Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3119)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/platform/heap/Handle.h

Issue 1146373002: Oilpan: Validate pointers stored in Persistent (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | Source/platform/heap/HeapTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/platform/heap/Handle.h
diff --git a/Source/platform/heap/Handle.h b/Source/platform/heap/Handle.h
index 28b9d5a4422d977fedbdeb7608eca5a37ee04220..1f2e1c4a5c31dd268b59791fbb705eeb0f56ce71 100644
--- a/Source/platform/heap/Handle.h
+++ b/Source/platform/heap/Handle.h
@@ -224,39 +224,41 @@ public:
Persistent(T* raw) : m_raw(raw)
{
- ASSERT(!m_raw || ThreadStateFor<ThreadingTrait<T>::Affinity>::state()->findPageFromAddress(m_raw));
+ checkPointer();
recordBacktrace();
}
explicit Persistent(T& raw) : m_raw(&raw)
{
- ASSERT(!m_raw || ThreadStateFor<ThreadingTrait<T>::Affinity>::state()->findPageFromAddress(m_raw));
+ checkPointer();
recordBacktrace();
}
- Persistent(const Persistent& other) : m_raw(other) { recordBacktrace(); }
-
- template<typename U>
- Persistent(const Persistent<U>& other) : m_raw(other) { recordBacktrace(); }
-
- template<typename U>
- Persistent(const Member<U>& other) : m_raw(other) { recordBacktrace(); }
+ Persistent(const Persistent& other) : m_raw(other)
+ {
+ checkPointer();
+ recordBacktrace();
+ }
template<typename U>
- Persistent(const RawPtr<U>& other) : m_raw(other.get()) { recordBacktrace(); }
+ Persistent(const Persistent<U>& other) : m_raw(other)
+ {
+ checkPointer();
+ recordBacktrace();
+ }
template<typename U>
- Persistent& operator=(U* other)
+ Persistent(const Member<U>& other) : m_raw(other)
{
- m_raw = other;
+ checkPointer();
recordBacktrace();
- return *this;
}
- Persistent& operator=(std::nullptr_t)
+ template<typename U>
+ Persistent(const RawPtr<U>& other) : m_raw(other.get())
{
- m_raw = nullptr;
- return *this;
+ checkPointer();
+ recordBacktrace();
}
void clear() { m_raw = nullptr; }
@@ -293,9 +295,25 @@ public:
T* operator->() const { return *this; }
+ template<typename U>
+ Persistent& operator=(U* other)
+ {
+ m_raw = other;
+ checkPointer();
+ recordBacktrace();
+ return *this;
+ }
+
+ Persistent& operator=(std::nullptr_t)
+ {
+ m_raw = nullptr;
+ return *this;
+ }
+
Persistent& operator=(const Persistent& other)
{
m_raw = other;
+ checkPointer();
recordBacktrace();
return *this;
}
@@ -304,6 +322,7 @@ public:
Persistent& operator=(const Persistent<U>& other)
{
m_raw = other;
+ checkPointer();
recordBacktrace();
return *this;
}
@@ -312,6 +331,7 @@ public:
Persistent& operator=(const Member<U>& other)
{
m_raw = other;
+ checkPointer();
recordBacktrace();
return *this;
}
@@ -320,6 +340,7 @@ public:
Persistent& operator=(const RawPtr<U>& other)
{
m_raw = other;
+ checkPointer();
recordBacktrace();
return *this;
}
@@ -327,6 +348,24 @@ public:
T* get() const { return m_raw; }
private:
+ void checkPointer()
+ {
+#if ENABLE(ASSERT)
+ if (!m_raw)
+ return;
+
+ // Heap::isHeapObjectAlive(m_raw) checks that m_raw is a traceable
+ // object. In other words, it checks that the pointer is either of:
+ //
+ // (a) a pointer to the head of an on-heap object.
+ // (b) a pointer to the head of an on-heap mixin object.
+ //
+ // Otherwise, Heap::isHeapObjectAlive will crash when it calls
+ // header->checkHeader().
+ Heap::isHeapObjectAlive(m_raw);
+#endif
+ }
+
#if ENABLE(GC_PROFILING)
void recordBacktrace()
{
@@ -687,7 +726,7 @@ protected:
// (a) a pointer to the head of an on-heap object.
// (b) a pointer to the head of an on-heap mixin object.
//
- // We can check it by calling visitor->isHeapObjectAlive(m_raw),
+ // We can check it by calling Heap::isHeapObjectAlive(m_raw),
// but we cannot call it here because it requres to include T.h.
// So we currently implement only the check for (a).
if (!IsGarbageCollectedMixin<T>::value)
« no previous file with comments | « no previous file | Source/platform/heap/HeapTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698