Source code
Revision control
Copy as Markdown
Other Tools
diff --git a/sandbox/win/src/policy_low_level.cc b/sandbox/win/src/policy_low_level.cc
index 0f47c96fbf01..111ab7a37ff1 100644
--- a/sandbox/win/src/policy_low_level.cc
+++ b/sandbox/win/src/policy_low_level.cc
@@ -89,6 +89,8 @@ bool LowLevelPolicy::Done() {
return false;
}
policy_store_->entry[static_cast<size_t>(service)] = current_buffer;
+ // Account for the opcode_count in PolicyBuffer.
+ avail_size -= sizeof PolicyBuffer::opcode_count;
RuleList::iterator rules_it = (*it).second.begin();
RuleList::iterator rules_it_end = (*it).second.end();
@@ -103,12 +105,14 @@ bool LowLevelPolicy::Done() {
if (avail_size < opcodes_size) {
return false;
}
- size_t data_size = avail_size - opcodes_size;
+ avail_size -= opcodes_size;
+ size_t data_size = avail_size;
PolicyOpcode* opcodes_start = ¤t_buffer->opcodes[svc_opcode_count];
if (!rule->RebindCopy(opcodes_start, opcodes_size, buffer_end,
&data_size)) {
return false;
}
+ DCHECK(avail_size >= data_size);
size_t used = avail_size - data_size;
buffer_end -= used;
avail_size -= used;
@@ -116,9 +120,14 @@ bool LowLevelPolicy::Done() {
}
current_buffer->opcode_count = svc_opcode_count;
- size_t policy_buffers_occupied =
- (svc_opcode_count * sizeof(PolicyOpcode)) / sizeof(current_buffer[0]);
- current_buffer = ¤t_buffer[policy_buffers_occupied + 1];
+ size_t opcode_bytes_used = sizeof PolicyBuffer::opcode_count +
+ (svc_opcode_count * sizeof(PolicyOpcode));
+ size_t policy_buffer_count =
+ (opcode_bytes_used + sizeof(PolicyBuffer) - 1) / sizeof(PolicyBuffer);
+ size_t byte_padding =
+ (policy_buffer_count * sizeof(PolicyBuffer)) - opcode_bytes_used;
+ avail_size -= byte_padding;
+ current_buffer += policy_buffer_count;
}
return true;