From 857218b6d36e1ead540c49c35330b50333085acb Mon Sep 17 00:00:00 2001
From: "cpu@google.com" <cpu@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 19 Sep 2008 21:53:21 +0000
Subject: Fix memory corruption when EAT patching in sandbox

Review URL: http://codereview.chromium.org/3174

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2425 0039d316-1c4b-4281-b951-d872f2087c98
---
 sandbox/src/interception_agent.cc | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'sandbox/src')

diff --git a/sandbox/src/interception_agent.cc b/sandbox/src/interception_agent.cc
index 61ca03a..eefac61 100644
--- a/sandbox/src/interception_agent.cc
+++ b/sandbox/src/interception_agent.cc
@@ -31,22 +31,22 @@ SANDBOX_INTERCEPT NtExports g_nt;
 SANDBOX_INTERCEPT SharedMemory* g_interceptions = NULL;
 
 InterceptionAgent* InterceptionAgent::GetInterceptionAgent() {
-  static InterceptionAgent* s_singleton_pointer = NULL;
-  if (!s_singleton_pointer) {
+  static InterceptionAgent* s_singleton = NULL;
+  if (!s_singleton) {
     if (!g_interceptions)
       return NULL;
 
-    size_t object_bytes = g_interceptions->num_intercepted_dlls * sizeof(void*);
-    s_singleton_pointer = reinterpret_cast<InterceptionAgent*>(
-                              new(NT_ALLOC) char[object_bytes]);
+    size_t array_bytes = g_interceptions->num_intercepted_dlls * sizeof(void*);
+    s_singleton = reinterpret_cast<InterceptionAgent*>(
+        new(NT_ALLOC) char[array_bytes + sizeof(InterceptionAgent)]);
 
-    bool success = s_singleton_pointer->Init(g_interceptions);
+    bool success = s_singleton->Init(g_interceptions);
     if (!success) {
-      operator delete(s_singleton_pointer, NT_ALLOC);
-      s_singleton_pointer = NULL;
+      operator delete(s_singleton, NT_ALLOC);
+      s_singleton = NULL;
     }
   }
-  return s_singleton_pointer;
+  return s_singleton;
 }
 
 bool InterceptionAgent::Init(SharedMemory* shared_memory) {
-- 
cgit v1.1