unchecked_malloc() for Skia on OSX.

base/process_util_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/process_util.h"
 
 #import <Cocoa/Cocoa.h>
 #include <crt_externs.h>
 #include <dlfcn.h>
 #include <errno.h>
 #include <mach/mach.h>
 #include <mach/mach_init.h>
 #include <mach/mach_vm.h>
 #include <mach/shared_region.h>
 #include <mach/task.h>
-#include <mach-o/dyld.h>
 #include <mach-o/nlist.h>
 #include <malloc/malloc.h>
 #import <objc/runtime.h>
 #include <signal.h>
 #include <spawn.h>
 #include <sys/event.h>
 #include <sys/mman.h>
 #include <sys/sysctl.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 
 #include <new>
 #include <string>
 
 #include "base/debug/debugger.h"
 #include "base/eintr_wrapper.h"
 #include "base/file_util.h"
 #include "base/hash_tables.h"
 #include "base/logging.h"
 #include "base/mac/mac_util.h"
 #include "base/string_util.h"
 #include "base/sys_info.h"
-#include "base/sys_string_conversions.h"
-#include "base/time.h"
 #include "third_party/apple_apsl/CFBase.h"
 #include "third_party/apple_apsl/malloc.h"
 #include "third_party/mach_override/mach_override.h"
 
 namespace base {
 
 void RestoreDefaultExceptionHandler() {
   // This function is tailored to remove the Breakpad exception handler.
   // exception_mask matches s_exception_mask in
   // breakpad/src/client/mac/handler/exception_handler.cc
@@ skipping 514 matching lines @@
 
   DISALLOW_COPY_AND_ASSIGN(ScopedClearErrno);
 };
 
 void CrMallocErrorBreak() {
   g_original_malloc_error_break();
 
   // Out of memory is certainly not heap corruption, and not necessarily
   // something for which the process should be terminated. Leave that decision
   // to the OOM killer.
-  if (errno == ENOMEM)
+  if (errno == ENOMEM || errno == EBADF)

[Mark Mentovai, 2012/09/18 00:18:22]

I don’t think this is cool. Can you be more surgical?

[Scott Hess - ex-Googler, 2012/09/18 01:55:26]

I don't really think it's cool, either, but ... I also have no idea what the
alternative is.  Tomorrow I'll review the malloc code to see if there are any
other likely errno-setting operations which can lead here, but that's obviously
a failure waiting to happen.  Presumably there wouldn't be a ton of
file-descriptor accesses in the malloc library, outside of logging and debugging
code.

We could hook szone_error() to pre-empt the problem.  That's terrifying in its
own way, but it would have the side benefit of allowing us to suppress the
logging currently done on NULL pointer return.  [I'm away from my Libc checkout
right now, so that logging may only happen on debug.]

I'm waiting for a rsesek response, though.  This started out as "Oh, yeah, we
could just <x>", but it's quickly building momentum...

     return;
 
   // A unit test checks this error message, so it needs to be in release builds.
-  LOG(ERROR) <<
+  PLOG(ERROR) <<
       "Terminating process due to a potential for future heap corruption";
   int* volatile death_ptr = NULL;
   *death_ptr = 0xf00bad;
 }
 
 }  // namespace
 
 void EnableTerminationOnHeapCorruption() {
 #ifdef ADDRESS_SANITIZER
   // Don't do anything special on heap corruption, because it should be handled
@@ skipping 239 matching lines @@
 id oom_killer_allocWithZone(id self, SEL _cmd, NSZone* zone)
 {
   id result = g_old_allocWithZone(self, _cmd, zone);
   if (!result)
     debug::BreakDebugger();
   return result;
 }
 
 }  // namespace
 
-malloc_zone_t* GetPurgeableZone() {
-  // malloc_default_purgeable_zone only exists on >= 10.6. Use dlsym to grab it
-  // at runtime because it may not be present in the SDK used for compilation.
-  typedef malloc_zone_t* (*malloc_default_purgeable_zone_t)(void);
-  malloc_default_purgeable_zone_t malloc_purgeable_zone =
-      reinterpret_cast<malloc_default_purgeable_zone_t>(
-          dlsym(RTLD_DEFAULT, "malloc_default_purgeable_zone"));
-  if (malloc_purgeable_zone)
-    return malloc_purgeable_zone();
-  return NULL;
+void* UncheckedMalloc(size_t size) {
+  if (g_old_malloc) {
+    ScopedClearErrno clear_errno;
+    return g_old_malloc(malloc_default_zone(), size);
+  }
+  return malloc(size);
 }
 
 void EnableTerminationOnOutOfMemory() {
   if (g_oom_killer_enabled)
     return;
 
   g_oom_killer_enabled = true;
 
   // === C malloc/calloc/valloc/realloc/posix_memalign ===
 
@@ skipping 14 matching lines @@
 #if !defined(ADDRESS_SANITIZER)
   // Don't do anything special on OOM for the malloc zones replaced by
   // AddressSanitizer, as modifying or protecting them may not work correctly.
 
   // See http://trac.webkit.org/changeset/53362/trunk/Tools/DumpRenderTree/mac
   bool zone_allocators_protected = base::mac::IsOSLionOrLater();
 
   ChromeMallocZone* default_zone =
       reinterpret_cast<ChromeMallocZone*>(malloc_default_zone());
   ChromeMallocZone* purgeable_zone =
-      reinterpret_cast<ChromeMallocZone*>(GetPurgeableZone());
+      reinterpret_cast<ChromeMallocZone*>(malloc_default_purgeable_zone());
 
   vm_address_t page_start_default = 0;
   vm_address_t page_start_purgeable = 0;
   vm_size_t len_default = 0;
   vm_size_t len_purgeable = 0;
   if (zone_allocators_protected) {
     page_start_default = reinterpret_cast<vm_address_t>(default_zone) &
         static_cast<vm_size_t>(~(getpagesize() - 1));
     len_default = reinterpret_cast<vm_address_t>(default_zone) -
         page_start_default + sizeof(ChromeMallocZone);
@@ skipping 315 matching lines @@
   }
 }
 
 }  // namespace
 
 void EnsureProcessTerminated(ProcessHandle process) {
   WaitForChildToDie(process, kWaitBeforeKillSeconds);
 }
 
 }  // namespace base