Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(329)

Unified Diff: syzygy/agent/asan/heap_checker.cc

Issue 2379023002: [SyzyAsan] Fix overflow error in ShadowWalker for 4GB 32-bit processes. (Closed)
Patch Set: Fix comments. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: syzygy/agent/asan/heap_checker.cc
diff --git a/syzygy/agent/asan/heap_checker.cc b/syzygy/agent/asan/heap_checker.cc
index 70a5a3025397da903ab01ca1c3e94286bcfcf53b..2b93f4f12351ab7e2576ac9b43670f2f861701f0 100644
--- a/syzygy/agent/asan/heap_checker.cc
+++ b/syzygy/agent/asan/heap_checker.cc
@@ -37,24 +37,27 @@ bool HeapChecker::IsHeapCorrupt(CorruptRangesVector* corrupt_ranges) {
::common::AutoRecursiveLock scoped_lock(block_protect_lock);
// Walk over all of the addressable memory to find the corrupt blocks.
+ // Allow memory_size to overflow to 0 for 4GB 32-bit processes.
// TODO(sebmarchand): Iterates over the heap slabs once we have switched to
// a new memory allocator.
GetCorruptRangesInSlab(
reinterpret_cast<const uint8_t*>(Shadow::kAddressLowerBound),
- shadow_->memory_size() - Shadow::kAddressLowerBound - 1, corrupt_ranges);
+ reinterpret_cast<const uint8_t*>(shadow_->memory_size()),
+ corrupt_ranges);
return !corrupt_ranges->empty();
}
void HeapChecker::GetCorruptRangesInSlab(const uint8_t* lower_bound,
- size_t length,
+ const uint8_t* upper_bound,
CorruptRangesVector* corrupt_ranges) {
DCHECK_NE(static_cast<const uint8_t*>(nullptr), lower_bound);
- DCHECK_NE(0U, length);
+ DCHECK(upper_bound == nullptr || lower_bound <= upper_bound);
DCHECK_NE(static_cast<CorruptRangesVector*>(nullptr), corrupt_ranges);
+ // An overflowed |upper_bound| is handled correctly by the ShadowWalker.
ShadowWalker shadow_walker(
- shadow_, false, lower_bound, lower_bound + length);
+ shadow_, false, lower_bound, upper_bound);
AsanCorruptBlockRange* current_corrupt_range = nullptr;

Powered by Google App Engine
This is Rietveld 408576698