unrar: Replace exceptions with terminating the current process

The callee runs in a sandbox and the caller can handle the termination
of the process as an error condition.

Bug: 826743
Change-Id: I9c0cddf9319c6db8dc2a9bf825c787a890976e0c
Reviewed-on: https://chromium-review.googlesource.com/1038141Reviewed-by: danakj <danakj@chromium.org>
Reviewed-by: Nathan Parker <nparker@chromium.org>
Reviewed-by: Jialiu Lin <jialiul@chromium.org>
Commit-Queue: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#555860}

third_party/unrar/BUILD.gn

@@ -57,14 +57,8 @@ if (safe_browsing_mode == 1) {
       "src/volume.cpp",
     ]
 
-    configs -= [
-      "//build/config/compiler:chromium_code",
-      "//build/config/compiler:no_exceptions",
-    ]
-    configs += [
-      "//build/config/compiler:no_chromium_code",
-      "//build/config/compiler:exceptions",
-    ]
+    configs -= [ "//build/config/compiler:chromium_code" ]
+    configs += [ "//build/config/compiler:no_chromium_code" ]
 
     defines = [
       "_FILE_OFFSET_BITS=64",
@@ -74,6 +68,13 @@ if (safe_browsing_mode == 1) {
       # The following is set to disable certain macro definitions in the unrar
       # source code.
       "CHROMIUM_UNRAR",
+
+      # Disables exceptions in unrar, replaces them with process termination.
+      "UNRAR_NO_EXCEPTIONS",
+    ]
+
+    deps = [
+      "//base",
     ]
   }
 }

third_party/unrar/DEPS

+include_rules = [
+  '+base',
+]

third_party/unrar/README.chromium

@@ -11,3 +11,9 @@ Description:
 This library is used to decompress and analyze .RAR and other related files that
 have been downloaded by the user to check their Safe Browsing reputation. It is
 only for Chromium on desktop.
+
+Warning:
+Please note that changes have been made to this library to terminate the current
+process in which this library is running, when it encounters some error
+conditions. This is acceptable for Chromium because the library executes inside
+a sandbox, but may not apply more broadly.

third_party/unrar/src/errhnd.cpp

+// NOTE(vakh): The process.h file needs to be included first because "rar.hpp"
+// defines certain macros that cause symbol redefinition errors
+#if defined(UNRAR_NO_EXCEPTIONS)
+#include "base/process/process.h"
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+
 #include "rar.hpp"
 
 ErrorHandler::ErrorHandler()
@@ -320,7 +326,11 @@ void ErrorHandler::Throw(RAR_EXIT Code)
     mprintf(L"\n%s\n",St(MProgAborted));
 #endif
   SetErrorCode(Code);
+#if defined(UNRAR_NO_EXCEPTIONS)
+  base::Process::Current().Terminate(Code, false);
+#else
   throw Code;
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
 }
 
 

third_party/unrar/src/model.cpp

@@ -43,13 +43,27 @@ void ModelPPM::RestartModelRare()
   InitRL=-(MaxOrder < 12 ? MaxOrder:12)-1;
   MinContext = MaxContext = (RARPPM_CONTEXT*) SubAlloc.AllocContext();
   if (MinContext == NULL)
+  {
+#if defined(UNRAR_NO_EXCEPTIONS)
+    base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
     throw std::bad_alloc();
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+  }
+
   MinContext->Suffix=NULL;
   OrderFall=MaxOrder;
   MinContext->U.SummFreq=(MinContext->NumStats=256)+1;
   FoundState=MinContext->U.Stats=(RARPPM_STATE*)SubAlloc.AllocUnits(256/2);
   if (FoundState == NULL)
+  {
+#if defined(UNRAR_NO_EXCEPTIONS)
+    base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
     throw std::bad_alloc();
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+  }
+
   for (RunLength=InitRL, PrevSuccess=i=0;i < 256;i++) 
   {
     MinContext->U.Stats[i].Symbol=i;      

third_party/unrar/src/unpack.cpp

+// NOTE(vakh): The process.h file needs to be included first because "rar.hpp"
+// defines certain macros that cause symbol redefinition errors
+#if defined(UNRAR_NO_EXCEPTIONS)
+#include "base/process/process.h"
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+
 #include "rar.hpp"
 
 #include "coder.cpp"
@@ -89,7 +95,13 @@ void Unpack::Init(size_t WinSize,bool Solid)
 
   // We do not handle growth for existing fragmented window.
   if (Grow && Fragmented)
+  {
+#if defined(UNRAR_NO_EXCEPTIONS)
+    base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
     throw std::bad_alloc();
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+  }
 
   byte *NewWindow=Fragmented ? NULL : (byte *)malloc(WinSize);
 
@@ -99,7 +111,11 @@ void Unpack::Init(size_t WinSize,bool Solid)
     {
       // We do not support growth for new fragmented window.
       // Also exclude RAR4 and small dictionaries.
+#if defined(UNRAR_NO_EXCEPTIONS)
+      base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
       throw std::bad_alloc();
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
     }
     else
     {

third_party/unrar/src/unpack50frag.cpp

@@ -46,9 +46,15 @@ void FragmentedWindow::Init(size_t WinSize)
         break;
       Size-=Size/32;
     }
-    if (NewMem==NULL)
+    if (NewMem == NULL)
+    {
+#if defined(UNRAR_NO_EXCEPTIONS)
+      base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
       throw std::bad_alloc();
-    
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+    }
+
     // Clean the window to generate the same output when unpacking corrupt
     // RAR files, which may access to unused areas of sliding dictionary.
     memset(NewMem,0,Size);
@@ -58,8 +64,14 @@ void FragmentedWindow::Init(size_t WinSize)
     MemSize[BlockNum]=TotalSize;
     BlockNum++;
   }
-  if (TotalSize<WinSize) // Not found enough free blocks.
+  if (TotalSize < WinSize)  // Not found enough free blocks.
+  {
+#if defined(UNRAR_NO_EXCEPTIONS)
+    base::Process::Current().Terminate(RARX_MEMORY, false);
+#else
     throw std::bad_alloc();
+#endif  // defined(UNRAR_NO_EXCEPTIONS)
+  }
 }