[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 56/76: Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers, handyman a=RyanVM

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser] 56/76: Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers, handyman a=RyanVM
From: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Mar 2022 20:40:24 +0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 30 Mar 2022 16:44:01 -0400
In-reply-to: <164867276779.22664.6001095401744486780@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <164867276779.22664.6001095401744486780@cupani.torproject.org>
Reply-to: Nika Layzell <nika@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWKr6M6jkhTNqDA3UcfXdmyA==

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.8.0esr-11.0-1
in repository tor-browser.

commit e006c0b0d909f8a5715d3ad55c47ce626e70473e
Author: Nika Layzell <nika@xxxxxxxxxxxxxxx>
AuthorDate: Mon Mar 21 14:37:50 2022 +0000

    Bug 1757805 - Add additional assertions around shmem size, r=ipc-reviewers,handyman a=RyanVM
    
    Differential Revision: https://phabricator.services.mozilla.com/D140097
---
 ipc/glue/Shmem.cpp | 10 ++++++++++
 ipc/glue/Shmem.h   |  7 -------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ipc/glue/Shmem.cpp b/ipc/glue/Shmem.cpp
index 00bec892fabe5..7bcd4c7709134 100644
--- a/ipc/glue/Shmem.cpp
+++ b/ipc/glue/Shmem.cpp
@@ -241,6 +241,9 @@ Shmem::Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
   mSize = static_cast<size_t>(header->mSize);
 
   size_t pageSize = SharedMemory::SystemPageSize();
+  MOZ_ASSERT(mSegment->Size() - (2 * pageSize) >= mSize,
+             "illegal size in shared memory segment");
+
   // transition into the "mapped" state by protecting the front and
   // back sentinels (which guard against buffer under/overflows)
   mSegment->Protect(frontSentinel, pageSize, RightsNone);
@@ -373,6 +376,13 @@ void Shmem::Dealloc(PrivateIPDLCaller, SharedMemory* aSegment) {
 
 #else  // !defined(DEBUG)
 
+Shmem::Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
+    : mSegment(aSegment), mData(aSegment->memory()), mSize(0), mId(aId) {
+  mSize = static_cast<size_t>(*PtrToSize(mSegment));
+  MOZ_RELEASE_ASSERT(mSegment->Size() - sizeof(uint32_t) >= mSize,
+                     "illegal size in shared memory segment");
+}
+
 // static
 already_AddRefed<Shmem::SharedMemory> Shmem::Alloc(PrivateIPDLCaller,
                                                    size_t aNBytes,
diff --git a/ipc/glue/Shmem.h b/ipc/glue/Shmem.h
index 48a3779d2c286..cb0bb024f8c3c 100644
--- a/ipc/glue/Shmem.h
+++ b/ipc/glue/Shmem.h
@@ -84,14 +84,7 @@ class Shmem final {
 
   Shmem(const Shmem& aOther) = default;
 
-#if !defined(DEBUG)
-  Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId)
-      : mSegment(aSegment), mData(aSegment->memory()), mSize(0), mId(aId) {
-    mSize = static_cast<size_t>(*PtrToSize(mSegment));
-  }
-#else
   Shmem(PrivateIPDLCaller, SharedMemory* aSegment, id_t aId);
-#endif
 
   ~Shmem() {
     // Shmem only holds a "weak ref" to the actual segment, which is

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor-browser] branch tor-browser-91.8.0esr-11.0-1 created (now a981804052f46)
  - From: gitolite role

Prev by Author: [tor-commits] [builders/tor-browser-build] branch maint-11.0 updated: Release preparations for 11.0.9 (Desktop)
Next by Author: [tor-commits] [tor-browser] 57/73: Bug 40073: Disable remote Public Suffix List fetching
Previous by thread: [tor-commits] [tor-browser] 52/76: Bug 1757476: Align spills of ARM64 double registers r=jseward a=RyanVM
Next by thread: [tor-commits] [tor-browser] 55/76: Bug 1757376: Continue post processing of Enter key when any keyup event is detected on search bar. r=adw a=RyanVM
Index(es):
- Author
- Thread