Bug 1200336: Apply fix for Chromium issue 482784 for sandbox bug when built with VS2015. r=tabraldes

2024-09-13 09:24:08 -07:00 · 2015-09-10 08:25:20 +01:00 · 2015-09-10 08:25:20 +01:00 · 89cecb0a22
commit 89cecb0a22
parent 98a747c398
4 changed files with 26 additions and 17 deletions
--- a/security/sandbox/chromium/sandbox/win/src/target_services.cc
+++ b/security/sandbox/chromium/sandbox/win/src/target_services.cc
@ -4,6 +4,8 @@

 #include "sandbox/win/src/target_services.h"

+#include <new>
+
 #include <process.h>

 #include "base/basictypes.h"
@ -56,6 +58,13 @@ bool CloseOpenHandles() {
  return true;
 }

+// Used as storage for g_target_services, because other allocation facilities
+// are not available early. We can't use a regular function static because on
+// VS2015, because the CRT tries to acquire a lock to guard initialization, but
+// this code runs before the CRT is initialized.
+char g_target_services_memory[sizeof(sandbox::TargetServicesBase)];
+sandbox::TargetServicesBase* g_target_services = nullptr;
+
 }  // namespace

 namespace sandbox {
@ -99,8 +108,10 @@ ProcessState* TargetServicesBase::GetState() {
 }

 TargetServicesBase* TargetServicesBase::GetInstance() {
-  static TargetServicesBase instance;
-  return &instance;
+  // Leak on purpose TargetServicesBase.
+  if (!g_target_services)
+    g_target_services = new (g_target_services_memory) TargetServicesBase;
+  return g_target_services;
 }

 // The broker services a 'test' IPC service with the IPC_PING_TAG tag.
@ -155,15 +166,18 @@ bool TargetServicesBase::TestIPCPing(int version) {
  return true;
 }

-bool ProcessState::IsKernel32Loaded() {
+ProcessState::ProcessState() : process_state_(0) {
+}
+
+bool ProcessState::IsKernel32Loaded() const {
  return process_state_ != 0;
 }

-bool ProcessState::InitCalled() {
+bool ProcessState::InitCalled() const {
  return process_state_ > 1;
 }

-bool ProcessState::RevertedToSelf() {
+bool ProcessState::RevertedToSelf() const {
  return process_state_ > 2;
 }

--- a/security/sandbox/chromium/sandbox/win/src/target_services.h
+++ b/security/sandbox/chromium/sandbox/win/src/target_services.h
@ -13,23 +13,19 @@ namespace sandbox {

 class ProcessState {
 public:
-  ProcessState() : process_state_(0) {}
-
+  ProcessState();
  // Returns true if kernel32.dll has been loaded.
-  bool IsKernel32Loaded();
-
+  bool IsKernel32Loaded() const;
  // Returns true if main has been called.
-  bool InitCalled();
-
+  bool InitCalled() const;
  // Returns true if LowerToken has been called.
-  bool RevertedToSelf();
-
+  bool RevertedToSelf() const;
  // Set the current state.
  void SetKernel32Loaded();
  void SetInitCalled();
  void SetRevertedToSelf();

- public:
+ private:
  int process_state_;
  DISALLOW_COPY_AND_ASSIGN(ProcessState);
 };
--- a/security/sandbox/moz-chromium-commit-status.txt
+++ b/security/sandbox/moz-chromium-commit-status.txt
@ -3,3 +3,5 @@ Chromium Commit                            Directory / File (relative to securit
 df7cc6c04725630dd4460f29d858a77507343b24   chromium
 b533d6533585377edd63ec6500469f6c4fba602a   chromium/sandbox/win/src/sharedmem_ipc_server.cc
 034bd64db1806d85b2ceacc736074ac07722af4a   chromium/sandbox/win/src/service_resolver_64.cc
+de2078cfbbb6770791d32575a1a72a288e6d66a6   chromium/sandbox/win/src/target_services.cc
+de2078cfbbb6770791d32575a1a72a288e6d66a6   chromium/sandbox/win/src/target_services.h
--- a/security/sandbox/win/src/sandboxtarget/sandboxTarget.h
+++ b/security/sandbox/win/src/sandboxtarget/sandboxTarget.h
@ -45,9 +45,6 @@ public:
    MOZ_ASSERT(aTargetServices);
    MOZ_ASSERT(!mTargetServices,
               "Sandbox TargetServices must only be set once.");
-    // We use process_state_ instead of InitCalled() here due to linking issues.
-    MOZ_ASSERT(aTargetServices->GetState()->process_state_ > 1,
-               "Sandbox TargetServices must already be initialized.");

    mTargetServices = aTargetServices;
  }