Add a guard page in front of metadata allocations.

third_party/tcmalloc/chromium/src/page_heap_allocator.h

Index: third_party/tcmalloc/chromium/src/page_heap_allocator.h
===================================================================
--- third_party/tcmalloc/chromium/src/page_heap_allocator.h	(revision 110522)
+++ third_party/tcmalloc/chromium/src/page_heap_allocator.h	(working copy)
@@ -38,6 +38,7 @@
 #include "common.h"            // for MetaDataAlloc
 #include "free_list.h"          // for FL_Push/FL_Pop
 #include "internal_logging.h"  // for ASSERT, CRASH
+#include "system-alloc.h"      // for TCMalloc_SystemAddGuard
 
 namespace tcmalloc {
 
@@ -74,7 +75,14 @@
                 "tcmalloc data (%d bytes, object-size %d)\n",
                 kAllocIncrement, static_cast<int>(sizeof(T)));
         }
-        free_avail_ = kAllocIncrement;
+
+        // This guard page protects the metadata from being corrupted by a
+        // buffer overrun. We currently have no mechanism for freeing it, since
+        // we never release the metadata buffer. If that changes we'll need to
+        // add something like TCMalloc_SystemRemoveGuard.
+        size_t guard_size = TCMalloc_SystemAddGuard(free_area_, kAllocIncrement);
+        free_area_ += guard_size;
+        free_avail_ = kAllocIncrement - guard_size;
       }
       result = free_area_;

[jar (doing other things), 2011/11/24 01:08:07]

This code assumes that when we get back memory, that free-avail_ is larger than
sizeof(T).  I think you cut it too close when you agreed to guard when the page
size matched the kAllocIncrement.

You probably want ot CRASH if you're still < sizeof(T)

[jschuh, 2011/11/28 18:33:36]

Yes I do.

       free_area_ += sizeof(T);