Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(811)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ui/webui/extensions/extension_icon_source.cc

Issue 11576030: Add size checks to extension icons to prevent out of memory conditions (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/ui/webui/favicon_source.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/extensions/extension_icon_source.h" 5 #include "chrome/browser/ui/webui/extensions/extension_icon_source.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/memory/ref_counted_memory.h" 9 #include "base/memory/ref_counted_memory.h"
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after
264 if (path_lower.empty() || path_parts.size() < 3) 264 if (path_lower.empty() || path_parts.size() < 3)
265 return false; 265 return false;
266 266
267 std::string size_param = path_parts.at(1); 267 std::string size_param = path_parts.at(1);
268 std::string match_param = path_parts.at(2); 268 std::string match_param = path_parts.at(2);
269 match_param = match_param.substr(0, match_param.find('?')); 269 match_param = match_param.substr(0, match_param.find('?'));
270 270
271 int size; 271 int size;
272 if (!base::StringToInt(size_param, &size)) 272 if (!base::StringToInt(size_param, &size))
273 return false; 273 return false;
274 if (size <= 0) 274 if (size <= 0 || size > extension_misc::EXTENSION_ICON_GIGANTOR)
275 return false; 275 return false;
276 276
277 ExtensionIconSet::MatchType match_type; 277 ExtensionIconSet::MatchType match_type;
278 int match_num; 278 int match_num;
279 if (!base::StringToInt(match_param, &match_num)) 279 if (!base::StringToInt(match_param, &match_num))
280 return false; 280 return false;
281 match_type = static_cast<ExtensionIconSet::MatchType>(match_num); 281 match_type = static_cast<ExtensionIconSet::MatchType>(match_num);
282 if (!(match_type == ExtensionIconSet::MATCH_EXACTLY || 282 if (!(match_type == ExtensionIconSet::MATCH_EXACTLY ||
283 match_type == ExtensionIconSet::MATCH_SMALLER || 283 match_type == ExtensionIconSet::MATCH_SMALLER ||
284 match_type == ExtensionIconSet::MATCH_BIGGER)) 284 match_type == ExtensionIconSet::MATCH_BIGGER))
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
326 326
327 void ExtensionIconSource::ClearData(int request_id) { 327 void ExtensionIconSource::ClearData(int request_id) {
328 std::map<int, ExtensionIconRequest*>::iterator i = 328 std::map<int, ExtensionIconRequest*>::iterator i =
329 request_map_.find(request_id); 329 request_map_.find(request_id);
330 if (i == request_map_.end()) 330 if (i == request_map_.end())
331 return; 331 return;
332 332
333 delete i->second; 333 delete i->second;
334 request_map_.erase(i); 334 request_map_.erase(i);
335 } 335 }
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/ui/webui/favicon_source.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698