chromium/src
0
Fork 0
Code Activity

Revert "Reduce scope of unsafe-buffers in signed_interception.cc"

Browse Source 
This reverts commit 5a7afce638.

Reason for revert: pinpoint fails to start a browser for some
benchmarking runs - it is not yet clear what is not working but applying
the revert allows pinpoint to build and run benchmarks again. See
https://pinpoint-dot-chromeperf.appspot.com/job/1720deaf210000.

> Reduce scope of unsafe-buffers in signed_interception.cc
> Moves a fake-memset from a header into a call to ntdll!memset,
> which must be added so that it is available. ntdll!memset is
> marked as an unsafe-buffers operation. We cannot directly use a
> span copy as that might use memset from the CRT which may not be
> initialized when this dll-loading hook might be called.
> Bug: 351564777
> Change-Id: I6b957e59d09d4585875ef5176fe0ede167146435
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6151234
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Reviewed-by: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1404411}

Bug: 351564777
Change-Id: I10d555df0b8120a5a8a52bb78875ec1d924adf79
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6175544
Reviewed-by: Arthur Wang <wuwang@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1406485}
This commit is contained in:
Alex Gough
2025-01-14 18:36:01 -08:00
committed by Chromium LUCI CQ
parent bc4d17f1f8
commit 65b18c9383
5 changed files with 14 additions and 10 deletions

4
sandbox/win/src/nt_internals.h

@ -369,10 +369,6 @@ typedef void*(__cdecl* memcpyFunction)(IN void* dest,
IN const void* src,
IN size_t count);
typedef void*(__cdecl* memsetFunction)(IN void* dest,
IN int c,
IN size_t count);
typedef NTSTATUS(WINAPI* RtlAnsiStringToUnicodeStringFunction)(
IN OUT PUNICODE_STRING DestinationString,
IN PANSI_STRING SourceString,

1
sandbox/win/src/sandbox_nt_types.h

@ -44,7 +44,6 @@ struct NtExports {
UNSAFE_BUFFER_USAGE strlenFunction strlen;
UNSAFE_BUFFER_USAGE wcslenFunction wcslen;
UNSAFE_BUFFER_USAGE memcpyFunction memcpy;
UNSAFE_BUFFER_USAGE memsetFunction memset;
};
// clang-format on

1
sandbox/win/src/sandbox_nt_util.cc

@ -169,7 +169,6 @@ void InitGlobalNt() {
INIT_RTL(strlen);
INIT_RTL(wcslen);
INIT_RTL(memcpy);
INIT_RTL(memset);
sandbox::g_nt.Initialized = true;
}

13
sandbox/win/src/sandbox_nt_util.h

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif
#ifndef SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
#define SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
@ -219,6 +224,14 @@ bool IsSupportedRenameCall(FILE_RENAME_INFORMATION* file_info,
// Get the CLIENT_ID from the current TEB.
CLIENT_ID GetCurrentClientId();
// Version of memset that can be called before the CRT is initialized.
__forceinline void Memset(void* ptr, int value, size_t num_bytes) {
unsigned char* byte_ptr = static_cast<unsigned char*>(ptr);
while (num_bytes--) {
*byte_ptr++ = static_cast<unsigned char>(value);
}
}
} // namespace sandbox
#endif // SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_

5
sandbox/win/src/signed_interception.cc

@ -7,7 +7,6 @@
#include <ntstatus.h>
#include <stdint.h>
#include "base/compiler_specific.h"
#include "sandbox/win/src/crosscall_client.h"
#include "sandbox/win/src/ipc_tags.h"
#include "sandbox/win/src/policy_params.h"
@ -81,9 +80,7 @@ TargetNtCreateSection(NtCreateSectionFunction orig_CreateSection,
// Avoid memset inserted by -ftrivial-auto-var-init=pattern on debug builds.
STACK_UNINITIALIZED CrossCallReturn answer;
// SAFETY cannot use {} constructor as this code runs too early and might
// introduce a call to the CRT's memset. Instead use ntdll memset.
UNSAFE_BUFFERS(GetNtExports()->memset(&answer, 0, sizeof(answer)));
Memset(&answer, 0, sizeof(answer));
answer.nt_status = STATUS_INVALID_IMAGE_HASH;
SharedMemIPCClient ipc(memory);