Introduced check to ensure that PAK files contain untruncated headers.

See bug for crash report details.

BUG=95119
TEST=ui_unittests:DataPackTest.LoadFileWithTruncatedHeader


Review URL: http://codereview.chromium.org/7830025

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@99406 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 18 insertions, 0 deletions

diff --git a/ui/base/resource/data_pack.cc b/ui/base/resource/data_pack.cc
index 1fcdfe1..c4b1594 100644
--- a/ui/base/resource/data_pack.cc
+++ b/ui/base/resource/data_pack.cc
@@ -75,6 +75,13 @@ bool DataPack::Load(const FilePath& path) {
     return false;
   }
 
+  // Sanity check the header of the file.
+  if (kHeaderLength > mmap_->length()) {
+    DLOG(ERROR) << "Data pack file corruption: incomplete file header.";
+    mmap_.reset();
+    return false;
+  }
+
   // Parse the header of the file.
   // First uint32: version; second: resource count.
   const uint32* ptr = reinterpret_cast<const uint32*>(mmap_->data());
diff --git a/ui/base/resource/data_pack_unittest.cc b/ui/base/resource/data_pack_unittest.cc
index 0f48097..032196f 100644
--- a/ui/base/resource/data_pack_unittest.cc
+++ b/ui/base/resource/data_pack_unittest.cc
@@ -37,6 +37,16 @@ TEST(DataPackTest, Load) {
   ASSERT_FALSE(pack.GetStringPiece(140, &data));
 }
 
+TEST(DataPackTest, LoadFileWithTruncatedHeader) {
+  FilePath data_path;
+  PathService::Get(base::DIR_SOURCE_ROOT, &data_path);
+  data_path = data_path.Append(FILE_PATH_LITERAL(
+      "ui/base/test/data/data_pack_unittest/truncated-header.pak"));
+
+  DataPack pack;
+  ASSERT_FALSE(pack.Load(data_path));
+}
+
 TEST(DataPackTest, Write) {
   ScopedTempDir dir;
   ASSERT_TRUE(dir.CreateUniqueTempDir());
diff --git a/ui/base/test/data/data_pack_unittest/truncated-header.pak b/ui/base/test/data/data_pack_unittest/truncated-header.pak
new file mode 100644
index 0000000..3829870
--- /dev/null
+++ b/ui/base/test/data/data_pack_unittest/truncated-header.pak
@@ -0,0 +1 @@
+42.