When skia ok's a NULL malloc, don't call __debugbreak.

A better fix for http://www.crbug.com/2044:  crash
on large <canvas> elements.  We disable the __debugbreak
only when skia tells us it is prepared to correctly 
handle a failed (NULL) malloc().  It does this
by calling sk_malloc_flags() without SK_MALLOC_THROW.

Note that, since the switch to tcmalloc, the new_handler
was not getting called at all (since tcmalloc doesn't 
support it yet), so this crash is currently unreproducible
in trunk.  In order to test this change, I reverted the 
tcmalloc change in my client.  This is not the case in the 
stable branch, since it doesn't use tcmalloc, so this change 
is still needed there.  (It will also be needed in trunk 
again once mbelshe's re-implementation of the new_handler
is in).

BUG=http://www.crbug.com/2044

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=14891

[Stephen White, 2009-04-29 19:03:28]

Ok, now that mbelshe's reimplementation of new_handler is in, 
this CL got stale.  Updated.

[Mike Belshe, 2009-04-29 20:54:14]

Sorry to have the dueling patches :-)

I don't think this does anything anymore?  sk_throw() just calls abort().  So,
if the flag is set, this is just a different way to cause the same behavior?  Or
did I miss something?

[Stephen White, 2009-04-29 21:12:57]

On 2009/04/29 20:54:14, Mike Belshe wrote:
> Sorry to have the dueling patches :-)

No problem.

> I don't think this does anything anymore?  sk_throw() just calls abort().

(Actually, we never get as far as abort(), since our new_handler 
kicks in first.)

> So,
> if the flag is set, this is just a different way to cause the same behavior? 
Or
> did I miss something?

The idea is, if skia *wouldn't* abort() (ie., SK_MALLOC_THROW is *not*
set), we shouldn't __debugbreak() either.  So we clear the flag
temporarily so that we don't call __debugbreak() when the caller has
indicated that it can safely handle a NULL return.

[Mike Belshe, 2009-04-29 21:26:44]

> The idea is, if skia *wouldn't* abort() (ie., SK_MALLOC_THROW is *not*
> set), we shouldn't __debugbreak() either.  So we clear the flag
> temporarily so that we don't call __debugbreak() when the caller has
> indicated that it can safely handle a NULL return.

Doh.  Sorry for being dense.

This code LGTM in terms of how it works.  cpu has been pretty adamant about
crashing in this case, so you'll need to be extra careful to only unset the
SK_MALLOC_THROW flag when the caller will fail gracefully.

[Stephen White, 2009-04-29 22:09:19]

On 2009/04/29 21:26:44, Mike Belshe wrote:
> > The idea is, if skia *wouldn't* abort() (ie., SK_MALLOC_THROW is *not*
> > set), we shouldn't __debugbreak() either.  So we clear the flag
> > temporarily so that we don't call __debugbreak() when the caller has
> > indicated that it can safely handle a NULL return.
> 
> Doh.  Sorry for being dense.
> 
> This code LGTM in terms of how it works.  cpu has been pretty adamant about
> crashing in this case, so you'll need to be extra careful to only unset the
> SK_MALLOC_THROW flag when the caller will fail gracefully.

Mike Reed has assured me that that's the case.