mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-12-26 13:10:56 +00:00
f2fb37e669
We calculate the size of the buffer to allocate for a read message by finding the minimum of the requested size and the number of bytes left in the response message buffer. However, we then turned around and used an unsafe block to set the length of the allocated buffer to the requested size rather than the calculated size. This could lead to memory corruption if the file we were trying to read had enough bytes to fill up the whole buffer and the requested size was larger than the max message size. Replace both unsafe blocks with a resize function instead. The compiler is smart enough to turn this into a memset and zero-initializing a few KB of memory is not that expensive. BUG=chromium:703939 TEST=none Change-Id: Ia9911d4176322bc9af0753541bd29d7a4723503b Signed-off-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1110479 Reviewed-by: Dylan Reid <dgreid@chromium.org> |
||
|---|---|---|
| .. | ||
| src | ||
| wire_format_derive | ||
| Cargo.toml | ||