From 69747cd586c65d34da6e31d1f6da787db864cbe6 Mon Sep 17 00:00:00 2001 From: "mattm@chromium.org" Date: Fri, 7 Aug 2009 20:43:20 +0000 Subject: Check blockfile size before attempting to read the header. Reading past the last page of a mmapped file will SIGBUS. BUG=18174 TEST=truncate Default/Cache/data_* to zero bytes, launch chrome, try to load a website. It shouldn't crash. Review URL: http://codereview.chromium.org/164132 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22781 0039d316-1c4b-4281-b951-d872f2087c98 --- net/disk_cache/block_files.cc | 6 ++++++ net/disk_cache/block_files_unittest.cc | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+) (limited to 'net') diff --git a/net/disk_cache/block_files.cc b/net/disk_cache/block_files.cc index cd7e5cf..0e9eb04 100644 --- a/net/disk_cache/block_files.cc +++ b/net/disk_cache/block_files.cc @@ -247,6 +247,12 @@ bool BlockFiles::OpenBlockFile(int index) { return false; } + if (file->GetLength() < static_cast(kBlockHeaderSize)) { + LOG(ERROR) << "File too small " << name; + file->Release(); + return false; + } + block_files_[index] = file; BlockFileHeader* header = reinterpret_cast(file->buffer()); diff --git a/net/disk_cache/block_files_unittest.cc b/net/disk_cache/block_files_unittest.cc index b4ce107..e3ca651 100644 --- a/net/disk_cache/block_files_unittest.cc +++ b/net/disk_cache/block_files_unittest.cc @@ -153,3 +153,23 @@ TEST_F(DiskCacheTest, BlockFiles_Recover) { EXPECT_EQ(empty_3, header->empty[2]); EXPECT_EQ(empty_4, header->empty[3]); } + +// Handling of truncated files. +TEST_F(DiskCacheTest, BlockFiles_ZeroSizeFile) { + std::wstring path = GetCachePath(); + ASSERT_TRUE(DeleteCache(path.c_str())); + ASSERT_TRUE(file_util::CreateDirectory(path)); + + disk_cache::BlockFiles files(path); + ASSERT_TRUE(files.Init(true)); + + // Truncate one of the files. + disk_cache::Addr address; + EXPECT_TRUE(files.CreateBlock(disk_cache::RANKINGS, 4, &address)); + disk_cache::MappedFile* file = files.GetFile(address); + file->SetLength(0); + files.CloseFiles(); + + // Initializing should fail, not crash. + ASSERT_FALSE(files.Init(false)); +} -- cgit v1.1