Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2958)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/render_frame_impl.cc

Issue 306753003: Add some function and URLs to induce ASan crashes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address Timur and nasko's comments. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/debug_urls.cc ('K') | « content/browser/frame_host/debug_urls.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/render_frame_impl.cc
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 4b2cd927fbc335fcd1a57c2746bbad5554e311bc..2791620e51058a898e96eb25f9f478ea10cf97ca 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -10,6 +10,7 @@
#include "base/auto_reset.h"
#include "base/command_line.h"
#include "base/debug/alias.h"
+#include "base/debug/asan_invalid_access.h"
#include "base/debug/dump_without_crashing.h"
#include "base/i18n/char_iterator.h"
#include "base/metrics/histogram.h"
@@ -262,6 +263,7 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) {
static const char kUseAfterFree[] = "/use-after-free";
#if defined(SYZYASAN)
static const char kCorruptHeapBlock[] = "/corrupt-heap-block";
+ static const char kCorruptHeap[] = "/corrupt-heap";
#endif
static const int kArraySize = 5;
@@ -271,25 +273,20 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) {
if (!url.has_path())
return;
- scoped_ptr<int[]> array(new int[kArraySize]);
std::string crash_type(url.path());
- int dummy = 0;
if (crash_type == kHeapOverflow) {
- dummy = array[kArraySize];
+ base::debug::AsanHeapOverflow();
} else if (crash_type == kHeapUnderflow ) {
- dummy = array[-1];
+ base::debug::AsanHeapUnderflow();
} else if (crash_type == kUseAfterFree) {
- int* dangling = array.get();
- array.reset();
- dummy = dangling[kArraySize / 2];
+ base::debug::AsanHeapUseAfterFree();
#if defined(SYZYASAN)
} else if (crash_type == kCorruptHeapBlock) {
- CorruptMemoryBlock();
+ base::debug::AsanCorruptHeapBlock();
+ } else if (crash_type == kCorruptHeap) {
+ base::debug::AsanCorruptHeap();
#endif
}
-
- // Make sure the assignments to the dummy value aren't optimized away.
- base::debug::Alias(&dummy);
}
#endif // ADDRESS_SANITIZER || SYZYASAN
« content/browser/frame_host/debug_urls.cc ('K') | « content/browser/frame_host/debug_urls.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698