Fix memory overrun possibility during tick samples processing.

src/cpu-profiler.cc

Index: src/cpu-profiler.cc
diff --git a/src/cpu-profiler.cc b/src/cpu-profiler.cc
index c0ed9297a2dd966a5daf9a5b7046e2ac2601c04a..4248a64338f81228fbfdb9eb0fb41fa097748c5a 100644
--- a/src/cpu-profiler.cc
+++ b/src/cpu-profiler.cc
@@ -235,8 +235,19 @@ bool ProfilerEventsProcessor::ProcessTicks(unsigned dequeue_order) {
     const TickSampleEventRecord* rec =
         TickSampleEventRecord::cast(ticks_buffer_.StartDequeue());
     if (rec == NULL) return !ticks_from_vm_buffer_.IsEmpty();
-    if (rec->order == dequeue_order) {
-      generator_->RecordTickSample(rec->sample);
+    // Make a local copy of tick sample record to ensure that it won't
+    // be modified as we are processing it. This is possible as the
+    // sampler writes w/o any sync to the queue, so if the processor
+    // will get far behind, a record may be modified right under its
+    // feet.
+    TickSampleEventRecord record = *rec;

[Søren Thygesen Gjesse, 2010/09/01 12:21:58]

If I remember correctly the queue is an array of TickSampleEventRecords being
filled by the sample writer. Then how does this copy (struct memcpy) ensure that
the content of record is not a mix of two sample records?

+    if (record.order == dequeue_order) {
+      // A paranoid check to make sure that we don't get a memory overrun
+      // in case of frames_count having a wild value.
+      if (record.sample.frames_count < 0
+          || record.sample.frames_count >= TickSample::kMaxFramesCount)
+        record.sample.frames_count = 0;
+      generator_->RecordTickSample(record.sample);
       ticks_buffer_.FinishDequeue();
     } else {
       return true;