[Pkg-chromium-maint] Bug#660187: chromium-browser: Entry #3 in data pack points off end of file. Was the file corrupted?
Jonathan Nieder
jrnieder at gmail.com
Wed Jun 13 06:09:05 UTC 2012
shawn wrote:
> no it is not certain, sorry for being negative. Patch below for that issue. However
> I am unable to continue working on this, because I do not know how to run
> chromium from the build directory directly, without installing (root access).
> Can you help with that?
Sure --- just using the chromium binary from the build tree with no
special preparation works fine for me. What happens when you try it?
> This is only run at startup, so there are other unaligned memory access issues.
> (the logs do spam if you have reporting on)
Thanks. A list would be nice, so interested people can try to make it
shorter. If it's very big, feel free to send me a private email so I
can cut it down to one entry per code address.
> commit e4f2ddb3fc2333bae34fd8bd9552933ab698bd95
> Author: Shawn Landden <shawnlandden at gmail.com>
> Date: Sun Jun 3 23:42:30 2012 -0700
>
> fix unalignment memory access in src/ui/base/resource/data_pack.cc:132
>
> diff --git a/src/ui/base/resource/data_pack.cc
> b/src/ui/base/resource/data_pack.cc
> index be44afa..e2b37f1 100644
> --- a/src/ui/base/resource/data_pack.cc
> +++ b/src/ui/base/resource/data_pack.cc
> @@ -129,7 +129,8 @@ bool DataPack::Load(const FilePath& path) {
> for (size_t i = 0; i < resource_count_ + 1; ++i) {
> const DataPackEntry* entry = reinterpret_cast<const
> DataPackEntry*>(
> mmap_->data() + kHeaderLength + (i * sizeof(DataPackEntry)));
> - if (entry->file_offset > mmap_->length()) {
> + // file_offset is 4-byte, but only aligned to 2-byte boundry
> + if (memcmp(entry->file_offset, mmap_->length(), 32) > 0) {
I guess I'd suggest
namespace {
uint32 get_unaligned_32(const void *addr)
{
uint32 result;
memcpy(result, addr, sizeof(result);
return result;
}
...
// no need to use pragma pack
struct DataPackEntry {
uint16 resource_id;
uint8 raw_file_offset[4];
uint32 file_offset() {
return get_unaligned_32(raw_file_offset);
}
...
}
}
...
if (entry->file_offset()) > mmap_->length()) {
...
size_t length = next_entry->file_offset() - target->file_offset();
Many thanks,
Jonathan
More information about the Pkg-chromium-maint
mailing list