Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Side by Side Diff: syzygy/agent/asan/heap_checker.cc

Issue 2379023002: [SyzyAsan] Fix overflow error in ShadowWalker for 4GB 32-bit processes. (Closed)
Patch Set: Fix comments. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 Google Inc. All Rights Reserved. 1 // Copyright 2014 Google Inc. All Rights Reserved.
2 // 2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License. 4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at 5 // You may obtain a copy of the License at
6 // 6 //
7 // http://www.apache.org/licenses/LICENSE-2.0 7 // http://www.apache.org/licenses/LICENSE-2.0
8 // 8 //
9 // Unless required by applicable law or agreed to in writing, software 9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, 10 // distributed under the License is distributed on an "AS IS" BASIS,
(...skipping 19 matching lines...) Expand all
30 DCHECK_NE(static_cast<CorruptRangesVector*>(nullptr), corrupt_ranges); 30 DCHECK_NE(static_cast<CorruptRangesVector*>(nullptr), corrupt_ranges);
31 31
32 corrupt_ranges->clear(); 32 corrupt_ranges->clear();
33 33
34 // Grab the page protection lock. This prevents multiple heap checkers from 34 // Grab the page protection lock. This prevents multiple heap checkers from
35 // running simultaneously, and also prevents page protections from being 35 // running simultaneously, and also prevents page protections from being
36 // modified from underneath us. 36 // modified from underneath us.
37 ::common::AutoRecursiveLock scoped_lock(block_protect_lock); 37 ::common::AutoRecursiveLock scoped_lock(block_protect_lock);
38 38
39 // Walk over all of the addressable memory to find the corrupt blocks. 39 // Walk over all of the addressable memory to find the corrupt blocks.
40 // Allow memory_size to overflow to 0 for 4GB 32-bit processes.
40 // TODO(sebmarchand): Iterates over the heap slabs once we have switched to 41 // TODO(sebmarchand): Iterates over the heap slabs once we have switched to
41 // a new memory allocator. 42 // a new memory allocator.
42 GetCorruptRangesInSlab( 43 GetCorruptRangesInSlab(
43 reinterpret_cast<const uint8_t*>(Shadow::kAddressLowerBound), 44 reinterpret_cast<const uint8_t*>(Shadow::kAddressLowerBound),
44 shadow_->memory_size() - Shadow::kAddressLowerBound - 1, corrupt_ranges); 45 reinterpret_cast<const uint8_t*>(shadow_->memory_size()),
46 corrupt_ranges);
45 47
46 return !corrupt_ranges->empty(); 48 return !corrupt_ranges->empty();
47 } 49 }
48 50
49 void HeapChecker::GetCorruptRangesInSlab(const uint8_t* lower_bound, 51 void HeapChecker::GetCorruptRangesInSlab(const uint8_t* lower_bound,
50 size_t length, 52 const uint8_t* upper_bound,
51 CorruptRangesVector* corrupt_ranges) { 53 CorruptRangesVector* corrupt_ranges) {
52 DCHECK_NE(static_cast<const uint8_t*>(nullptr), lower_bound); 54 DCHECK_NE(static_cast<const uint8_t*>(nullptr), lower_bound);
53 DCHECK_NE(0U, length); 55 DCHECK(upper_bound == nullptr || lower_bound <= upper_bound);
54 DCHECK_NE(static_cast<CorruptRangesVector*>(nullptr), corrupt_ranges); 56 DCHECK_NE(static_cast<CorruptRangesVector*>(nullptr), corrupt_ranges);
55 57
58 // An overflowed |upper_bound| is handled correctly by the ShadowWalker.
56 ShadowWalker shadow_walker( 59 ShadowWalker shadow_walker(
57 shadow_, false, lower_bound, lower_bound + length); 60 shadow_, false, lower_bound, upper_bound);
58 61
59 AsanCorruptBlockRange* current_corrupt_range = nullptr; 62 AsanCorruptBlockRange* current_corrupt_range = nullptr;
60 63
61 // Iterates over the blocks. 64 // Iterates over the blocks.
62 BlockInfo block_info = {}; 65 BlockInfo block_info = {};
63 while (shadow_walker.Next(&block_info)) { 66 while (shadow_walker.Next(&block_info)) {
64 // Remove the protections on this block so its checksum can be safely 67 // Remove the protections on this block so its checksum can be safely
65 // validated. We leave the protections permanently removed so that the 68 // validated. We leave the protections permanently removed so that the
66 // minidump generation has free access to block contents. 69 // minidump generation has free access to block contents.
67 BlockProtectNone(block_info, shadow_); 70 BlockProtectNone(block_info, shadow_);
(...skipping 25 matching lines...) Expand all
93 block_info.RawHeader() + block_info.block_size; 96 block_info.RawHeader() + block_info.block_size;
94 current_corrupt_range->length = 97 current_corrupt_range->length =
95 current_block_end - 98 current_block_end -
96 reinterpret_cast<const uint8_t*>(current_corrupt_range->address); 99 reinterpret_cast<const uint8_t*>(current_corrupt_range->address);
97 } 100 }
98 } 101 }
99 } 102 }
100 103
101 } // namespace asan 104 } // namespace asan
102 } // namespace agent 105 } // namespace agent
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698