Make SyzyAsan support the allocation > 1GB

syzygy/agent/asan/heap_managers/block_heap_manager.cc

Index: syzygy/agent/asan/heap_managers/block_heap_manager.cc
diff --git a/syzygy/agent/asan/heap_managers/block_heap_manager.cc b/syzygy/agent/asan/heap_managers/block_heap_manager.cc
index 515ab9e7db07e0951237bb45c2d79bec78aabe59..da73c5691df08da21e80305f68a05daf2bfa3dd0 100644
--- a/syzygy/agent/asan/heap_managers/block_heap_manager.cc
+++ b/syzygy/agent/asan/heap_managers/block_heap_manager.cc
@@ -66,6 +66,22 @@ size_t GetMSBIndex(size_t n) {
   return r;
 }
 
+// Try to do an unguarded allocation.
+// @param heap_interface The heap that should serve the allocation.
+// @param shadow The shadow memory.
+// @param bytes The size of the allocation.
+// @returns a pointer to the allocation on success, nullptr otherwise.
+void* DoUnguardedAllocation(BlockHeapInterface* heap_interface,
+                            Shadow* shadow,
+                            uint32_t bytes) {
+  void* alloc = heap_interface->Allocate(bytes);
+  if ((heap_interface->GetHeapFeatures() &
+       HeapInterface::kHeapReportsReservations) != 0) {
+    shadow->Unpoison(alloc, bytes);
+  }
+  return alloc;
+}
+
 }  // namespace
 
 BlockHeapManager::BlockHeapManager(Shadow* shadow,
@@ -179,13 +195,7 @@ void* BlockHeapManager::Allocate(HeapId heap_id, uint32_t bytes) {
   // Some allocations can pass through without instrumentation.
   if (parameters_.allocation_guard_rate < 1.0 &&
       base::RandDouble() >= parameters_.allocation_guard_rate) {
-    BlockHeapInterface* heap = GetHeapFromId(heap_id);
-    void* alloc = heap->Allocate(bytes);
-    if ((heap->GetHeapFeatures() &
-        HeapInterface::kHeapReportsReservations) != 0) {
-      shadow_->Unpoison(alloc, bytes);
-    }
-    return alloc;
+    return DoUnguardedAllocation(GetHeapFromId(heap_id), shadow_, bytes);
   }
 
   // Capture the current stack. InitFromStack is inlined to preserve the
@@ -226,9 +236,11 @@ void* BlockHeapManager::Allocate(HeapId heap_id, uint32_t bytes) {
     }
   }
 
-  // The allocation can fail if we're out of memory.
+  // The allocation might fail because its size exceed the maximum size that

[Sigurður Ásgeirsson, 2016/11/25 18:16:11]

It would IMHO make much more sense, and be much simpler and easier to maintain
correctness, if we outright reject allocations that are too large. I guarantee
that there's no code in Chrome that requires the ability to allocate >1Gb in a
chunk, though there will be code that makes that attempt.

[Sébastien Marchand, 2016/11/25 21:14:57]

I'm not sure, we had some CF test cases who allocate some really large buffers,
and I don't think that this is an issue? We shouldn't crash for these, we could
return nullptr but we've always to try to mimic Chrome as much as we can in this
kind of edge cases, and in this case Chrome doesn't cap the allocation size, so
I'm not sure that we should do it either (not instrumenting this allocation is a
different thing).

+  // we can represent in the BlockHeader structure, try to do an unguarded
+  // allocation.
   if (alloc == nullptr)
-    return nullptr;
+    return DoUnguardedAllocation(GetHeapFromId(heap_id), shadow_, bytes);
 
   DCHECK_NE(static_cast<void*>(nullptr), alloc);
   DCHECK_EQ(0u, reinterpret_cast<size_t>(alloc) % kShadowRatio);