Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3703)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: tools/ubsan_vptr/blacklist.txt

Issue 405643002: Blacklist for UBsan's vptr. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed typo Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tools/ubsan_vptr/blacklist.txt
diff --git a/tools/ubsan_vptr/blacklist.txt b/tools/ubsan_vptr/blacklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..f47555724bc073cbc07e5621b894d1094e87237b
--- /dev/null
+++ b/tools/ubsan_vptr/blacklist.txt
@@ -0,0 +1,83 @@
+#############################################################################
+# Identical layouts.
+# If base and derived classes have identifical memory layouts (i.e., the same
+# object size) and both have no virtual functions, we blacklist them as there
+# would be not much security implications.
+
+fun:*LifecycleNotifier*addObserver*
+fun:*LifecycleNotifier*removeObserver*
+fun:*toWebInputElement*
+type:*base*MessageLoopForIO*
+type:*BlockRefType*
+type:*SkAutoTUnref*
+type:*WDResult*
+type:*WebCore*ExecutionContext*
+type:*blink*WebInputElement*
+type:*blink*WebFormControlElement*
+
+# Avoid identical layout cases for 86 different classes in InspectorTypeBuilder,
+# all of which are guarded using COMPILER_ASSERT on the object size. Two more
+# types are also blacklisted due to the template class (JSONArray <-> Array<T>).
+
+src:*InspectorTypeBuilder.h*
+type:*WebCore*TypeBuilder*
+type:*WebCore*JSONArray*
+
+#############################################################################
+# Base class's constructor accesses a derived class's member.
+
+fun:*DoublyLinkedListNode*
+type:*content*WebUIExtensionData*
+type:*v8*internal*CompilationInfo*
+
+# RenderFrameObserverTracker<T>::RenderFrameObserverTracker()
+fun:_ZN7content*RenderFrameObserverTracker*EC2EPKNS*RenderFrameE
+
+# RenderFrameObserverTracker<T>::RenderFrameObserverTracker()
+fun:_ZN7content*RenderViewObserverTracker*EC2EPKNS*RenderViewE
+
+#############################################################################
+# Base class's destructor accesses a derived class.
+
+fun:*DatabaseContext*contextDestroyed*
+
+#############################################################################
+# static_cast into itself in the constructor.
+
+fun:*RefCountedGarbageCollected*makeKeepAlive*
+
+#############################################################################
+# Accessing data in destructurors where the class has virtual inheritances.
+
+type:*content*RenderWidgetHost*
+
+# Mangled name for content::RenderViewHostImpl::~RenderViewHostImpl()
+fun:_ZN7content18RenderViewHostImplD2Ev
+
+#############################################################################
+# Using raw pointer values.
+#
+# A raw pointer value (16) is used to infer the field offset by
+# GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET.
+
+src:*/third_party/protobuf/src/google/protobuf/compiler/plugin.pb.cc
+src:*/third_party/protobuf/src/google/protobuf/compiler/cpp/cpp_message.cc
+src:*/third_party/protobuf/src/google/protobuf/descriptor.pb.cc
+
+#############################################################################
+# Avoid link errors.
+# Ubsan vptr needs typeinfo on the target class, but it looks like typeinfo is
+# not avaiable if the class is not exported. For now, simply blacklisted to
+# avoid link errors; e.g., undefined reference to 'typeinfo for [CLASS_NAME]'.
+
+# obj/ppapi/libppapi_proxy.a(obj/ppapi/proxy/ppapi_proxy.proxy_channel.o):../../ppapi/proxy/proxy_channel.cc:__unnamed_53: error: undefined reference to 'typeinfo for IPC::TestSink'
+src:*/ppapi/proxy/proxy_channel.cc
+
+# obj/chrome/libbrowser.a(obj/chrome/browser/net/browser.predictor.o):../../chrome/browser/net/predictor.cc:__unnamed_577: error: undefined reference to 'typeinfo for ProxyAdvisor'
+src:*/chrome/browser/net/predictor.cc
+
+# obj/third_party/pdfium/libfpdfapi.a(obj/third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdfapi.fpdf_render_text.o):../../third_party/pdfium/core/src/fpdfapi/fpdf_render/:__unnamed_360: error: undefined reference to 'typeinfo for CPDF_InlineImages'
+src:*/third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_text.cpp
+
+# obj/third_party/libwebm/libwebm.a(obj/third_party/libwebm/source/libwebm.mkvmuxer.o)(.data.rel..L__unnamed_2+0x18): error: undefined reference to 'typeinfo for mkvparser::IMkvReader'
+src:*/third_party/libwebm/source/mkvmuxer.cpp
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698