Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(57)

Side by Side Diff: runtime/bin/process.cc

Issue 10690160: Guard against integer overflow in process constructor. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 #include "bin/dartutils.h" 5 #include "bin/dartutils.h"
6 #include "bin/process.h" 6 #include "bin/process.h"
7 7
8 #include "include/dart_api.h" 8 #include "include/dart_api.h"
9 9
10 // Extract an array of C strings from a list of Dart strings. 10 // Extract an array of C strings from a list of Dart strings.
11 static char** ExtractCStringList(Dart_Handle strings, 11 static char** ExtractCStringList(Dart_Handle strings,
12 Dart_Handle status_handle, 12 Dart_Handle status_handle,
13 const char* error_msg, 13 const char* error_msg,
14 intptr_t* length) { 14 intptr_t* length) {
15 static const intptr_t kMaxArgumentListLength = 1024 * 1024;
15 ASSERT(Dart_IsList(strings)); 16 ASSERT(Dart_IsList(strings));
16 intptr_t len = 0; 17 intptr_t len = 0;
17 Dart_Handle result = Dart_ListLength(strings, &len); 18 Dart_Handle result = Dart_ListLength(strings, &len);
18 if (Dart_IsError(result)) { 19 if (Dart_IsError(result)) {
19 Dart_PropagateError(result); 20 Dart_PropagateError(result);
20 } 21 }
22 // Protect against user-defined list implementations that can have
23 // arbitrary length.
24 if (len < 0 || len > kMaxArgumentListLength) {
25 DartUtils::SetIntegerField(status_handle, "_errorCode", 0);
26 DartUtils::SetStringField(
27 status_handle, "_errorMessage", "Max argument list length exceeded");
28 return NULL;
29 }
21 *length = len; 30 *length = len;
22 char** string_args = new char*[len]; 31 char** string_args = new char*[len];
23 for (int i = 0; i < len; i++) { 32 for (int i = 0; i < len; i++) {
24 Dart_Handle arg = Dart_ListGetAt(strings, i); 33 Dart_Handle arg = Dart_ListGetAt(strings, i);
25 if (Dart_IsError(arg)) { 34 if (Dart_IsError(arg)) {
26 delete[] string_args; 35 delete[] string_args;
27 Dart_PropagateError(arg); 36 Dart_PropagateError(arg);
28 } 37 }
29 if (!Dart_IsString(arg)) { 38 if (!Dart_IsString(arg)) {
30 DartUtils::SetIntegerField(status_handle, "_errorCode", 0); 39 DartUtils::SetIntegerField(status_handle, "_errorCode", 0);
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
145 154
146 155
147 void FUNCTION_NAME(Process_Kill)(Dart_NativeArguments args) { 156 void FUNCTION_NAME(Process_Kill)(Dart_NativeArguments args) {
148 Dart_EnterScope(); 157 Dart_EnterScope();
149 intptr_t pid = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 1)); 158 intptr_t pid = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 1));
150 int signal = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 2)); 159 int signal = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 2));
151 bool success = Process::Kill(pid, signal); 160 bool success = Process::Kill(pid, signal);
152 Dart_SetReturnValue(args, Dart_NewBoolean(success)); 161 Dart_SetReturnValue(args, Dart_NewBoolean(success));
153 Dart_ExitScope(); 162 Dart_ExitScope();
154 } 163 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698