[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 224/311: Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers, handyman a=dmeehan

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser] 224/311: Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers, handyman a=dmeehan
From: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 26 Apr 2022 15:30:24 +0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Apr 2022 11:49:34 -0400
In-reply-to: <165098680003.17497.16319194026514133825@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <165098680003.17497.16319194026514133825@cupani.torproject.org>
Reply-to: Nika Layzell <nika@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWFXskkMYjQtaH1GIIId86Nw==

This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch geckoview-99.0.1-11.0-1
in repository tor-browser.

commit 13aa5f97acab39986f7000f8af461b35238576ee
Author: Nika Layzell <nika@xxxxxxxxxxxxxxx>
AuthorDate: Mon Mar 21 14:37:50 2022 +0000

    Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers,handyman a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D140097
---
 ipc/glue/Shmem.cpp | 10 ++++++++++
 ipc/glue/Shmem.h   |  7 -------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ipc/glue/Shmem.cpp b/ipc/glue/Shmem.cpp
index 74470ec3c883e..642ddbbcf0341 100644
--- a/ipc/glue/Shmem.cpp
+++ b/ipc/glue/Shmem.cpp
@@ -243,6 +243,9 @@ Shmem::Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
   mSize = static_cast<size_t>(header->mSize);
 
   size_t pageSize = SharedMemory::SystemPageSize();
+  MOZ_ASSERT(mSegment->Size() - (2 * pageSize) >= mSize,
+             "illegal size in shared memory segment");
+
   // transition into the "mapped" state by protecting the front and
   // back sentinels (which guard against buffer under/overflows)
   mSegment->Protect(frontSentinel, pageSize, RightsNone);
@@ -375,6 +378,13 @@ void Shmem::Dealloc(PrivateIPDLCaller, SharedMemory* aSegment) {
 
 #else  // !defined(DEBUG)
 
+Shmem::Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
+    : mSegment(aSegment), mData(aSegment->memory()), mSize(0), mId(aId) {
+  mSize = static_cast<size_t>(*PtrToSize(mSegment));
+  MOZ_RELEASE_ASSERT(mSegment->Size() - sizeof(uint32_t) >= mSize,
+                     "illegal size in shared memory segment");
+}
+
 // static
 already_AddRefed<Shmem::SharedMemory> Shmem::Alloc(PrivateIPDLCaller,
                                                    size_t aNBytes,
diff --git a/ipc/glue/Shmem.h b/ipc/glue/Shmem.h
index dec39f3cd6499..5ea73c7195569 100644
--- a/ipc/glue/Shmem.h
+++ b/ipc/glue/Shmem.h
@@ -85,14 +85,7 @@ class Shmem final {
 
   Shmem(const Shmem& aOther) = default;
 
-#if !defined(DEBUG)
-  Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
-      : mSegment(aSegment), mData(aSegment->memory()), mSize(0), mId(aId) {
-    mSize = static_cast<size_t>(*PtrToSize(mSegment));
-  }
-#else
   Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId);
-#endif
 
   ~Shmem() {
     // Shmem only holds a "weak ref" to the actual segment, which is

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor-browser] branch geckoview-99.0.1-11.0-1 created (now 9ca8e9110b2ba)
  - From: gitolite role

Prev by Author: [tor-commits] [tor] 03/03: Merge branch 'maint-0.4.6'
Next by Author: [tor-commits] [tor-browser] 35/69: Bug 31575: Replace Firefox Home (newtab) with about:tor
Previous by thread: [tor-commits] [tor-browser] 230/311: No bug - Tagging f599c2047f903791c344b54239d34d23871e96aa with DEVEDITION_99_0b7_RELEASE a=release CLOSED TREE DONTBUILD
Next by thread: [tor-commits] [tor-browser] 231/311: Bug 1758795: Also call GIFFT code when calling members on TimingDistributionMetric::Child. r=chutten a=dmeehan
Index(es):
- Author
- Thread