Revert "Reduce scope of unsafe-buffers in signed_interception.cc"
This reverts commit 5a7afce638
.
Reason for revert: pinpoint fails to start a browser for some
benchmarking runs - it is not yet clear what is not working but applying
the revert allows pinpoint to build and run benchmarks again. See
https://pinpoint-dot-chromeperf.appspot.com/job/1720deaf210000.
> Reduce scope of unsafe-buffers in signed_interception.cc
> Moves a fake-memset from a header into a call to ntdll!memset,
> which must be added so that it is available. ntdll!memset is
> marked as an unsafe-buffers operation. We cannot directly use a
> span copy as that might use memset from the CRT which may not be
> initialized when this dll-loading hook might be called.
> Bug: 351564777
> Change-Id: I6b957e59d09d4585875ef5176fe0ede167146435
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6151234
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Reviewed-by: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1404411}
Bug: 351564777
Change-Id: I10d555df0b8120a5a8a52bb78875ec1d924adf79
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6175544
Reviewed-by: Arthur Wang <wuwang@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1406485}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
bc4d17f1f8
commit
65b18c9383
@@ -369,10 +369,6 @@ typedef void*(__cdecl* memcpyFunction)(IN void* dest,
|
|||||||
IN const void* src,
|
IN const void* src,
|
||||||
IN size_t count);
|
IN size_t count);
|
||||||
|
|
||||||
typedef void*(__cdecl* memsetFunction)(IN void* dest,
|
|
||||||
IN int c,
|
|
||||||
IN size_t count);
|
|
||||||
|
|
||||||
typedef NTSTATUS(WINAPI* RtlAnsiStringToUnicodeStringFunction)(
|
typedef NTSTATUS(WINAPI* RtlAnsiStringToUnicodeStringFunction)(
|
||||||
IN OUT PUNICODE_STRING DestinationString,
|
IN OUT PUNICODE_STRING DestinationString,
|
||||||
IN PANSI_STRING SourceString,
|
IN PANSI_STRING SourceString,
|
||||||
|
@@ -44,7 +44,6 @@ struct NtExports {
|
|||||||
UNSAFE_BUFFER_USAGE strlenFunction strlen;
|
UNSAFE_BUFFER_USAGE strlenFunction strlen;
|
||||||
UNSAFE_BUFFER_USAGE wcslenFunction wcslen;
|
UNSAFE_BUFFER_USAGE wcslenFunction wcslen;
|
||||||
UNSAFE_BUFFER_USAGE memcpyFunction memcpy;
|
UNSAFE_BUFFER_USAGE memcpyFunction memcpy;
|
||||||
UNSAFE_BUFFER_USAGE memsetFunction memset;
|
|
||||||
};
|
};
|
||||||
// clang-format on
|
// clang-format on
|
||||||
|
|
||||||
|
@@ -169,7 +169,6 @@ void InitGlobalNt() {
|
|||||||
INIT_RTL(strlen);
|
INIT_RTL(strlen);
|
||||||
INIT_RTL(wcslen);
|
INIT_RTL(wcslen);
|
||||||
INIT_RTL(memcpy);
|
INIT_RTL(memcpy);
|
||||||
INIT_RTL(memset);
|
|
||||||
sandbox::g_nt.Initialized = true;
|
sandbox::g_nt.Initialized = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -2,6 +2,11 @@
|
|||||||
// Use of this source code is governed by a BSD-style license that can be
|
// Use of this source code is governed by a BSD-style license that can be
|
||||||
// found in the LICENSE file.
|
// found in the LICENSE file.
|
||||||
|
|
||||||
|
#ifdef UNSAFE_BUFFERS_BUILD
|
||||||
|
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
|
||||||
|
#pragma allow_unsafe_buffers
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
#ifndef SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
||||||
#define SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
#define SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
||||||
|
|
||||||
@@ -219,6 +224,14 @@ bool IsSupportedRenameCall(FILE_RENAME_INFORMATION* file_info,
|
|||||||
// Get the CLIENT_ID from the current TEB.
|
// Get the CLIENT_ID from the current TEB.
|
||||||
CLIENT_ID GetCurrentClientId();
|
CLIENT_ID GetCurrentClientId();
|
||||||
|
|
||||||
|
// Version of memset that can be called before the CRT is initialized.
|
||||||
|
__forceinline void Memset(void* ptr, int value, size_t num_bytes) {
|
||||||
|
unsigned char* byte_ptr = static_cast<unsigned char*>(ptr);
|
||||||
|
while (num_bytes--) {
|
||||||
|
*byte_ptr++ = static_cast<unsigned char>(value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
} // namespace sandbox
|
} // namespace sandbox
|
||||||
|
|
||||||
#endif // SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
#endif // SANDBOX_WIN_SRC_SANDBOX_NT_UTIL_H_
|
||||||
|
@@ -7,7 +7,6 @@
|
|||||||
#include <ntstatus.h>
|
#include <ntstatus.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
#include "base/compiler_specific.h"
|
|
||||||
#include "sandbox/win/src/crosscall_client.h"
|
#include "sandbox/win/src/crosscall_client.h"
|
||||||
#include "sandbox/win/src/ipc_tags.h"
|
#include "sandbox/win/src/ipc_tags.h"
|
||||||
#include "sandbox/win/src/policy_params.h"
|
#include "sandbox/win/src/policy_params.h"
|
||||||
@@ -81,9 +80,7 @@ TargetNtCreateSection(NtCreateSectionFunction orig_CreateSection,
|
|||||||
|
|
||||||
// Avoid memset inserted by -ftrivial-auto-var-init=pattern on debug builds.
|
// Avoid memset inserted by -ftrivial-auto-var-init=pattern on debug builds.
|
||||||
STACK_UNINITIALIZED CrossCallReturn answer;
|
STACK_UNINITIALIZED CrossCallReturn answer;
|
||||||
// SAFETY cannot use {} constructor as this code runs too early and might
|
Memset(&answer, 0, sizeof(answer));
|
||||||
// introduce a call to the CRT's memset. Instead use ntdll memset.
|
|
||||||
UNSAFE_BUFFERS(GetNtExports()->memset(&answer, 0, sizeof(answer)));
|
|
||||||
|
|
||||||
answer.nt_status = STATUS_INVALID_IMAGE_HASH;
|
answer.nt_status = STATUS_INVALID_IMAGE_HASH;
|
||||||
SharedMemIPCClient ipc(memory);
|
SharedMemIPCClient ipc(memory);
|
||||||
|
Reference in New Issue
Block a user