Fix some bugs in the handling of dynamic crash keys.

- The check to see if the dynamic key slots were all in use was comparing the wrong value. - The lengths of the key and value being set wasn't being validated. The lower-level code capturing the values subsequently terminate the process if a key or value is too long for the CustomInfoEntry record. R= cpu@chromium.org, rsesek@chromium.org BUG=77656 Review URL: https://chromiumcodereview.appspot.com/14262014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@195196 0039d316-1c4b-4281-b951-d872f2087c98

Fix some bugs in the handling of dynamic crash keys.
- The check to see if the dynamic key slots were all in use was comparing the wrong value. - The lengths of the key and value being set wasn't being validated. The lower-level code capturing the values subsequently terminate the process if a key or value is too long for the CustomInfoEntry record. R= cpu@chromium.org, rsesek@chromium.org BUG=77656 Review URL: https://chromiumcodereview.appspot.com/14262014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@195196 0039d316-1c4b-4281-b951-d872f2087c98
1c028316 · rogerm@chromium.org · 85f06a74 · 1c028316
Commit 1c028316 authored Apr 19, 2013 by rogerm@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 4 deletions

chrome/app/breakpad_win.cc chrome/app/breakpad_win.cc +16 -4

No files found.
--- a/chrome/app/breakpad_win.cc
+++ b/chrome/app/breakpad_win.cc
@@ -759,12 +759,24 @@ extern "C" void __declspec(dllexport) __cdecl SetNumberOfViews(

 void SetCrashKeyValue(const base::StringPiece& key,
                      const base::StringPiece& value) {
-  std::string key_string = key.as_string();
-
+  // CustomInfoEntry limits the length of key and value. If they exceed
+  // their maximum length the underlying string handling functions raise
+  // an exception and prematurely trigger a crash. Truncate here.
+  base::StringPiece safe_key(key.substr(
+      0, google_breakpad::CustomInfoEntry::kNameMaxLength  - 1));
+  base::StringPiece safe_value(value.substr(
+      0, google_breakpad::CustomInfoEntry::kValueMaxLength - 1));
+
+  // Keep a copy of the safe key as a std::string, we'll reuse it later.
+  std::string key_string(safe_key.begin(), safe_key.end());
+
+  // If we already have a value for this key, update it; otherwise, insert
+  // the new value if we have not exhausted the pre-allocated slots for dynamic
+  // entries.
  DynamicEntriesMap::iterator it = g_dynamic_entries->find(key_string);
  google_breakpad::CustomInfoEntry* entry = NULL;
  if (it == g_dynamic_entries->end()) {
-    if (g_dynamic_keys_offset >= g_dynamic_entries_count)
+    if (g_dynamic_entries->size() >= g_dynamic_entries_count)
      return;
    entry = &(*g_custom_entries)[g_dynamic_keys_offset++];
    g_dynamic_entries->insert(std::make_pair(key_string, entry));
@@ -772,7 +784,7 @@ void SetCrashKeyValue(const base::StringPiece& key,
    entry = it->second;
  }

-  entry->set(UTF8ToWide(key).data(), UTF8ToWide(value).data());
+  entry->set(UTF8ToWide(safe_key).data(), UTF8ToWide(safe_value).data());
 }

 extern "C" void __declspec(dllexport) __cdecl SetCrashKeyValuePair(