Mercurial Mercurial > hg > mozilla / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mozilla-bmo1436242.patch
author Wolfgang Rosenauer <wr@rosenauer.org>
Mon, 10 Dec 2018 22:33:01 +0100
branchfirefox60
changeset 1080 e8d4a33582b8
permissions -rw-r--r--
60.4.0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1080
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     1
 
https://bugzilla.redhat.com/show_bug.cgi?id=1577277
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     2
 
https://hg.mozilla.org/mozilla-central/rev/6bb3adfa15c6
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     3
 
https://bugzilla.mozilla.org/show_bug.cgi?id=1436242
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     4
 
diff --git a/ipc/chromium/src/chrome/common/ipc_channel_posix.cc b/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     5
 
--- a/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     6
 
+++ b/ipc/chromium/src/chrome/common/ipc_channel_posix.cc
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     7
 
@@ -418,20 +418,37 @@ bool Channel::ChannelImpl::ProcessIncomi
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     8
 
     const int* fds;
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
     9
 
     unsigned num_fds;
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    10
 
     unsigned fds_i = 0;  // the index of the first unused descriptor
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    12
 
     if (input_overflow_fds_.empty()) {
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    13
 
       fds = wire_fds;
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    14
 
       num_fds = num_wire_fds;
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    15
 
     } else {
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    16
 
-      const size_t prev_size = input_overflow_fds_.size();
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    17
 
-      input_overflow_fds_.resize(prev_size + num_wire_fds);
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    18
 
-      memcpy(&input_overflow_fds_[prev_size], wire_fds,
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    19
 
-             num_wire_fds * sizeof(int));
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    20
 
+      // This code may look like a no-op in the case where
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    21
 
+      // num_wire_fds == 0, but in fact:
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    22
 
+      //
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    23
 
+      // 1. wire_fds will be nullptr, so passing it to memcpy is
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    24
 
+      // undefined behavior according to the C standard, even though
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    25
 
+      // the memcpy length is 0.
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    26
 
+      //
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    27
 
+      // 2. prev_size will be an out-of-bounds index for
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    28
 
+      // input_overflow_fds_; this is undefined behavior according to
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    29
 
+      // the C++ standard, even though the element only has its
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    30
 
+      // pointer taken and isn't accessed (and the corresponding
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    31
 
+      // operation on a C array would be defined).
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    32
 
+      //
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    33
 
+      // UBSan makes #1 a fatal error, and assertions in libstdc++ do
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    34
 
+      // the same for #2 if enabled.
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    35
 
+      if (num_wire_fds > 0) {
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    36
 
+        const size_t prev_size = input_overflow_fds_.size();
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    37
 
+        input_overflow_fds_.resize(prev_size + num_wire_fds);
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    38
 
+        memcpy(&input_overflow_fds_[prev_size], wire_fds,
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    39
 
+               num_wire_fds * sizeof(int));
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    40
 
+      }
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    41
 
       fds = &input_overflow_fds_[0];
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    42
 
       num_fds = input_overflow_fds_.size();
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    43
 
     }
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    44
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    45
 
     // The data for the message we're currently reading consists of any data
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    46
 
     // stored in incoming_message_ followed by data in input_buf_ (followed by
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    47
 
     // other messages).
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    48
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
diff changeset 
    49
 











Wolfgang Rosenauer <wr@rosenauer.org>


parents: 

diff
changeset




    50













Wolfgang Rosenauer <wr@rosenauer.org>


parents: 

diff
changeset




    51













Wolfgang Rosenauer <wr@rosenauer.org>


parents: 

diff
changeset




    52
















mozilla