summaryrefslogtreecommitdiffstats
path: root/content/browser/fileapi
diff options
context:
space:
mode:
Diffstat (limited to 'content/browser/fileapi')
-rw-r--r--content/browser/fileapi/fileapi_message_filter.cc14
-rw-r--r--content/browser/fileapi/fileapi_message_filter.h2
2 files changed, 16 insertions, 0 deletions
diff --git a/content/browser/fileapi/fileapi_message_filter.cc b/content/browser/fileapi/fileapi_message_filter.cc
index 6d4e050..e5dad26 100644
--- a/content/browser/fileapi/fileapi_message_filter.cc
+++ b/content/browser/fileapi/fileapi_message_filter.cc
@@ -172,6 +172,11 @@ void FileAPIMessageFilter::UnregisterOperation(int request_id) {
FileAPIMessageFilter::~FileAPIMessageFilter() {}
+void FileAPIMessageFilter::BadMessageReceived() {
+ content::RecordAction(UserMetricsAction("BadMessageTerminate_FAMF"));
+ BrowserMessageFilter::BadMessageReceived();
+}
+
void FileAPIMessageFilter::OnOpen(
int request_id, const GURL& origin_url, fileapi::FileSystemType type,
int64 requested_size, bool create) {
@@ -463,12 +468,20 @@ void FileAPIMessageFilter::OnAppendBlobDataItem(
OnRemoveBlob(url);
return;
}
+ if (item.length == 0) {
+ BadMessageReceived();
+ return;
+ }
blob_storage_context_->controller()->AppendBlobDataItem(url, item);
}
void FileAPIMessageFilter::OnAppendSharedMemory(
const GURL& url, base::SharedMemoryHandle handle, size_t buffer_size) {
DCHECK(base::SharedMemory::IsHandleValid(handle));
+ if (!buffer_size) {
+ BadMessageReceived();
+ return;
+ }
#if defined(OS_WIN)
base::SharedMemory shared_memory(handle, true, peer_handle());
#else
@@ -693,3 +706,4 @@ FileSystemOperationInterface* FileAPIMessageFilter::GetNewOperation(
operations_.AddWithID(operation, request_id);
return operation;
}
+
diff --git a/content/browser/fileapi/fileapi_message_filter.h b/content/browser/fileapi/fileapi_message_filter.h
index c6d94ed9..88b8197 100644
--- a/content/browser/fileapi/fileapi_message_filter.h
+++ b/content/browser/fileapi/fileapi_message_filter.h
@@ -68,6 +68,8 @@ class FileAPIMessageFilter : public content::BrowserMessageFilter {
protected:
virtual ~FileAPIMessageFilter();
+ virtual void BadMessageReceived() OVERRIDE;
+
private:
void OnOpen(int request_id,
const GURL& origin_url,
generated by cgit v1.1 at 2025-02-09 20:32:12 +0000