Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(934)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/render_frame_impl.cc

Issue 212643015: Use SYZYASAN instead of ADDRESS_SANITIZER. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome_elf/elf_imports_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/render_frame_impl.h" 5 #include "content/renderer/render_frame_impl.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 9
10 #include "base/auto_reset.h" 10 #include "base/auto_reset.h"
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after
169 } 169 }
170 } 170 }
171 171
172 NOINLINE static void CrashIntentionally() { 172 NOINLINE static void CrashIntentionally() {
173 // NOTE(shess): Crash directly rather than using NOTREACHED() so 173 // NOTE(shess): Crash directly rather than using NOTREACHED() so
174 // that the signature is easier to triage in crash reports. 174 // that the signature is easier to triage in crash reports.
175 volatile int* zero = NULL; 175 volatile int* zero = NULL;
176 *zero = 0; 176 *zero = 0;
177 } 177 }
178 178
179 #if defined(ADDRESS_SANITIZER) 179 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
180 NOINLINE static void MaybeTriggerAsanError(const GURL& url) { 180 NOINLINE static void MaybeTriggerAsanError(const GURL& url) {
181 // NOTE(rogerm): We intentionally perform an invalid heap access here in 181 // NOTE(rogerm): We intentionally perform an invalid heap access here in
182 // order to trigger an Address Sanitizer (ASAN) error report. 182 // order to trigger an Address Sanitizer (ASAN) error report.
183 static const char kCrashDomain[] = "crash"; 183 static const char kCrashDomain[] = "crash";
184 static const char kHeapOverflow[] = "/heap-overflow"; 184 static const char kHeapOverflow[] = "/heap-overflow";
185 static const char kHeapUnderflow[] = "/heap-underflow"; 185 static const char kHeapUnderflow[] = "/heap-underflow";
186 static const char kUseAfterFree[] = "/use-after-free"; 186 static const char kUseAfterFree[] = "/use-after-free";
187 static const int kArraySize = 5; 187 static const int kArraySize = 5;
188 188
189 if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1)) 189 if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1))
(...skipping 11 matching lines...) Expand all
201 dummy = array[-1]; 201 dummy = array[-1];
202 } else if (crash_type == kUseAfterFree) { 202 } else if (crash_type == kUseAfterFree) {
203 int* dangling = array.get(); 203 int* dangling = array.get();
204 array.reset(); 204 array.reset();
205 dummy = dangling[kArraySize / 2]; 205 dummy = dangling[kArraySize / 2];
206 } 206 }
207 207
208 // Make sure the assignments to the dummy value aren't optimized away. 208 // Make sure the assignments to the dummy value aren't optimized away.
209 base::debug::Alias(&dummy); 209 base::debug::Alias(&dummy);
210 } 210 }
211 #endif // ADDRESS_SANITIZER 211 #endif // ADDRESS_SANITIZER || SYZYASAN
212 212
213 static void MaybeHandleDebugURL(const GURL& url) { 213 static void MaybeHandleDebugURL(const GURL& url) {
214 if (!url.SchemeIs(kChromeUIScheme)) 214 if (!url.SchemeIs(kChromeUIScheme))
215 return; 215 return;
216 if (url == GURL(kChromeUICrashURL)) { 216 if (url == GURL(kChromeUICrashURL)) {
217 CrashIntentionally(); 217 CrashIntentionally();
218 } else if (url == GURL(kChromeUIKillURL)) { 218 } else if (url == GURL(kChromeUIKillURL)) {
219 base::KillProcess(base::GetCurrentProcessHandle(), 1, false); 219 base::KillProcess(base::GetCurrentProcessHandle(), 1, false);
220 } else if (url == GURL(kChromeUIHangURL)) { 220 } else if (url == GURL(kChromeUIHangURL)) {
221 for (;;) { 221 for (;;) {
222 base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(1)); 222 base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(1));
223 } 223 }
224 } else if (url == GURL(kChromeUIShorthangURL)) { 224 } else if (url == GURL(kChromeUIShorthangURL)) {
225 base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(20)); 225 base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(20));
226 } 226 }
227 227
228 #if defined(ADDRESS_SANITIZER) 228 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
229 MaybeTriggerAsanError(url); 229 MaybeTriggerAsanError(url);
230 #endif // ADDRESS_SANITIZER 230 #endif // ADDRESS_SANITIZER || SYZYASAN
231 } 231 }
232 232
233 // Returns false unless this is a top-level navigation. 233 // Returns false unless this is a top-level navigation.
234 static bool IsTopLevelNavigation(WebFrame* frame) { 234 static bool IsTopLevelNavigation(WebFrame* frame) {
235 return frame->parent() == NULL; 235 return frame->parent() == NULL;
236 } 236 }
237 237
238 // Returns false unless this is a top-level navigation that crosses origins. 238 // Returns false unless this is a top-level navigation that crosses origins.
239 static bool IsNonLocalTopLevelNavigation(const GURL& url, 239 static bool IsNonLocalTopLevelNavigation(const GURL& url,
240 WebFrame* frame, 240 WebFrame* frame,
(...skipping 2678 matching lines...) Expand 10 before | Expand all | Expand 10 after
2919 selection_text_offset_ = offset; 2919 selection_text_offset_ = offset;
2920 selection_range_ = range; 2920 selection_range_ = range;
2921 // This IPC is dispatched by RenderWidetHost, so use its routing ID. 2921 // This IPC is dispatched by RenderWidetHost, so use its routing ID.
2922 Send(new ViewHostMsg_SelectionChanged( 2922 Send(new ViewHostMsg_SelectionChanged(
2923 GetRenderWidget()->routing_id(), text, offset, range)); 2923 GetRenderWidget()->routing_id(), text, offset, range));
2924 } 2924 }
2925 GetRenderWidget()->UpdateSelectionBounds(); 2925 GetRenderWidget()->UpdateSelectionBounds();
2926 } 2926 }
2927 2927
2928 } // namespace content 2928 } // namespace content
OLDNEW
« no previous file with comments | « chrome_elf/elf_imports_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698