| OLD | NEW |
|---|
| 1 ############################################################################# | 1 ############################################################################# |
| 2 # UBSan vptr blacklist. | 2 # UBSan vptr blacklist. |
| 3 # Function and type based blacklisting use a mangled name, and it is especially | 3 # Function and type based blacklisting use a mangled name, and it is especially |
| 4 # tricky to represent C++ types. For now, any possible changes by name manglings | 4 # tricky to represent C++ types. For now, any possible changes by name manglings |
| 5 # are simply represented as wildcard expressions of regexp, and thus it might be | 5 # are simply represented as wildcard expressions of regexp, and thus it might be |
| 6 # over-blacklisted. | 6 # over-blacklisted. |
| 7 | 7 |
| 8 ############################################################################# | 8 ############################################################################# |
| 9 # Identical layouts. | 9 # Identical layouts. |
| 10 # If base and derived classes have identifical memory layouts (i.e., the same | 10 # If base and derived classes have identifical memory layouts (i.e., the same |
| 11 # object size) and both have no virtual functions, we blacklist them as there | 11 # object size) and both have no virtual functions, we blacklist them as there |
| 12 # would be not much security implications. | 12 # would be not much security implications. |
| 13 | 13 |
| 14 fun:*LifecycleNotifier*addObserver* | 14 fun:*LifecycleNotifier*addObserver* |
| 15 fun:*LifecycleNotifier*removeObserver* | 15 fun:*LifecycleNotifier*removeObserver* |
| 16 fun:*toWebInputElement* | 16 fun:*toWebInputElement* |
| 17 type:*base*MessageLoopForIO* | 17 type:*base*MessageLoopForIO* |
| 18 type:*base*MessageLoopForUI* |
| 18 type:*BlockRefType* | 19 type:*BlockRefType* |
| 19 type:*SkAutoTUnref* | 20 type:*SkAutoTUnref* |
| 20 type:*WDResult* | 21 type:*WDResult* |
| 21 type:*ExecutionContext* | 22 type:*ExecutionContext* |
| 22 type:*WebInputElement* | 23 type:*WebInputElement* |
| 23 type:*WebFormControlElement* | 24 type:*WebFormControlElement* |
| 24 | 25 |
| 25 # Avoid identical layout cases for 86 different classes in InspectorTypeBuilder, | 26 # Avoid identical layout cases for 86 different classes in InspectorTypeBuilder, |
| 26 # all of which are guarded using COMPILER_ASSERT on the object size. Two more | 27 # all of which are guarded using COMPILER_ASSERT on the object size. Two more |
| 27 # types are also blacklisted due to the template class (JSONArray <-> Array<T>). | 28 # types are also blacklisted due to the template class (JSONArray <-> Array<T>). |
| (...skipping 13 matching lines...) Expand all Loading... |
| 41 | 42 |
| 42 # RenderViewObserverTracker<T>::RenderViewObserverTracker() | 43 # RenderViewObserverTracker<T>::RenderViewObserverTracker() |
| 43 fun:*content*RenderViewObserverTracker*RenderView* | 44 fun:*content*RenderViewObserverTracker*RenderView* |
| 44 | 45 |
| 45 ############################################################################# | 46 ############################################################################# |
| 46 # Base class's destructor accesses a derived class. | 47 # Base class's destructor accesses a derived class. |
| 47 | 48 |
| 48 fun:*DatabaseContext*contextDestroyed* | 49 fun:*DatabaseContext*contextDestroyed* |
| 49 | 50 |
| 50 # FIXME: Cannot handle template function LifecycleObserver<>::setContext, | 51 # FIXME: Cannot handle template function LifecycleObserver<>::setContext, |
| 51 # so exclude source file for now. | 52 # so exclude source file for now. |
| 52 src:*LifecycleObserver.h* | 53 src:*LifecycleObserver.h* |
| 53 | 54 |
| 54 ############################################################################# | 55 ############################################################################# |
| 55 # static_cast into itself in the constructor. | 56 # static_cast into itself in the constructor. |
| 56 | 57 |
| 57 fun:*RefCountedGarbageCollected*makeKeepAlive* | 58 fun:*RefCountedGarbageCollected*makeKeepAlive* |
| 58 fun:*ThreadSafeRefCountedGarbageCollected*makeKeepAlive* | 59 fun:*ThreadSafeRefCountedGarbageCollected*makeKeepAlive* |
| 59 | 60 |
| 60 ############################################################################# | 61 ############################################################################# |
| 61 # Accessing data in destructors where the class has virtual inheritances. | 62 # Accessing data in destructors where the class has virtual inheritances. |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 ############################################################################# | 131 ############################################################################# |
| 131 # UBsan goes into an infinite recursion when __dynamic_cast instrumented with | 132 # UBsan goes into an infinite recursion when __dynamic_cast instrumented with |
| 132 # "vptr". See crbug.com/609786. | 133 # "vptr". See crbug.com/609786. |
| 133 | 134 |
| 134 src:*/third_party/libc\+\+abi/trunk/src/private_typeinfo.cpp | 135 src:*/third_party/libc\+\+abi/trunk/src/private_typeinfo.cpp |
| 135 | 136 |
| 136 ############################################################################# | 137 ############################################################################# |
| 137 # invalid downcasts for IPC messages | 138 # invalid downcasts for IPC messages |
| 138 # https://crbug.com/520760 | 139 # https://crbug.com/520760 |
| 139 src:*nacl_message_scanner.cc | 140 src:*nacl_message_scanner.cc |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2902733002:
Add MessageLoopForUI to the ubsan vptr blacklist. (Closed)
