diff options
| -rw-r--r-- | chrome/browser/renderer_host/render_sandbox_host_linux.cc | 15 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_direct.cpp | 3 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_impl.h | 5 | ||||
| -rw-r--r-- | skia/ext/SkFontHost_fontconfig_ipc.cpp | 3 |
4 files changed, 22 insertions, 4 deletions
diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc index f1c3b03..2e89799 100644 --- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc +++ b/chrome/browser/renderer_host/render_sandbox_host_linux.cc @@ -100,11 +100,20 @@ class SandboxIPCProcess { void HandleRequestFromRenderer(int fd) { std::vector<int> fds; - static const unsigned kMaxMessageLength = 2048; - char buf[kMaxMessageLength]; + + // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength + // bytes long (this is the largest message type). + // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC + // error for a maximum length message. + char buf[FontConfigInterface::kMaxFontFamilyLength + 128]; + const ssize_t len = base::RecvMsg(fd, buf, sizeof(buf), &fds); - if (len == -1) + if (len == -1) { + // TODO: should send an error reply, or the sender might block forever. + NOTREACHED() + << "Sandbox host message is larger than kMaxFontFamilyLength"; return; + } if (fds.size() == 0) return; diff --git a/skia/ext/SkFontHost_fontconfig_direct.cpp b/skia/ext/SkFontHost_fontconfig_direct.cpp index 3f19fc7..9434f51 100644 --- a/skia/ext/SkFontHost_fontconfig_direct.cpp +++ b/skia/ext/SkFontHost_fontconfig_direct.cpp @@ -46,6 +46,9 @@ bool FontConfigDirect::Match(std::string* result_family, bool fileid_valid, unsigned fileid, const std::string& family, bool* is_bold, bool* is_italic) { + if (family.length() > kMaxFontFamilyLength) + return false; + SkAutoMutexAcquire ac(mutex_); FcPattern* pattern = FcPatternCreate(); diff --git a/skia/ext/SkFontHost_fontconfig_impl.h b/skia/ext/SkFontHost_fontconfig_impl.h index f3b4b41..d2f1d5d 100644 --- a/skia/ext/SkFontHost_fontconfig_impl.h +++ b/skia/ext/SkFontHost_fontconfig_impl.h @@ -38,7 +38,8 @@ class FontConfigInterface { * @param fileid the fileid (as returned by this function) which we are * trying to match. * @param family (optional) the family of the font that we are trying to - * match. + * match. If the length of the |family| is greater then + * kMaxFontFamilyLength, this function should immediately return false. * @param is_bold (optional, set to NULL to ignore, in/out) * @param is_italic (optional, set to NULL to ignore, in/out) * @return true iff successful. @@ -55,6 +56,8 @@ class FontConfigInterface { /** Open a font file given the fileid as returned by Match */ virtual int Open(unsigned fileid) = 0; + + static const unsigned kMaxFontFamilyLength = 2048; }; #endif // FontConfigInterface_DEFINED diff --git a/skia/ext/SkFontHost_fontconfig_ipc.cpp b/skia/ext/SkFontHost_fontconfig_ipc.cpp index ada7bc9..01bd393 100644 --- a/skia/ext/SkFontHost_fontconfig_ipc.cpp +++ b/skia/ext/SkFontHost_fontconfig_ipc.cpp @@ -41,6 +41,9 @@ bool FontConfigIPC::Match(std::string* result_family, bool fileid_valid, unsigned fileid, const std::string& family, bool* is_bold, bool* is_italic) { + if (family.length() > kMaxFontFamilyLength) + return false; + Pickle request; request.WriteInt(METHOD_MATCH); request.WriteBool(fileid_valid); |