Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(334)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ipc/ipc_message_utils.cc

Issue 11416115: Verify lfFaceName is NUL terminated in IPC deserializer. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "ipc/ipc_message_utils.h" 5 #include "ipc/ipc_message_utils.h"
6 6
7 #include "base/file_path.h" 7 #include "base/file_path.h"
8 #include "base/json/json_writer.h" 8 #include "base/json/json_writer.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "base/nullable_string16.h" 10 #include "base/nullable_string16.h"
11 #include "base/string_number_conversions.h" 11 #include "base/string_number_conversions.h"
12 #include "base/time.h" 12 #include "base/time.h"
13 #include "base/utf_string_conversions.h" 13 #include "base/utf_string_conversions.h"
14 #include "base/values.h" 14 #include "base/values.h"
15 #include "ipc/ipc_channel_handle.h" 15 #include "ipc/ipc_channel_handle.h"
16 16
17 #if defined(OS_POSIX) 17 #if defined(OS_POSIX)
18 #include "ipc/file_descriptor_set_posix.h" 18 #include "ipc/file_descriptor_set_posix.h"
19 #elif defined(OS_WIN)
20 #include <tchar.h>
19 #endif 21 #endif
20 22
21 namespace IPC { 23 namespace IPC {
22 24
23 namespace { 25 namespace {
24 26
25 const int kMaxRecursionDepth = 100; 27 const int kMaxRecursionDepth = 100;
26 28
27 template<typename CharType> 29 template<typename CharType>
28 void LogBytes(const std::vector<CharType>& data, std::string* out) { 30 void LogBytes(const std::vector<CharType>& data, std::string* out) {
(...skipping 772 matching lines...) Expand 10 before | Expand all | Expand 10 after
801 } 803 }
802 804
803 void ParamTraits<LOGFONT>::Write(Message* m, const param_type& p) { 805 void ParamTraits<LOGFONT>::Write(Message* m, const param_type& p) {
804 m->WriteData(reinterpret_cast<const char*>(&p), sizeof(LOGFONT)); 806 m->WriteData(reinterpret_cast<const char*>(&p), sizeof(LOGFONT));
805 } 807 }
806 808
807 bool ParamTraits<LOGFONT>::Read(const Message* m, PickleIterator* iter, 809 bool ParamTraits<LOGFONT>::Read(const Message* m, PickleIterator* iter,
808 param_type* r) { 810 param_type* r) {
809 const char *data; 811 const char *data;
810 int data_size = 0; 812 int data_size = 0;
811 bool result = m->ReadData(iter, &data, &data_size); 813 if (m->ReadData(iter, &data, &data_size) && data_size == sizeof(LOGFONT)) {
812 if (result && data_size == sizeof(LOGFONT)) { 814 const LOGFONT *font = reinterpret_cast<LOGFONT*>(const_cast<char*>(data));
813 memcpy(r, data, sizeof(LOGFONT)); 815 if (_tcsnlen(font->lfFaceName, LF_FACESIZE) < LF_FACESIZE) {
814 } else { 816 memcpy(r, data, sizeof(LOGFONT));
815 result = false; 817 return true;
816 NOTREACHED(); 818 }
817 } 819 }
818 820
819 return result; 821 NOTREACHED();
822 return false;
820 } 823 }
821 824
822 void ParamTraits<LOGFONT>::Log(const param_type& p, std::string* l) { 825 void ParamTraits<LOGFONT>::Log(const param_type& p, std::string* l) {
823 l->append(StringPrintf("<LOGFONT>")); 826 l->append(StringPrintf("<LOGFONT>"));
824 } 827 }
825 828
826 void ParamTraits<MSG>::Write(Message* m, const param_type& p) { 829 void ParamTraits<MSG>::Write(Message* m, const param_type& p) {
827 m->WriteData(reinterpret_cast<const char*>(&p), sizeof(MSG)); 830 m->WriteData(reinterpret_cast<const char*>(&p), sizeof(MSG));
828 } 831 }
829 832
(...skipping 12 matching lines...) Expand all
842 return result; 845 return result;
843 } 846 }
844 847
845 void ParamTraits<MSG>::Log(const param_type& p, std::string* l) { 848 void ParamTraits<MSG>::Log(const param_type& p, std::string* l) {
846 l->append("<MSG>"); 849 l->append("<MSG>");
847 } 850 }
848 851
849 #endif // OS_WIN 852 #endif // OS_WIN
850 853
851 } // namespace IPC 854 } // namespace IPC
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698