Security unittests: add more compiler barriers

base/security_unittest.cc

Index: base/security_unittest.cc
diff --git a/base/security_unittest.cc b/base/security_unittest.cc
index 531159dc020c6fd5112a0bbc52ae3b4bef286af3..57b6b6f1b76a0249594400e30d02b27c3e98ee93 100644
--- a/base/security_unittest.cc
+++ b/base/security_unittest.cc
@@ -22,6 +22,15 @@ using std::numeric_limits;
 
 namespace {
 
+// This function acts as a compiler optimization barrier. We use it to
+// prevent the compiler from making an expression a compile-time constant.
+// We also use it so that the compiler doesn't discard certain return values
+// as something we don't need (see the comment with calloc below).
+template <typename Type>
+Type HideValueFromCompiler(volatile Type value) {
+  return value;
+}
+
 // Check that we can not allocate a memory range that cannot be indexed
 // via an int. This is used to mitigate vulnerabilities in libraries that use
 // int instead of size_t.
@@ -61,16 +70,16 @@ TEST(SecurityTest, ALLOC_TEST(IsTCMallocDynamicallyBypassed)) {
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsMalloc)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(malloc(kTooBigAllocSize)));
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(malloc(kTooBigAllocSize))));
     ASSERT_TRUE(ptr == NULL);

[awong, 2013/02/05 22:42:22]

drive-by nit: this would be cleaner as ASSERT_TRUE(ptr); Same in other spots.

[jln (very slow on Chromium), 2013/02/06 00:05:01]

This used to not work with scoped ptr. In general ASSERT_* are very annoying
with pointers.

I also personally prefer == NULL and != NULL to ptr, but that's personal taste.

Done anyways, but limited to the instances where it doesn't make it completely
unreadable (so I excluded some in the tests below).

   }
 }
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsCalloc)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(calloc(kTooBigAllocSize, 1)));
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(calloc(kTooBigAllocSize, 1))));
     ASSERT_TRUE(ptr == NULL);
   }
 }
@@ -79,8 +88,8 @@ TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsRealloc)) {
   if (!IsTcMallocBypassed()) {
     char* orig_ptr = static_cast<char*>(malloc(1));
     ASSERT_TRUE(orig_ptr != NULL);
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(realloc(orig_ptr, kTooBigAllocSize)));
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(realloc(orig_ptr, kTooBigAllocSize))));
     ASSERT_TRUE(ptr == NULL);
     // If realloc() did not succeed, we need to free orig_ptr.
     free(orig_ptr);
@@ -93,14 +102,16 @@ typedef struct {
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNew)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<VeryLargeStruct> ptr(new (nothrow) VeryLargeStruct);
+    scoped_ptr<VeryLargeStruct> ptr(
+        HideValueFromCompiler(new (nothrow) VeryLargeStruct));
     ASSERT_TRUE(ptr == NULL);
   }
 }
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]);
+    scoped_ptr<char[]> ptr(
+        HideValueFromCompiler(new (nothrow) char[kTooBigAllocSize]));
     ASSERT_TRUE(ptr == NULL);
   }
 }
@@ -137,15 +148,6 @@ void OverflowTestsSoftExpectTrue(bool overflow_detected) {
   }
 }
 
-// This function acts as a compiler optimization barrier. We use it to
-// prevent the compiler from making an expression a compile-time constant.
-// We also use it so that the compiler doesn't discard certain return values
-// as something we don't need (see the comment with calloc below).
-template <typename Type>
-Type HideValueFromCompiler(volatile Type value) {
-  return value;
-}
-
 // Test array[TooBig][X] and array[X][TooBig] allocations for int overflows.
 // IOS doesn't honor nothrow, so disable the test there.
 // Disable on Windows, we suspect some are failing because of it.