Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(98)

Issue 1184633005: Build fix: Add NO_SANITIZE_ADDRESS to addToFreeList (Closed)

Created:
4 years, 10 months ago by haraken
Modified:
4 years, 10 months ago
Reviewers:
keishi, oilpan-reviews, sof
CC:
blink-reviews, oilpan-reviews, kouhei+heap_chromium.org, Mads Ager (chromium)
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Patch Set 1 #

Total comments: 4
Unified diffs Side-by-side diffs Delta from patch set Stats (+2 lines, -0 lines) Patch
M Source/platform/heap/Heap.cpp View 2 chunks +2 lines, -0 lines 4 comments Download

Messages

Total messages: 12 (2 generated)
haraken
4 years, 10 months ago (2015-06-12 06:57:19 UTC) #2
haraken
Committed patchset #1 (id:1) manually as 197005 (presubmit successful).
4 years, 10 months ago (2015-06-12 06:57:42 UTC) #3
sof
lgtm, but didn't this show up in local testing? https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp File Source/platform/heap/Heap.cpp (right): https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp#newcode1055 Source/platform/heap/Heap.cpp:1055: ...
4 years, 10 months ago (2015-06-12 07:01:23 UTC) #5
haraken
https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp File Source/platform/heap/Heap.cpp (right): https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp#newcode1055 Source/platform/heap/Heap.cpp:1055: ASAN_POISON_MEMORY_REGION(address, size); On 2015/06/12 07:01:23, sof wrote: > Can't ...
4 years, 10 months ago (2015-06-12 07:08:26 UTC) #6
sof
https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp File Source/platform/heap/Heap.cpp (right): https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp#newcode1055 Source/platform/heap/Heap.cpp:1055: ASAN_POISON_MEMORY_REGION(address, size); On 2015/06/12 07:08:25, haraken wrote: > On ...
4 years, 10 months ago (2015-06-12 07:11:26 UTC) #7
haraken
https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp File Source/platform/heap/Heap.cpp (right): https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp#newcode1055 Source/platform/heap/Heap.cpp:1055: ASAN_POISON_MEMORY_REGION(address, size); On 2015/06/12 07:11:26, sof wrote: > On ...
4 years, 10 months ago (2015-06-12 07:15:45 UTC) #8
sof
On 2015/06/12 07:15:45, haraken wrote: > https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp > File Source/platform/heap/Heap.cpp (right): > > https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp#newcode1055 > ...
4 years, 10 months ago (2015-06-12 07:18:40 UTC) #9
haraken
On 2015/06/12 07:18:40, sof wrote: > On 2015/06/12 07:15:45, haraken wrote: > > > https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp ...
4 years, 10 months ago (2015-06-12 07:22:34 UTC) #10
sof
On 2015/06/12 07:22:34, haraken wrote: > On 2015/06/12 07:18:40, sof wrote: > > On 2015/06/12 ...
4 years, 10 months ago (2015-06-12 08:14:07 UTC) #11
haraken
4 years, 10 months ago (2015-06-12 08:40:06 UTC) #12
Message was sent while issue was closed.
On 2015/06/12 08:14:07, sof wrote:
> On 2015/06/12 07:22:34, haraken wrote:
> > On 2015/06/12 07:18:40, sof wrote:
> > > On 2015/06/12 07:15:45, haraken wrote:
> > > >
> > >
> >
>
https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.cpp
> > > > File Source/platform/heap/Heap.cpp (right):
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/1184633005/diff/1/Source/platform/heap/Heap.c...
> > > > Source/platform/heap/Heap.cpp:1055: ASAN_POISON_MEMORY_REGION(address,
> > size);
> > > > On 2015/06/12 07:11:26, sof wrote:
> > > > > On 2015/06/12 07:08:25, haraken wrote:
> > > > > > On 2015/06/12 07:01:23, sof wrote:
> > > > > > > Can't we delay this instead?
> > > > > > 
> > > > > > We shouldn't delay the poisoning :) It is important that
> > > > > > freed-but-not-yet-added-to-freelists memory is poisoned. This
enables
> > ASan
> > > > to
> > > > > > detect (more) use-after-free errors (than the case we delay the
> > > poisoning).
> > > > > 
> > > > > That doesn't make sense if you immediately afterwards mutate the
payload
> > for
> > > > the
> > > > > common code path; now all accesses are exempted from checking here
> > > > (m_freeLists
> > > > > ?)
> > > > 
> > > > Maybe I'm not sure I get your point.
> > > > 
> > > > - Memory in the m_freeLists must be poisoned.
> > > > - Memory that is delayed reusing and not yet in the m_freeLists must be
> > > > poisoned.
> > > > - Memory should be unpoisoned immediately before it is reused.
> > > > 
> > > > Isn't the current code doing that?
> > > 
> > > It definitely should be poisoned before we leave addFreeList(), but no
need
> to
> > > do it before you do the extra zapping of payloads here.
> > 
> > Ah, I got your point :) Will fix it in a follow-up.
> 
> The annotations added here aren't sufficient to quieten ASan,
>
http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%...

Let me revert them.

Powered by Google App Engine
This is Rietveld 408576698