Add a guard page in front of metadata allocations.

third_party/tcmalloc/chromium/src/page_heap_allocator.h

Index: third_party/tcmalloc/chromium/src/page_heap_allocator.h
===================================================================
--- third_party/tcmalloc/chromium/src/page_heap_allocator.h	(revision 110522)
+++ third_party/tcmalloc/chromium/src/page_heap_allocator.h	(working copy)
@@ -38,6 +38,7 @@
 #include "common.h"            // for MetaDataAlloc
 #include "free_list.h"          // for FL_Push/FL_Pop
 #include "internal_logging.h"  // for ASSERT, CRASH
+#include "system-alloc.h"      // for TCMalloc_SystemAddGuard
 
 namespace tcmalloc {
 
@@ -74,7 +75,20 @@
                 "tcmalloc data (%d bytes, object-size %d)\n",
                 kAllocIncrement, static_cast<int>(sizeof(T)));
         }
-        free_avail_ = kAllocIncrement;
+
+        // This guard page protects the metadata from being corrupted by a
+        // buffer overrun. We currently have no mechanism for freeing it, since
+        // we never release the metadata buffer. If that changes we'll need to
+        // add something like TCMalloc_SystemRemoveGuard.
+        size_t guard_size = TCMalloc_SystemAddGuard(free_area_,
+                                                    kAllocIncrement);
+        free_area_ += guard_size;
+        free_avail_ = kAllocIncrement - guard_size;
+        if (free_avail_ < sizeof(T)) {
+          CRASH("FATAL ERROR: Insufficient memory to guard internal tcmalloc "
+                "data (%d bytes, object-size %d, guard-size %d)\n",
+                kAllocIncrement, static_cast<int>(sizeof(T)), guard_size);
+        }
       }
       result = free_area_;
       free_area_ += sizeof(T);