Chromium Code Reviews Chromium Code Reviews
Issue 11857007:
TCMalloc: restrict maximum size of memory ranges (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: third_party/tcmalloc/chromium/src/common.cc |
| diff --git a/third_party/tcmalloc/chromium/src/common.cc b/third_party/tcmalloc/chromium/src/common.cc |
| index 5a55b3908391666703e11c00afc45536f92a4faf..6e6a36ff85faf37ed6de153c9121c787fe152545 100644 |
| --- a/third_party/tcmalloc/chromium/src/common.cc |
| +++ b/third_party/tcmalloc/chromium/src/common.cc |
| @@ -38,8 +38,19 @@ |
| #include <unistd.h> // for getpagesize |
| #endif |
| +#include <limits> |
| + |
| namespace tcmalloc { |
| +bool IsContiguousAllocSizePermitted(size_t alloc_size) { |
| + // Never allow an allocation of a contiguous area larger than what can |
| + // be indexed via an int. This is meant as a security mitigation, see |
| + // crbug.com/169369 for more background. |
| + |
| + // Remove kPageSize to account for various rounding. |
| + return alloc_size <= ((std::numeric_limits<int>::max)() - kPageSize); |
|
Chris Evans
2013/01/11 19:51:51
Unusual parens used again.
jln (very slow on Chromium)
2013/01/11 20:02:04
Windows, again ;)
|
| +} |
| + |
| // Note: the following only works for "n"s that fit in 32-bits, but |
| // that is fine since we only use it for small sizes. |
| static inline int LgFloor(size_t n) { |
