1 files changed, 6 insertions, 0 deletions

diff --git a/sandbox/src/crosscall_server.cc b/sandbox/src/crosscall_server.cc
index 3ed99c8..7c4542c 100644
--- a/sandbox/src/crosscall_server.cc
+++ b/sandbox/src/crosscall_server.cc
@@ -138,6 +138,12 @@ CrossCallParamsEx* CrossCallParamsEx::CreateFromBuffer(void* buffer_base,
     copied_params = reinterpret_cast<CrossCallParamsEx*>(backing_mem);
     memcpy(backing_mem, call_params, declared_size);
 
+    // Check params count in case it got changed right before the memcpy.
+    if (copied_params->GetParamsCount() != param_count) {
+      delete [] backing_mem;
+      return NULL;
+    }
+
   } __except(EXCEPTION_EXECUTE_HANDLER) {
     // In case of a windows exception we know it occurred while touching the
     // untrusted buffer so we bail out as is.