Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/cpu-profiler.cc

Issue 3334001: Fix memory overrun possibility during tick samples processing. (Closed)
Patch Set: Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2010 the V8 project authors. All rights reserved. 1 // Copyright 2010 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 if (!ticks_from_vm_buffer_.IsEmpty() 228 if (!ticks_from_vm_buffer_.IsEmpty()
229 && ticks_from_vm_buffer_.Peek()->order == dequeue_order) { 229 && ticks_from_vm_buffer_.Peek()->order == dequeue_order) {
230 TickSampleEventRecord record; 230 TickSampleEventRecord record;
231 ticks_from_vm_buffer_.Dequeue(&record); 231 ticks_from_vm_buffer_.Dequeue(&record);
232 generator_->RecordTickSample(record.sample); 232 generator_->RecordTickSample(record.sample);
233 } 233 }
234 234
235 const TickSampleEventRecord* rec = 235 const TickSampleEventRecord* rec =
236 TickSampleEventRecord::cast(ticks_buffer_.StartDequeue()); 236 TickSampleEventRecord::cast(ticks_buffer_.StartDequeue());
237 if (rec == NULL) return !ticks_from_vm_buffer_.IsEmpty(); 237 if (rec == NULL) return !ticks_from_vm_buffer_.IsEmpty();
238 if (rec->order == dequeue_order) { 238 // Make a local copy of tick sample record to ensure that it won't
239 generator_->RecordTickSample(rec->sample); 239 // be modified as we are processing it. This is possible as the
240 // sampler writes w/o any sync to the queue, so if the processor
241 // will get far behind, a record may be modified right under its
242 // feet.
243 TickSampleEventRecord record = *rec;
Søren Thygesen Gjesse 2010/09/01 12:21:58 If I remember correctly the queue is an array of T
244 if (record.order == dequeue_order) {
245 // A paranoid check to make sure that we don't get a memory overrun
246 // in case of frames_count having a wild value.
247 if (record.sample.frames_count < 0
248 || record.sample.frames_count >= TickSample::kMaxFramesCount)
249 record.sample.frames_count = 0;
250 generator_->RecordTickSample(record.sample);
240 ticks_buffer_.FinishDequeue(); 251 ticks_buffer_.FinishDequeue();
241 } else { 252 } else {
242 return true; 253 return true;
243 } 254 }
244 } 255 }
245 } 256 }
246 257
247 258
248 void ProfilerEventsProcessor::Run() { 259 void ProfilerEventsProcessor::Run() {
249 unsigned dequeue_order = 0; 260 unsigned dequeue_order = 0;
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after
529 void CpuProfiler::TearDown() { 540 void CpuProfiler::TearDown() {
530 #ifdef ENABLE_LOGGING_AND_PROFILING 541 #ifdef ENABLE_LOGGING_AND_PROFILING
531 if (singleton_ != NULL) { 542 if (singleton_ != NULL) {
532 delete singleton_; 543 delete singleton_;
533 } 544 }
534 singleton_ = NULL; 545 singleton_ = NULL;
535 #endif 546 #endif
536 } 547 }
537 548
538 } } // namespace v8::internal 549 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698