Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(550)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/win/src/target_process.cc

Issue 10831133: Sandbox: Verify that members of TargetProcess are valid before freeing them. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/win/src/target_process.h" 5 #include "sandbox/win/src/target_process.h"
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "base/memory/scoped_ptr.h" 8 #include "base/memory/scoped_ptr.h"
9 #include "base/win/pe_image.h" 9 #include "base/win/pe_image.h"
10 #include "base/win/windows_version.h" 10 #include "base/win/windows_version.h"
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 TargetProcess::~TargetProcess() { 99 TargetProcess::~TargetProcess() {
100 DWORD exit_code = 0; 100 DWORD exit_code = 0;
101 // Give a chance to the process to die. In most cases the JOB_KILL_ON_CLOSE 101 // Give a chance to the process to die. In most cases the JOB_KILL_ON_CLOSE
102 // will take effect only when the context changes. As far as the testing went, 102 // will take effect only when the context changes. As far as the testing went,
103 // this wait was enough to switch context and kill the processes in the job. 103 // this wait was enough to switch context and kill the processes in the job.
104 // If this process is already dead, the function will return without waiting. 104 // If this process is already dead, the function will return without waiting.
105 // TODO(nsylvain): If the process is still alive at the end, we should kill 105 // TODO(nsylvain): If the process is still alive at the end, we should kill
106 // it. http://b/893891 106 // it. http://b/893891
107 // For now, this wait is there only to do a best effort to prevent some leaks 107 // For now, this wait is there only to do a best effort to prevent some leaks
108 // from showing up in purify. 108 // from showing up in purify.
109 ::WaitForSingleObject(sandbox_process_info_.process_handle(), 50); 109 if (sandbox_process_info_.IsValid()) {
110 if (!::GetExitCodeProcess(sandbox_process_info_.process_handle(), 110 ::WaitForSingleObject(sandbox_process_info_.process_handle(), 50);
111 &exit_code) || (STILL_ACTIVE == exit_code)) { 111 if (!::GetExitCodeProcess(sandbox_process_info_.process_handle(),
112 // It is an error to destroy this object while the target process is still 112 &exit_code) || (STILL_ACTIVE == exit_code)) {
113 // alive because we need to destroy the IPC subsystem and cannot risk to 113 // It is an error to destroy this object while the target process is still
114 // have an IPC reach us after this point. 114 // alive because we need to destroy the IPC subsystem and cannot risk to
115 shared_section_.Take(); 115 // have an IPC reach us after this point.
116 SharedMemIPCServer* server = ipc_server_.release(); 116 if (shared_section_.IsValid())
117 sandbox_process_info_.TakeProcessHandle(); 117 shared_section_.Take();
118 return; 118 SharedMemIPCServer* server = ipc_server_.release();
119 sandbox_process_info_.TakeProcessHandle();
120 return;
121 }
119 } 122 }
120 123
121 // ipc_server_ references our process handle, so make sure the former is shut 124 // ipc_server_ references our process handle, so make sure the former is shut
122 // down before the latter is closed (by ScopedProcessInformation). 125 // down before the latter is closed (by ScopedProcessInformation).
123 ipc_server_.reset(); 126 ipc_server_.reset();
124 } 127 }
125 128
126 // Creates the target (child) process suspended and assigns it to the job 129 // Creates the target (child) process suspended and assigns it to the job
127 // object. 130 // object.
128 DWORD TargetProcess::Create(const wchar_t* exe_path, 131 DWORD TargetProcess::Create(const wchar_t* exe_path,
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after
346 349
347 350
348 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) { 351 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) {
349 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL); 352 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL);
350 target->sandbox_process_info_.Receive()->hProcess = process; 353 target->sandbox_process_info_.Receive()->hProcess = process;
351 target->base_address_ = base_address; 354 target->base_address_ = base_address;
352 return target; 355 return target;
353 } 356 }
354 357
355 } // namespace sandbox 358 } // namespace sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698