winheap_dump: handle errors gracefully

base/trace_event/malloc_dump_provider.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/trace_event/malloc_dump_provider.h"
 
 #include <stddef.h>
 
 #include "base/allocator/allocator_extension.h"
 #include "base/allocator/allocator_shim.h"
@@ skipping 87 matching lines @@
 struct WinHeapInfo {
   HANDLE heap_id;
   size_t committed_size;
   size_t uncommitted_size;
   size_t allocated_size;
   size_t block_count;
 };
 
 bool GetHeapInformation(WinHeapInfo* heap_info,
                         const std::set<void*>& block_to_skip) {
-  CHECK(::HeapLock(heap_info->heap_id) == TRUE);
+  // NOTE: crbug.com/464430
+  // As a part of the Client/Server Runtine Subsystem (CSRSS) lockdown in the
+  // referenced bug, it will invalidate the heap used by CSRSS. The author has
+  // not found a way to clean up an invalid heap handle, so it will be left in
+  // the process's heap list. Therefore we need to support when there is this
+  // invalid heap handle in the heap list.
+  // HeapLock implicitly checks certain aspects of the HEAP structure, such as
+  // the signature. If this passes, we assume that this heap is valid and is
+  // not the one owned by CSRSS.
+  if (!::HeapLock(heap_info->heap_id)) {
+    return false;
+  }
   PROCESS_HEAP_ENTRY heap_entry;
   heap_entry.lpData = nullptr;
   // Walk over all the entries in this heap.
   while (::HeapWalk(heap_info->heap_id, &heap_entry) != FALSE) {
     if (block_to_skip.count(heap_entry.lpData) == 1)
       continue;
     if ((heap_entry.wFlags & PROCESS_HEAP_ENTRY_BUSY) != 0) {
       heap_info->allocated_size += heap_entry.cbData;
       heap_info->block_count++;
     } else if ((heap_entry.wFlags & PROCESS_HEAP_REGION) != 0) {
@@ skipping 35 matching lines @@
   std::unique_ptr<HANDLE[]> all_heaps(new HANDLE[number_of_heaps]);
   if (::GetProcessHeaps(number_of_heaps, all_heaps.get()) != number_of_heaps)
     return;
 
   // Skip the pointer to the heap array to avoid accounting the memory used by
   // this dump provider.
   std::set<void*> block_to_skip;
   block_to_skip.insert(all_heaps.get());
 
   // Retrieves some metrics about each heap.
+  size_t heap_info_errors = 0;
   for (size_t i = 0; i < number_of_heaps; ++i) {
     WinHeapInfo heap_info = {0};
     heap_info.heap_id = all_heaps[i];
-    GetHeapInformation(&heap_info, block_to_skip);
-
-    all_heap_info->allocated_size += heap_info.allocated_size;
-    all_heap_info->committed_size += heap_info.committed_size;
-    all_heap_info->uncommitted_size += heap_info.uncommitted_size;
-    all_heap_info->block_count += heap_info.block_count;
+    if (GetHeapInformation(&heap_info, block_to_skip)) {
+      all_heap_info->allocated_size += heap_info.allocated_size;
+      all_heap_info->committed_size += heap_info.committed_size;
+      all_heap_info->uncommitted_size += heap_info.uncommitted_size;
+      all_heap_info->block_count += heap_info.block_count;
+    } else {
+      ++heap_info_errors;
+      // See notes in GetHeapInformation() but we only expect 1 heap to not be
+      // able to be read.
+      CHECK_EQ(1u, heap_info_errors);
+    }
   }
 }
 #endif  // defined(OS_WIN)
 }  // namespace
 
 // static
 const char MallocDumpProvider::kAllocatedObjects[] = "malloc/allocated_objects";
 
 // static
 MallocDumpProvider* MallocDumpProvider::GetInstance() {
@@ skipping 174 matching lines @@
       tid_dumping_heap_ == PlatformThread::CurrentId())
     return;
   AutoLock lock(allocation_register_lock_);
   if (!allocation_register_)
     return;
   allocation_register_->Remove(address);
 }
 
 }  // namespace trace_event
 }  // namespace base