| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/render_frame_impl.h" | 5 #include "content/renderer/render_frame_impl.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/auto_reset.h" | 10 #include "base/auto_reset.h" |
| (...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 305 return ds->originalRequest().url(); | 305 return ds->originalRequest().url(); |
| 306 } | 306 } |
| 307 | 307 |
| 308 NOINLINE void CrashIntentionally() { | 308 NOINLINE void CrashIntentionally() { |
| 309 // NOTE(shess): Crash directly rather than using NOTREACHED() so | 309 // NOTE(shess): Crash directly rather than using NOTREACHED() so |
| 310 // that the signature is easier to triage in crash reports. | 310 // that the signature is easier to triage in crash reports. |
| 311 volatile int* zero = NULL; | 311 volatile int* zero = NULL; |
| 312 *zero = 0; | 312 *zero = 0; |
| 313 } | 313 } |
| 314 | 314 |
| 315 NOINLINE void BadCastCrashIntentionally() { |
| 316 class A { |
| 317 virtual void f() {} |
| 318 }; |
| 319 |
| 320 class B { |
| 321 virtual void f() {} |
| 322 }; |
| 323 |
| 324 A a; |
| 325 (void)(B*)&a; |
| 326 } |
| 327 |
| 315 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) | 328 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 316 NOINLINE void MaybeTriggerAsanError(const GURL& url) { | 329 NOINLINE void MaybeTriggerAsanError(const GURL& url) { |
| 317 // NOTE(rogerm): We intentionally perform an invalid heap access here in | 330 // NOTE(rogerm): We intentionally perform an invalid heap access here in |
| 318 // order to trigger an Address Sanitizer (ASAN) error report. | 331 // order to trigger an Address Sanitizer (ASAN) error report. |
| 319 const char kCrashDomain[] = "crash"; | 332 const char kCrashDomain[] = "crash"; |
| 320 const char kHeapOverflow[] = "/heap-overflow"; | 333 const char kHeapOverflow[] = "/heap-overflow"; |
| 321 const char kHeapUnderflow[] = "/heap-underflow"; | 334 const char kHeapUnderflow[] = "/heap-underflow"; |
| 322 const char kUseAfterFree[] = "/use-after-free"; | 335 const char kUseAfterFree[] = "/use-after-free"; |
| 323 #if defined(SYZYASAN) | 336 #if defined(SYZYASAN) |
| 324 const char kCorruptHeapBlock[] = "/corrupt-heap-block"; | 337 const char kCorruptHeapBlock[] = "/corrupt-heap-block"; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 344 } else if (crash_type == kCorruptHeap) { | 357 } else if (crash_type == kCorruptHeap) { |
| 345 base::debug::AsanCorruptHeap(); | 358 base::debug::AsanCorruptHeap(); |
| 346 #endif | 359 #endif |
| 347 } | 360 } |
| 348 } | 361 } |
| 349 #endif // ADDRESS_SANITIZER || SYZYASAN | 362 #endif // ADDRESS_SANITIZER || SYZYASAN |
| 350 | 363 |
| 351 void MaybeHandleDebugURL(const GURL& url) { | 364 void MaybeHandleDebugURL(const GURL& url) { |
| 352 if (!url.SchemeIs(kChromeUIScheme)) | 365 if (!url.SchemeIs(kChromeUIScheme)) |
| 353 return; | 366 return; |
| 354 if (url == GURL(kChromeUICrashURL)) { | 367 if (url == GURL(kChromeUIBadCastCrashURL)) { |
| 368 BadCastCrashIntentionally(); |
| 369 } else if (url == GURL(kChromeUICrashURL)) { |
| 355 CrashIntentionally(); | 370 CrashIntentionally(); |
| 356 } else if (url == GURL(kChromeUIDumpURL)) { | 371 } else if (url == GURL(kChromeUIDumpURL)) { |
| 357 // This URL will only correctly create a crash dump file if content is | 372 // This URL will only correctly create a crash dump file if content is |
| 358 // hosted in a process that has correctly called | 373 // hosted in a process that has correctly called |
| 359 // base::debug::SetDumpWithoutCrashingFunction. Refer to the documentation | 374 // base::debug::SetDumpWithoutCrashingFunction. Refer to the documentation |
| 360 // of base::debug::DumpWithoutCrashing for more details. | 375 // of base::debug::DumpWithoutCrashing for more details. |
| 361 base::debug::DumpWithoutCrashing(); | 376 base::debug::DumpWithoutCrashing(); |
| 362 } else if (url == GURL(kChromeUIKillURL)) { | 377 } else if (url == GURL(kChromeUIKillURL)) { |
| 363 base::Process::Current().Terminate(1, false); | 378 base::Process::Current().Terminate(1, false); |
| 364 } else if (url == GURL(kChromeUIHangURL)) { | 379 } else if (url == GURL(kChromeUIHangURL)) { |
| (...skipping 4690 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5055 void RenderFrameImpl::RegisterMojoServices() { | 5070 void RenderFrameImpl::RegisterMojoServices() { |
| 5056 // Only main frame have ImageDownloader service. | 5071 // Only main frame have ImageDownloader service. |
| 5057 if (!frame_->parent()) { | 5072 if (!frame_->parent()) { |
| 5058 GetServiceRegistry()->AddService<image_downloader::ImageDownloader>( | 5073 GetServiceRegistry()->AddService<image_downloader::ImageDownloader>( |
| 5059 base::Bind(&ImageDownloaderImpl::CreateMojoService, | 5074 base::Bind(&ImageDownloaderImpl::CreateMojoService, |
| 5060 base::Unretained(this))); | 5075 base::Unretained(this))); |
| 5061 } | 5076 } |
| 5062 } | 5077 } |
| 5063 | 5078 |
| 5064 } // namespace content | 5079 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1266893002:
CFI: Add a new debug URL, chrome://badcast. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master