Parse and store sizes of the upload client payload as 64 bit types.

Also, do not allow negative sizes.

Bug: 881076
Change-Id: I254d52258f5902d5d8740e74be35012cdf2b43e4
Reviewed-on: https://chromium-review.googlesource.com/c/1336524Reviewed-by: Joshua Pawlicki <waffles@chromium.org>
Commit-Queue: Sorin Jianu <sorin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608443}

components/update_client/protocol_parser.h

@@ -5,6 +5,7 @@
 #ifndef COMPONENTS_UPDATE_CLIENT_PROTOCOL_PARSER_H_
 #define COMPONENTS_UPDATE_CLIENT_PROTOCOL_PARSER_H_
 
+#include <cstdint>
 #include <map>
 #include <memory>
 #include <string>
@@ -32,12 +33,12 @@ class ProtocolParser {
         // Attributes for the full update.
         std::string name;
         std::string hash_sha256;
-        int size = 0;
+        int64_t size = 0;
 
         // Attributes for the differential update.
         std::string namediff;
         std::string hashdiff_sha256;
-        int sizediff = 0;
+        int64_t sizediff = 0;
       };
 
       Manifest();

components/update_client/protocol_parser_json.cc

@@ -84,16 +84,22 @@ bool ParseManifest(const base::Value& manifest_node,
       p.hash_sha256 = hash_sha256->GetString();
 
     const auto* size = package.FindKey("size");
-    if (size && size->is_int())
-      p.size = size->GetInt();
+    if (size && (size->is_int() || size->is_double())) {
+      const auto val = size->GetDouble();
+      if (0 <= val && val < kProtocolMaxInt)
+        p.size = size->GetDouble();
+    }
 
     const auto* hashdiff_sha256 = package.FindKey("hashdiff_sha256");
     if (hashdiff_sha256 && hashdiff_sha256->is_string())
       p.hashdiff_sha256 = hashdiff_sha256->GetString();
 
     const auto* sizediff = package.FindKey("sizediff");
-    if (sizediff && sizediff->is_int())
-      p.sizediff = sizediff->GetInt();
+    if (sizediff && (sizediff->is_int() || sizediff->is_double())) {
+      const auto val = sizediff->GetDouble();
+      if (0 <= val && val < kProtocolMaxInt)
+        p.sizediff = sizediff->GetDouble();
+    }
 
     result->manifest.packages.push_back(std::move(p));
   }

components/update_client/protocol_parser_json_unittest.cc

@@ -62,11 +62,18 @@ const char* kJSONInvalidSizes = R"()]}'
       "version":"1.2.3.4",
       "prodversionmin":"2.0.143.0",
       "packages":{"package":[{"name":"1","size":1234},
-                             {"name":"1","size":-1234},
-                             {"name":"1"},
-                             {"name":"1","size":"-a"},
-                             {"name":"1","size":-123467890123456789},
-                             {"name":"1","size":123467890123456789}]}}
+                             {"name":"2","size":9007199254740991},
+                             {"name":"3","size":-1234},
+                             {"name":"4"},
+                             {"name":"5","size":"-a"},
+                             {"name":"6","size":-123467890123456789},
+                             {"name":"7","size":123467890123456789},
+                             {"name":"8","sizediff":1234},
+                             {"name":"9","sizediff":9007199254740991},
+                             {"name":"10","sizediff":-1234},
+                             {"name":"11","sizediff":"-a"},
+                             {"name":"12","sizediff":-123467890123456789},
+                             {"name":"13","sizediff":123467890123456789}]}}
       }
      }
     ]
@@ -385,11 +392,18 @@ TEST(UpdateClientProtocolParserJSONTest, Parse) {
     const auto* first_result = &parser->results().list[0];
     EXPECT_FALSE(first_result->manifest.packages.empty());
     EXPECT_EQ(1234, first_result->manifest.packages[0].size);
-    EXPECT_EQ(-1234, first_result->manifest.packages[1].size);
+    EXPECT_EQ(9007199254740991, first_result->manifest.packages[1].size);
     EXPECT_EQ(0, first_result->manifest.packages[2].size);
     EXPECT_EQ(0, first_result->manifest.packages[3].size);
     EXPECT_EQ(0, first_result->manifest.packages[4].size);
     EXPECT_EQ(0, first_result->manifest.packages[5].size);
+    EXPECT_EQ(0, first_result->manifest.packages[6].size);
+    EXPECT_EQ(1234, first_result->manifest.packages[7].sizediff);
+    EXPECT_EQ(9007199254740991, first_result->manifest.packages[8].sizediff);
+    EXPECT_EQ(0, first_result->manifest.packages[9].sizediff);
+    EXPECT_EQ(0, first_result->manifest.packages[10].sizediff);
+    EXPECT_EQ(0, first_result->manifest.packages[11].sizediff);
+    EXPECT_EQ(0, first_result->manifest.packages[12].sizediff);
   }
   {
     // Parse xml with a <daystart> element.

components/update_client/protocol_parser_xml.cc

@@ -7,6 +7,7 @@
 #include <stddef.h>
 
 #include <algorithm>
+#include <cstdint>
 #include <memory>
 #include <vector>
 
@@ -109,14 +110,15 @@ bool ParsePackageTag(xmlNode* package,
   p.fingerprint = GetAttribute(package, "fp");
 
   p.hash_sha256 = GetAttribute(package, "hash_sha256");
-  int size = 0;
-  if (base::StringToInt(GetAttribute(package, "size"), &size)) {
+  int64_t size = 0;
+  if (base::StringToInt64(GetAttribute(package, "size"), &size) && size >= 0) {
     p.size = size;
   }
 
   p.hashdiff_sha256 = GetAttribute(package, "hashdiff_sha256");
-  int sizediff = 0;
-  if (base::StringToInt(GetAttribute(package, "sizediff"), &sizediff)) {
+  int64_t sizediff = 0;
+  if (base::StringToInt64(GetAttribute(package, "sizediff"), &sizediff) &&
+      sizediff >= 0) {
     p.sizediff = sizediff;
   }
 

components/update_client/protocol_parser_xml_unittest.cc

@@ -57,11 +57,18 @@ const char* valid_xml_with_invalid_sizes =
     "     <manifest version='1.2.3.4' prodversionmin='2.0.143.0'>"
     "       <packages>"
     "         <package name='1' size='1234'/>"
-    "         <package name='2' size='-1234'/>"
-    "         <package name='3' />"
-    "         <package name='4' size='-a'/>"
-    "         <package name='5' size='-123467890123456789'/>"
-    "         <package name='6' size='123467890123456789'/>"
+    "         <package name='2' size='9223372036854775807'/>"
+    "         <package name='3' size='-1234'/>"
+    "         <package name='4' />"
+    "         <package name='5' size='-a'/>"
+    "         <package name='6' size='-123467890123456789'/>"
+    "         <package name='7' size='123467890123456789012'/>"
+    "         <package name='8' sizediff='1234'/>"
+    "         <package name='9' sizediff='9223372036854775807'/>"
+    "         <package name='10' sizediff='-1234'/>"
+    "         <package name='11' sizediff='-a'/>"
+    "         <package name='12' sizediff='-123467890123456789'/>"
+    "         <package name='13' sizediff='123467890123456789012'/>"
     "       </packages>"
     "     </manifest>"
     "   </updatecheck>"
@@ -377,11 +384,18 @@ TEST(UpdateClientProtocolParserXmlTest, Parse) {
   first_result = &parser->results().list[0];
   EXPECT_FALSE(first_result->manifest.packages.empty());
   EXPECT_EQ(1234, first_result->manifest.packages[0].size);
-  EXPECT_EQ(-1234, first_result->manifest.packages[1].size);
+  EXPECT_EQ(9223372036854775807, first_result->manifest.packages[1].size);
   EXPECT_EQ(0, first_result->manifest.packages[2].size);
   EXPECT_EQ(0, first_result->manifest.packages[3].size);
   EXPECT_EQ(0, first_result->manifest.packages[4].size);
   EXPECT_EQ(0, first_result->manifest.packages[5].size);
+  EXPECT_EQ(0, first_result->manifest.packages[5].size);
+  EXPECT_EQ(1234, first_result->manifest.packages[7].sizediff);
+  EXPECT_EQ(9223372036854775807, first_result->manifest.packages[8].sizediff);
+  EXPECT_EQ(0, first_result->manifest.packages[9].sizediff);
+  EXPECT_EQ(0, first_result->manifest.packages[10].sizediff);
+  EXPECT_EQ(0, first_result->manifest.packages[11].sizediff);
+  EXPECT_EQ(0, first_result->manifest.packages[12].sizediff);
 
   // Parse xml with a <daystart> element.
   EXPECT_TRUE(parser->Parse(kWithDaystart));