summaryrefslogtreecommitdiffstats
path: root/chrome
diff options
context:
space:
mode:
Diffstat (limited to 'chrome')
-rw-r--r--chrome/browser/renderer_host/render_sandbox_host_linux.cc15
1 files changed, 12 insertions, 3 deletions
diff --git a/chrome/browser/renderer_host/render_sandbox_host_linux.cc b/chrome/browser/renderer_host/render_sandbox_host_linux.cc
index f1c3b03..2e89799 100644
--- a/chrome/browser/renderer_host/render_sandbox_host_linux.cc
+++ b/chrome/browser/renderer_host/render_sandbox_host_linux.cc
@@ -100,11 +100,20 @@ class SandboxIPCProcess {
void HandleRequestFromRenderer(int fd) {
std::vector<int> fds;
- static const unsigned kMaxMessageLength = 2048;
- char buf[kMaxMessageLength];
+
+ // A FontConfigIPC::METHOD_MATCH message could be kMaxFontFamilyLength
+ // bytes long (this is the largest message type).
+ // 128 bytes padding are necessary so recvmsg() does not return MSG_TRUNC
+ // error for a maximum length message.
+ char buf[FontConfigInterface::kMaxFontFamilyLength + 128];
+
const ssize_t len = base::RecvMsg(fd, buf, sizeof(buf), &fds);
- if (len == -1)
+ if (len == -1) {
+ // TODO: should send an error reply, or the sender might block forever.
+ NOTREACHED()
+ << "Sandbox host message is larger than kMaxFontFamilyLength";
return;
+ }
if (fds.size() == 0)
return;
generated by cgit v1.1 at 2025-10-13 16:28:33 +0000