mac: Hook up allocator shim during app startup.

base/allocator/allocator_interception_mac.mm

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file contains all the logic necessary to intercept allocations on
 // macOS. "malloc zones" are an abstraction that allows the process to intercept
 // all malloc-related functions.  There is no good mechanism [short of
 // interposition] to determine new malloc zones are added, so there's no clean
 // mechanism to intercept all malloc zones. This file contains logic to
 // intercept the default and purgeable zones, which always exist. A cursory
 // review of Chrome seems to imply that non-default zones are almost never used.
 //
 // This file also contains logic to intercept Core Foundation and Objective-C
 // allocations. The implementations forward to the default malloc zone, so the
 // only reason to intercept these calls is to re-label OOM crashes with slightly
 // more details.
 
 #include "base/allocator/allocator_interception_mac.h"
 
 #include <CoreFoundation/CoreFoundation.h>
 #import <Foundation/Foundation.h>
 #include <errno.h>
 #include <mach/mach.h>
 #include <mach/mach_vm.h>
 #import <objc/runtime.h>
 #include <stddef.h>
 
 #include <new>
 
+#include "base/allocator/allocator_shim.h"
+#include "base/allocator/features.h"
 #include "base/logging.h"
 #include "base/mac/mac_util.h"
 #include "base/mac/mach_logging.h"
 #include "base/process/memory.h"
 #include "base/scoped_clear_errno.h"
 #include "build/build_config.h"
 #include "third_party/apple_apsl/CFBase.h"
 
 namespace base {
 namespace allocator {
 
+bool g_replaced_default_zone = false;
+
 MallocZoneFunctions::MallocZoneFunctions() {}
 
 namespace {
 
 bool g_oom_killer_enabled;
-bool g_replaced_default_zone = false;
 
 // Starting with Mac OS X 10.7, the zone allocators set up by the system are
 // read-only, to prevent them from being overwritten in an attack. However,
 // blindly unprotecting and reprotecting the zone allocators fails with
 // GuardMalloc because GuardMalloc sets up its zone allocator using a block of
 // memory in its bss. Explicit saving/restoring of the protection is required.
 //
 // This function takes a pointer to a malloc zone, de-protects it if necessary,
 // and returns (in the out parameters) a region of memory (if any) to be
 // re-protected when modifications are complete. This approach assumes that
@@ skipping 139 matching lines @@
   // http://opensource.apple.com/source/Libc/Libc-583/gen/malloc.c ).
   if (!result && size && alignment >= sizeof(void*) &&
       (alignment & (alignment - 1)) == 0) {
     TerminateBecauseOutOfMemory(size);
   }
   return result;
 }
 
 #endif  // !defined(ADDRESS_SANITIZER)
 
-// === C++ operator new ===
-
-void oom_killer_new() {
-  TerminateBecauseOutOfMemory(0);
-}
-
 #if !defined(ADDRESS_SANITIZER)
 
 // === Core Foundation CFAllocators ===
 
 bool CanGetContextForCFAllocator() {
   return !base::mac::IsOSLaterThan10_12_DontCallThis();
 }
 
 CFAllocatorContext* ContextForCFAllocator(CFAllocatorRef allocator) {
   ChromeCFAllocatorLions* our_allocator = const_cast<ChromeCFAllocatorLions*>(
@@ skipping 212 matching lines @@
   // due to these other factors, or due to genuine memory or address space
   // exhaustion. The fact that it only allocates space from the "tiny" free list
   // means that it's likely that a failure will not be due to memory exhaustion.
   // Similarly, these constraints on batch_malloc mean that callers must always
   // be expecting to receive less memory than was requested, even in situations
   // where memory pressure is not a concern. Finally, the only public interface
   // to batch_malloc is malloc_zone_batch_malloc, which is specific to the
   // system's malloc implementation. It's unlikely that anyone's even heard of
   // it.
 
-  // === C++ operator new ===
-
-  // Yes, operator new does call through to malloc, but this will catch failures
-  // that our imperfect handling of malloc cannot.
-
-  std::set_new_handler(oom_killer_new);
-
 #ifndef ADDRESS_SANITIZER
   // === Core Foundation CFAllocators ===
 
   // This will not catch allocation done by custom allocators, but will catch
   // all allocation done by system-provided ones.
 
   CHECK(!g_old_cfallocator_system_default && !g_old_cfallocator_malloc &&
         !g_old_cfallocator_malloc_zone)
       << "Old allocators unexpectedly non-null";
 
@@ skipping 41 matching lines @@
   g_old_allocWithZone =
       reinterpret_cast<allocWithZone_t>(method_getImplementation(orig_method));
   CHECK(g_old_allocWithZone)
       << "Failed to get allocWithZone allocation function.";
   method_setImplementation(orig_method,
                            reinterpret_cast<IMP>(oom_killer_allocWithZone));
 }
 
 }  // namespace allocator
 }  // namespace base