Source/platform/heap/Heap.cpp - Issue 1259893002: Fix FreeList::zapFreedMemory to fail "use-of-uninitialized-value" on MSAN

Side by Side Diff: Source/platform/heap/Heap.cpp

Issue 1259893002: Fix FreeList::zapFreedMemory to fail "use-of-uninitialized-value" on MSAN (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Not to addToFreeList Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2013 Google Inc. All rights reserved.	2 * Copyright (C) 2013 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 1150 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1161 // region to the free list and reuse it for another object.	1161 // region to the free list and reuse it for another object.

1162 #endif	1162 #endif

1163 ASAN_POISON_MEMORY_REGION(address, size);	1163 ASAN_POISON_MEMORY_REGION(address, size);

1164	1164

1165 int index = bucketIndexForSize(size);	1165 int index = bucketIndexForSize(size);

1166 entry->link(&m_freeLists[index]);	1166 entry->link(&m_freeLists[index]);

1167 if (index > m_biggestFreeListIndex)	1167 if (index > m_biggestFreeListIndex)

1168 m_biggestFreeListIndex = index;	1168 m_biggestFreeListIndex = index;

1169 }	1169 }

1170	1170

1171 #if ENABLE(ASSERT) \|\| defined(LEAK_SANITIZER) \|\| defined(ADDRESS_SANITIZER)	1171 #if ENABLE(ASSERT) \|\| defined(LEAK_SANITIZER) \|\| defined(ADDRESS_SANITIZER) \|\| d efined(MEMORY_SANITIZER)

1172 NO_SANITIZE_ADDRESS	1172 NO_SANITIZE_ADDRESS

	1173 NO_SANITIZE_MEMORY

1173 void NEVER_INLINE FreeList::zapFreedMemory(Address address, size_t size)	1174 void NEVER_INLINE FreeList::zapFreedMemory(Address address, size_t size)

1174 {	1175 {

1175 for (size_t i = 0; i < size; i++) {	1176 for (size_t i = 0; i < size; i++) {

1176 // See the comment in addToFreeList().	1177 // See the comment in addToFreeList().
	Alexander Potapenko 2015/07/27 09:45:00 NO_SANITIZE_MEMORY will remove checks for uninitia NO_SANITIZE_MEMORY will remove checks for uninitialized reads in line 1178, so there'll be no MSan reports in zapFreeMemory(). It will however preserve the code that marks address[i] as initialized in line 1179, so that random reads of that memory after it has been freed will not be detected. Is that really what you want?
1177 if (address[i] != reuseAllowedZapValue)	1178 if (address[i] != reuseAllowedZapValue)

1178 address[i] = reuseForbiddenZapValue;	1179 address[i] = reuseForbiddenZapValue;

1179 }	1180 }

1180 }	1181 }

1181 #endif	1182 #endif

1182	1183

1183 void FreeList::clear()	1184 void FreeList::clear()

1184 {	1185 {

1185 m_biggestFreeListIndex = 0;	1186 m_biggestFreeListIndex = 0;

1186 for (size_t i = 0; i < blinkPageSizeLog2; ++i)	1187 for (size_t i = 0; i < blinkPageSizeLog2; ++i)

(...skipping 1338 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2525 size_t Heap::s_allocatedObjectSize = 0;	2526 size_t Heap::s_allocatedObjectSize = 0;

2526 size_t Heap::s_markedObjectSize = 0;	2527 size_t Heap::s_markedObjectSize = 0;

2527 size_t Heap::s_persistentCount = 0;	2528 size_t Heap::s_persistentCount = 0;

2528 size_t Heap::s_persistentCountAtLastGC = 0;	2529 size_t Heap::s_persistentCountAtLastGC = 0;

2529 size_t Heap::s_collectedPersistentCount = 0;	2530 size_t Heap::s_collectedPersistentCount = 0;

2530 size_t Heap::s_partitionAllocSizeAtLastGC = 0;	2531 size_t Heap::s_partitionAllocSizeAtLastGC = 0;

2531 size_t Heap::s_heapSizePerPersistent = 0;	2532 size_t Heap::s_heapSizePerPersistent = 0;

2532 double Heap::s_estimatedMarkingTimePerByte = 0.0;	2533 double Heap::s_estimatedMarkingTimePerByte = 0.0;

2533	2534

2534 } // namespace blink	2535 } // namespace blink

OLD	NEW

« Source/platform/heap/Heap.h ('K') | « Source/platform/heap/Heap.h ('k') | Source/wtf/AddressSanitizer.h » ('j') | no next file with comments »