android: Enable death on malloc/operator new failure (m53 cherry-pick)

android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966, 317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
NOTRY=true
NOPRESUBMIT=true

[Primiano Tucci (use gerrit), 2016-08-04 08:48:33]

Description was changed from

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/

Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}
==========

to

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
==========

[Primiano Tucci (use gerrit), 2016-08-04 08:48:33]

primiano@chromium.org changed reviewers:
+ thakis@chromium.org

[Primiano Tucci (use gerrit), 2016-08-04 08:50:27]

thakis: TBR-ing for the cherry-pick in M53.
Note: i did deliberately cherry-pick only the production code. The #ifdef in the
test seem quite different for some windows changes in the release branch, and
IMHO attempting to solve the conflicts will more likely end up in breaking the
release testers without bringing any real value.

[Primiano Tucci (use gerrit), 2016-08-04 08:50:35]

The CQ bit was checked by primiano@chromium.org

[commit-bot: I haz the power, 2016-08-04 08:50:50]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-04 08:50:51]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-04 08:50:52]

CLs for remote refs other than refs/pending/heads/master must contain NOTRY=true
and NOPRESUBMIT=true in order for the CQ to process them

[Primiano Tucci (use gerrit), 2016-08-04 09:17:03]

Description was changed from

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
==========

to

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
NOTRY=true
NOPRESUBMIT=true
==========

[Primiano Tucci (use gerrit), 2016-08-04 09:17:09]

The CQ bit was checked by primiano@chromium.org

[commit-bot: I haz the power, 2016-08-04 09:17:33]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-04 09:19:57]

Description was changed from

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
NOTRY=true
NOPRESUBMIT=true
==========

to

==========
android: Enable death on malloc/operator new failure (m53 cherry-pick)

Original CL: https://codereview.chromium.org/2201363002/
Original CL Description:
1. Historically the OnNoMemory suicide on malloc/new failure was not
enabled on Android. This seems to be due to the fact that
set_new_handler was not avilable on Android back in the days of
pre-libcxx. See crbug.com/317791 .

2. After the libcxx switch, however, the combination of operator new
throwing bad_alloc and chrome building with -fno-exception made
operator new (but not malloc) inadvertently suicidal, by virtue of
ending up calling the default exception handler.
See crbug.com/633313#c28 .

3. crrev.com/1883093005 (first seen in M52) introduced a shim layer
wrapping malloc and operator new, which was intending, among the
various things, to make malloc / new finally secure on Android.
This good intend, however, failed to materialize because the
set_new_handler call in memory_linux.cc was still #ifdef-ed out
on Android. Similarly the memory_unittests.cc were excluded on
Android for the same reason (Android was deemed to not possibly
be secure since 1.).

In summary here's what went wrong:
- When we switched to libcxx, nobody realized that we could have
  finally taken advantage of set_new_handler.
- When I enabled the android shim I didn't realize about the
  missing set_new_handler call. I was assuming that the memory
  tests would have screamed red if I did something wrong, but I
  didn't realize that they were disabled on Android.

This CL fixes all this, enabling set_new_handler on Android and
enabling the tests.

Note also that this CL is just about inducing a hard crash on malloc failure.
This does not change the situation about disallowing large allocations
(>2GB) that might cause int signed/unsigned bugs
(see crbug.com/169327). As things stand today, Android never had that
check and still doesn't yet after this CL.

BUG=633966,317791
TEST=base_unittests --gtest_filter=OutOfMemory*

Review-Url: https://codereview.chromium.org/2201363002
Cr-Commit-Position: refs/heads/master@{#409531}

TBR=thakis@chromium.org
NOTRY=true
NOPRESUBMIT=true
==========

[commit-bot: I haz the power, 2016-08-04 09:19:58]

Committed patchset #1 (id:1)