7 +52,6 @@ class LineReader { size_t buff_size_; size_t buff_capacity_; char* buff_; - char buff0_[128]; }; } // namespace crazy |