Revert of Add support for more ASAN errors generation to chrome://crash/...

content/renderer/render_frame_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_frame_impl.h"
 
 #include <map>
 #include <string>
 
 #include "base/auto_reset.h"
@@ skipping 184 matching lines @@
   return ds->originalRequest().url();
 }
 
 NOINLINE static void CrashIntentionally() {
   // NOTE(shess): Crash directly rather than using NOTREACHED() so
   // that the signature is easier to triage in crash reports.
   volatile int* zero = NULL;
   *zero = 0;
 }
 
-#if defined(SYZYASAN)
-// This code triggers a C4509 warning as we're using an object with a destructor
-// in a function with SEH. We can safely disable this as no exception will
-// actually be thrown.
-#pragma warning(push)
-#pragma warning(disable: 4509)
-NOINLINE static void CorruptMemoryBlock() {
-  // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to
-  //     trigger an Address Sanitizer (ASAN) error report.
-  static const int kArraySize = 5;
-  scoped_ptr<int[]> array(new int[kArraySize]);
-  // Encapsulate the invalid memory access into a try-catch statement to prevent
-  // this function from being instrumented. This way the underflow won't be
-  // detected but the corruption will (as the allocator will still be hooked).
-  __try {
-    int dummy = array[-1]--;
-    // Make sure the assignments to the dummy value aren't optimized away.
-    base::debug::Alias(&array);
-  } __except (EXCEPTION_EXECUTE_HANDLER) {
-    return;
-  }
-}
-#pragma warning(pop)
-#endif
-
 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
 NOINLINE static void MaybeTriggerAsanError(const GURL& url) {
   // NOTE(rogerm): We intentionally perform an invalid heap access here in
   //     order to trigger an Address Sanitizer (ASAN) error report.
   static const char kCrashDomain[] = "crash";
   static const char kHeapOverflow[] = "/heap-overflow";
   static const char kHeapUnderflow[] = "/heap-underflow";
   static const char kUseAfterFree[] = "/use-after-free";
-#if defined(SYZYASAN)
-  static const char kCorruptHeapBlock[] = "/corrupt-heap-block";
-#endif
   static const int kArraySize = 5;
 
   if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1))
     return;
 
   if (!url.has_path())
     return;
 
   scoped_ptr<int[]> array(new int[kArraySize]);
   std::string crash_type(url.path());
   int dummy = 0;
   if (crash_type == kHeapOverflow) {
     dummy = array[kArraySize];
   } else if (crash_type == kHeapUnderflow ) {
     dummy = array[-1];
   } else if (crash_type == kUseAfterFree) {
     int* dangling = array.get();
     array.reset();
     dummy = dangling[kArraySize / 2];
-#if defined(SYZYASAN)
-  } else if (crash_type == kCorruptHeapBlock) {
-    CorruptMemoryBlock();
-#endif
   }
 
   // Make sure the assignments to the dummy value aren't optimized away.
   base::debug::Alias(&dummy);
 }
 #endif  // ADDRESS_SANITIZER || SYZYASAN
 
 static void MaybeHandleDebugURL(const GURL& url) {
   if (!url.SchemeIs(kChromeUIScheme))
     return;
@@ skipping 2927 matching lines @@
     selection_text_offset_ = offset;
     selection_range_ = range;
     // This IPC is dispatched by RenderWidetHost, so use its routing ID.
     Send(new ViewHostMsg_SelectionChanged(
         GetRenderWidget()->routing_id(), text, offset, range));
   }
   GetRenderWidget()->UpdateSelectionBounds();
 }
 
 }  // namespace content