Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(808)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/policy/preg_parser_win.cc

Issue 23704008: Properly handle zero-sized fields in the PReg parser. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/policy/preg_parser_win_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/policy/preg_parser_win.h" 5 #include "chrome/browser/policy/preg_parser_win.h"
6 6
7 #include <windows.h> 7 #include <windows.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <iterator> 10 #include <iterator>
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 return -1; 57 return -1;
58 58
59 int result = **cursor | (*(*cursor + 1) << 8); 59 int result = **cursor | (*(*cursor + 1) << 8);
60 *cursor += sizeof(char16); 60 *cursor += sizeof(char16);
61 return result; 61 return result;
62 } 62 }
63 63
64 // Reads a fixed-size field from a PReg file. 64 // Reads a fixed-size field from a PReg file.
65 bool ReadFieldBinary(const uint8** cursor, 65 bool ReadFieldBinary(const uint8** cursor,
66 const uint8* end, 66 const uint8* end,
67 int size, 67 uint32 size,
68 uint8* data) { 68 uint8* data) {
69 if (!size) 69 if (size == 0)
70 return false; 70 return true;
71
71 const uint8* field_end = *cursor + size; 72 const uint8* field_end = *cursor + size;
72 if (field_end > end) 73 if (field_end <= *cursor || field_end > end)
Joao da Silva 2013/09/13 14:18:07 if this accepted "field_end == *cursor" then it wo
Mattias Nissler (ping if slow) 2013/09/13 14:40:24 The size == 0 check is here to handle the case of
73 return false; 74 return false;
74 std::copy(*cursor, field_end, data); 75 std::copy(*cursor, field_end, data);
75 *cursor = field_end; 76 *cursor = field_end;
76 return true; 77 return true;
77 } 78 }
78 79
79 bool ReadField32(const uint8** cursor, const uint8* end, uint32* data) { 80 bool ReadField32(const uint8** cursor, const uint8* end, uint32* data) {
80 uint32 value = 0; 81 uint32 value = 0;
81 if (!ReadFieldBinary(cursor, end, sizeof(uint32), 82 if (!ReadFieldBinary(cursor, end, sizeof(uint32),
82 reinterpret_cast<uint8*>(&value))) { 83 reinterpret_cast<uint8*>(&value))) {
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 } 297 }
297 298
298 LOG(ERROR) << "Error parsing " << file_path.value() << " at offset " 299 LOG(ERROR) << "Error parsing " << file_path.value() << " at offset "
299 << reinterpret_cast<const uint8*>(cursor - 1) - mapped_file.data(); 300 << reinterpret_cast<const uint8*>(cursor - 1) - mapped_file.data();
300 status->Add(POLICY_LOAD_STATUS_PARSE_ERROR); 301 status->Add(POLICY_LOAD_STATUS_PARSE_ERROR);
301 return false; 302 return false;
302 } 303 }
303 304
304 } // namespace preg_parser 305 } // namespace preg_parser
305 } // namespace policy 306 } // namespace policy
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/policy/preg_parser_win_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698