Prevent overflow in sandbox/win reference counts.

These classes are tied to process creation so it is very unlikely they
can be overflowed without also exhausting system resources. It is ok to
set a good example though.

Bug: 1101547
Change-Id: I2d109a6e9c7ed8f4094495af5de994ae18adb757
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2278319
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#785965}

sandbox/win/src/app_container_profile_base.cc

@@ -139,12 +139,14 @@ AppContainerProfileBase::AppContainerProfileBase(const Sid& package_sid)
 AppContainerProfileBase::~AppContainerProfileBase() {}
 
 void AppContainerProfileBase::AddRef() {
-  ::InterlockedIncrement(&ref_count_);
+  // ref_count starts at 0 for this class so can increase from 0 (once).
+  CHECK(::InterlockedIncrement(&ref_count_) > 0);
 }
 
 void AppContainerProfileBase::Release() {
-  LONG ref_count = ::InterlockedDecrement(&ref_count_);
-  if (ref_count == 0) {
+  LONG result = ::InterlockedDecrement(&ref_count_);
+  CHECK(result >= 0);
+  if (result == 0) {
     delete this;
   }
 }

sandbox/win/src/sandbox_policy_base.cc

@@ -128,11 +128,14 @@ PolicyBase::~PolicyBase() {
 }
 
 void PolicyBase::AddRef() {
-  ::InterlockedIncrement(&ref_count);
+  // ref_count starts at 1 so cannot increase from 0 to 1.
+  CHECK(::InterlockedIncrement(&ref_count) > 1);
 }
 
 void PolicyBase::Release() {
-  if (0 == ::InterlockedDecrement(&ref_count))
+  LONG result = ::InterlockedDecrement(&ref_count);
+  CHECK(result >= 0);
+  if (result == 0)
     delete this;
 }