Put an arbitrary max to # of extension content scripts.

If shared memory returns bad data, then UserScriptSet might end up allocating too much data. This might distract crash reports to think there was an OOM error. Set an arbitrary limit to number of scripts: roughly 1000 extensions * 100 scripts = 100000u. Also put |pickle_size| in crash stack to aid debugging crash reports. Bug: 723381 Change-Id: Idf96137f5f7adec87adbacd5a276253dc5f24842 Reviewed-on: https://chromium-review.googlesource.com/570987 Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#486879}

Put an arbitrary max to # of extension content scripts.
If shared memory returns bad data, then UserScriptSet might end up allocating too much data. This might distract crash reports to think there was an OOM error. Set an arbitrary limit to number of scripts: roughly 1000 extensions * 100 scripts = 100000u. Also put |pickle_size| in crash stack to aid debugging crash reports. Bug: 723381 Change-Id: Idf96137f5f7adec87adbacd5a276253dc5f24842 Reviewed-on: https://chromium-review.googlesource.com/570987 Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#486879}
29f9d1d7 · Istiaque Ahmed · Commit Bot · e0825237 · 29f9d1d7
Commit 29f9d1d7 authored Jul 14, 2017 by Istiaque Ahmed Committed by Commit Bot Jul 14, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

extensions/renderer/user_script_set.cc extensions/renderer/user_script_set.cc +12 -0

No files found.
--- a/extensions/renderer/user_script_set.cc
+++ b/extensions/renderer/user_script_set.cc
@@ -8,6 +8,7 @@

 #include <utility>

+#include "base/debug/alias.h"
 #include "base/memory/ref_counted.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/renderer/render_frame.h"
@@ -35,6 +36,11 @@ namespace {
 // user script to wrap it in an anonymous scope.
 const char kUserScriptHead[] = "(function (unsafeWindow) {\n";
 const char kUserScriptTail[] = "\n})(window);";
+// Maximum number of total content scripts we allow (across all extensions).
+// The limit exists to diagnose https://crbug.com/723381. The number is
+// arbitrarily chosen.
+// TODO(lazyboy): Remove when the bug is fixed.
+const uint32_t kNumScriptsArbitraryMax = 100000u;

 GURL GetDocumentUrlForFrame(blink::WebLocalFrame* frame) {
  GURL data_source_url = ScriptContext::GetDataSourceURLForFrame(frame);
@@ -115,8 +121,14 @@ bool UserScriptSet::UpdateUserScripts(base::SharedMemoryHandle shared_memory,
  base::Pickle pickle(reinterpret_cast<char*>(shared_memory_->memory()),
                      pickle_size);
  base::PickleIterator iter(pickle);
+  base::debug::Alias(&pickle_size);
  CHECK(iter.ReadUInt32(&num_scripts));

+  // Sometimes the shared memory contents seem to be corrupted
+  // (https://crbug.com/723381). Set an arbitrary max limit to the number of
+  // scripts so that we don't add OOM noise to crash reports.
+  CHECK_LT(num_scripts, kNumScriptsArbitraryMax);
+
  scripts_.clear();
  script_sources_.clear();
  scripts_.reserve(num_scripts);