Cherry-pick "Fix potential handle reuse in Mojo" am: dc370b84aa am: 403571ea93 am: 87e50955cb am: 94277f01f3 am: 7212b7c6e1

Original change: https://android-review.googlesource.com/c/platform/external/libchrome/+/2198095 Change-Id: I8b45386ea0451e130217eb13197d4349474f3ce3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Ken Rockot <rockot@google.com> 2022-08-30 08:57:42 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-08-30 08:57:42 +0000
commit: 2397d2319e83c1166135af9ac13273772ef9b5a8 (patch)
tree: 265d00b2aaddac679b75cb0e75fdbe73660f080c
parent: 1b1a3816d771bbbbc771492f1b16ccf606de88b7 (diff)
parent: 7212b7c6e108d0163a9b9dfc6b51b8846f783e2e (diff)
download: libchrome-2397d2319e83c1166135af9ac13273772ef9b5a8.tar.gz
1 files changed, 9 insertions, 3 deletions
diff --git a/mojo/core/handle_table.cc b/mojo/core/handle_table.cc
index e039c7108d..40700b7e86 100644
--- a/mojo/core/handle_table.cc
+++ b/mojo/core/handle_table.cc
@@ -65,13 +65,19 @@ bool HandleTable::AddDispatchersFromTransit(
     const std::vector<Dispatcher::DispatcherInTransit>& dispatchers,
     MojoHandle* handles) {
   // Oops, we're out of handles.
-  if (next_available_handle_ == MOJO_HANDLE_INVALID)
+  if (next_available_handle_ == MOJO_HANDLE_INVALID) {
     return false;
+  }
+
+  // MOJO_HANDLE_INVALID is zero.
+  DCHECK_GE(next_available_handle_, 1u);
 
-  DCHECK_LE(dispatchers.size(), std::numeric_limits<uint32_t>::max());
   // If this insertion would cause handle overflow, we're out of handles.
-  if (next_available_handle_ + dispatchers.size() < next_available_handle_)
+  const uint32_t num_handles_available =
+      std::numeric_limits<uint32_t>::max() - next_available_handle_ + 1;
+  if (num_handles_available < dispatchers.size()) {
     return false;
+  }
 
   for (size_t i = 0; i < dispatchers.size(); ++i) {
     MojoHandle handle = MOJO_HANDLE_INVALID;
author	Ken Rockot <rockot@google.com>	2022-08-30 08:57:42 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-30 08:57:42 +0000
commit	2397d2319e83c1166135af9ac13273772ef9b5a8 (patch)
tree	265d00b2aaddac679b75cb0e75fdbe73660f080c
parent	1b1a3816d771bbbbc771492f1b16ccf606de88b7 (diff)
parent	7212b7c6e108d0163a9b9dfc6b51b8846f783e2e (diff)
download	libchrome-2397d2319e83c1166135af9ac13273772ef9b5a8.tar.gz