Status: Untriaged Owner: [email protected] Labels: Type-Feature Pri-2 OS-Windows Area-BrowserBackend Size-Medium
New issue 9673 by [email protected]: IPC deserialization with ParamTraits<std::vector<P> > is pesimistic http://code.google.com/p/chromium/issues/detail?id=9673 The existing code in chrome\common\ipc_message_utils.h is pessimistic for ParamTraits<std::vector<P> >::Read() Beacuse the check: if (m->IteratorHasRoomFor(*iter, size * sizeof(P)) returns false for a large number of common cases such as: vector<GURL> vector<std::string> Because the computation of size * sizeof(P) has no bearing whatsoever on the actual size of the serialized message. For example sizeof(std::string) = 28, so say 3 strings will require the message to be at least 84 bytes long. But the actually serialized message is just [[xxxx]google.com][[zzzz][blogger.com]][yyyy][facebook.com]] = 34 + 12 = 46 bytes. In this case the check fails and the slower loop : for( ){ r->push_back() } is used in many common cases. The only point of the check was to provide protection against a compromised renderer causing the browser to use too much memory. We already have a check in ipc_channel_win.cc(282): if (input_overflow_buf_.size() > (kMaximumMessageSize - bytes_read)) That limits the maximum size of the IPC message and we should mirror that policy here as well. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
