base/security_unittest.cc - Issue 11857007: TCMalloc: restrict maximum size of memory ranges

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: base/security_unittest.cc

Issue 11857007: TCMalloc: restrict maximum size of memory ranges (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Disable test in ASAN. Created 7 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <limits>

	6

	7 #include "base/memory/scoped_ptr.h"

	8 #include "testing/gtest/include/gtest/gtest.h"

	9

	10 namespace {

	11

	12 // TODO(jln): list instead the known cases that fail (ASAN etc), so that

	13 // we can positively check that we support the cases we care about.

	14 #if !defined(NO_TCMALLOC) && !defined(ADDRESS_SANITIZER)

	15 #define MAYBE_MemoryAllocationRestrictions AllocationRestrictions

	16 #else

	17 #define MAYBE_MemoryAllocationRestrictions DISABLED_AllocationRestrictions

	18 #endif

	19

	20 // Check that we can not allocate a continuous space that cannot be indexed

	21 // via an int. This is used to mitigate vulnerabilities in libraries that use

	22 // int instead of size_t.

	23 // See crbug.com/169327.

	24 TEST(SecurityTest, MAYBE_MemoryAllocationRestrictions) {

	25 scoped_ptr<char, base::FreeDeleter>

	26 ptr(static_cast<char*>(malloc((std::numeric_limits<int>::max)())));
	Chris Evans 2013/01/11 19:51:51 Isn't it jusr std::numeric_limits<int>::max() ? To Isn't it jusr std::numeric_limits<int>::max() ? Too many parens! Confusing :P jln (very slow on Chromium) 2013/01/11 20:02:04 That's because of Windows. Windows defines a macro Show quoted text On 2013/01/11 19:51:51, Chris Evans wrote: > Isn't it jusr std::numeric_limits<int>::max() ? > Too many parens! Confusing :P That's because of Windows. Windows defines a macro called max() which breaks compilation.
	27 ASSERT_TRUE(ptr == NULL);
	Chris Evans 2013/01/11 19:17:28 The behaviour of tcmalloc within Chromium is to ab The behaviour of tcmalloc within Chromium is to abort on an allocation failure. It's an important security guarantee. Does this test imply that this CL changes that invariant? jln (very slow on Chromium) 2013/01/11 20:02:04 No, as discussed on the thread (I suspect this com Show quoted text On 2013/01/11 19:17:28, Chris Evans wrote: > The behaviour of tcmalloc within Chromium is to abort on an allocation failure. > It's an important security guarantee. > > Does this test imply that this CL changes that invariant? No, as discussed on the thread (I suspect this comment was re-sent inadvertently.
	28 // TODO(jln): a lot more tests here.

	29 }

	30

	31 } // namespace

OLD	NEW

« no previous file with comments | « base/base.gyp ('k') | third_party/tcmalloc/chromium/src/common.h » ('j') | third_party/tcmalloc/chromium/src/common.cc » ('J')