| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #if defined(OS_WIN) | 5 #if defined(OS_WIN) |
| 6 #include <windows.h> | 6 #include <windows.h> |
| 7 #endif | 7 #endif |
| 8 | 8 |
| 9 #include "base/debug/alias.h" | 9 #include "base/debug/alias.h" |
| 10 #include "base/debug/asan_invalid_access.h" | 10 #include "base/debug/asan_invalid_access.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 | 13 |
| 14 namespace base { | 14 namespace base { |
| 15 namespace debug { | 15 namespace debug { |
| 16 | 16 |
| 17 namespace { | 17 namespace { |
| 18 | 18 |
| 19 #if defined(SYZYASAN) | 19 #if defined(SYZYASAN) && defined(COMPILER_MSVC) |
| 20 // Disable warning C4530: "C++ exception handler used, but unwind semantics are | 20 // Disable warning C4530: "C++ exception handler used, but unwind semantics are |
| 21 // not enabled". We don't want to change the compilation flags just for this | 21 // not enabled". We don't want to change the compilation flags just for this |
| 22 // test, and no exception should be triggered here, so this warning has no value | 22 // test, and no exception should be triggered here, so this warning has no value |
| 23 // here. | 23 // here. |
| 24 #pragma warning(push) | 24 #pragma warning(push) |
| 25 #pragma warning(disable: 4530) | 25 #pragma warning(disable: 4530) |
| 26 // Corrupt a memory block and make sure that the corruption gets detected either | 26 // Corrupt a memory block and make sure that the corruption gets detected either |
| 27 // when we free it or when another crash happens (if |induce_crash| is set to | 27 // when we free it or when another crash happens (if |induce_crash| is set to |
| 28 // true). | 28 // true). |
| 29 NOINLINE void CorruptMemoryBlock(bool induce_crash) { | 29 NOINLINE void CorruptMemoryBlock(bool induce_crash) { |
| 30 // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to | 30 // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to |
| 31 // trigger an Address Sanitizer (ASAN) error report. | 31 // trigger an Address Sanitizer (ASAN) error report. |
| 32 static const int kArraySize = 5; | 32 static const int kArraySize = 5; |
| 33 int* array = new int[kArraySize]; | 33 int* array = new int[kArraySize]; |
| 34 // Encapsulate the invalid memory access into a try-catch statement to prevent | 34 // Encapsulate the invalid memory access into a try-catch statement to prevent |
| 35 // this function from being instrumented. This way the underflow won't be | 35 // this function from being instrumented. This way the underflow won't be |
| 36 // detected but the corruption will (as the allocator will still be hooked). | 36 // detected but the corruption will (as the allocator will still be hooked). |
| 37 try { | 37 try { |
| 38 // Declares the dummy value as volatile to make sure it doesn't get | 38 // Declares the dummy value as volatile to make sure it doesn't get |
| 39 // optimized away. | 39 // optimized away. |
| 40 int volatile dummy = array[-1]--; | 40 int volatile dummy = array[-1]--; |
| 41 base::debug::Alias(const_cast<int*>(&dummy)); | 41 base::debug::Alias(const_cast<int*>(&dummy)); |
| 42 } catch (...) { | 42 } catch (...) { |
| 43 } | 43 } |
| 44 if (induce_crash) | 44 if (induce_crash) |
| 45 CHECK(false); | 45 CHECK(false); |
| 46 delete[] array; | 46 delete[] array; |
| 47 } | 47 } |
| 48 #pragma warning(pop) | 48 #pragma warning(pop) |
| 49 #endif | 49 #endif // SYZYASAN && COMPILER_MSVC |
| 50 | 50 |
| 51 } // namespace | 51 } // namespace |
| 52 | 52 |
| 53 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) | 53 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
| 54 // NOTE(sebmarchand): We intentionally perform some invalid heap access here in | 54 // NOTE(sebmarchand): We intentionally perform some invalid heap access here in |
| 55 // order to trigger an AddressSanitizer (ASan) error report. | 55 // order to trigger an AddressSanitizer (ASan) error report. |
| 56 | 56 |
| 57 static const size_t kArraySize = 5; | 57 static const size_t kArraySize = 5; |
| 58 | 58 |
| 59 void AsanHeapOverflow() { | 59 void AsanHeapOverflow() { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 84 // away. | 84 // away. |
| 85 int volatile dummy = 0; | 85 int volatile dummy = 0; |
| 86 int* dangling = array.get(); | 86 int* dangling = array.get(); |
| 87 array.reset(); | 87 array.reset(); |
| 88 dummy = dangling[kArraySize / 2]; | 88 dummy = dangling[kArraySize / 2]; |
| 89 base::debug::Alias(const_cast<int*>(&dummy)); | 89 base::debug::Alias(const_cast<int*>(&dummy)); |
| 90 } | 90 } |
| 91 | 91 |
| 92 #endif // ADDRESS_SANITIZER || SYZYASAN | 92 #endif // ADDRESS_SANITIZER || SYZYASAN |
| 93 | 93 |
| 94 #if defined(SYZYASAN) | 94 #if defined(SYZYASAN) && defined(COMPILER_MSVC) |
| 95 void AsanCorruptHeapBlock() { | 95 void AsanCorruptHeapBlock() { |
| 96 CorruptMemoryBlock(false); | 96 CorruptMemoryBlock(false); |
| 97 } | 97 } |
| 98 | 98 |
| 99 void AsanCorruptHeap() { | 99 void AsanCorruptHeap() { |
| 100 CorruptMemoryBlock(true); | 100 CorruptMemoryBlock(true); |
| 101 } | 101 } |
| 102 #endif // SYZYASAN | 102 #endif // SYZYASAN && COMPILER_MSVC |
| 103 | 103 |
| 104 } // namespace debug | 104 } // namespace debug |
| 105 } // namespace base | 105 } // namespace base |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 433493002:
Hide some SyzyASan specific code behind an '#if defined(COMPILER_MSVC)'. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master