OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #if defined(OS_WIN) | 5 #if defined(OS_WIN) |
6 #include <windows.h> | 6 #include <windows.h> |
7 #endif | 7 #endif |
8 | 8 |
9 #include "base/debug/alias.h" | 9 #include "base/debug/alias.h" |
10 #include "base/debug/asan_invalid_access.h" | 10 #include "base/debug/asan_invalid_access.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 | 13 |
14 namespace base { | 14 namespace base { |
15 namespace debug { | 15 namespace debug { |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 #if defined(SYZYASAN) | 19 #if defined(SYZYASAN) && defined(COMPILER_MSVC) |
20 // Disable warning C4530: "C++ exception handler used, but unwind semantics are | 20 // Disable warning C4530: "C++ exception handler used, but unwind semantics are |
21 // not enabled". We don't want to change the compilation flags just for this | 21 // not enabled". We don't want to change the compilation flags just for this |
22 // test, and no exception should be triggered here, so this warning has no value | 22 // test, and no exception should be triggered here, so this warning has no value |
23 // here. | 23 // here. |
24 #pragma warning(push) | 24 #pragma warning(push) |
25 #pragma warning(disable: 4530) | 25 #pragma warning(disable: 4530) |
26 // Corrupt a memory block and make sure that the corruption gets detected either | 26 // Corrupt a memory block and make sure that the corruption gets detected either |
27 // when we free it or when another crash happens (if |induce_crash| is set to | 27 // when we free it or when another crash happens (if |induce_crash| is set to |
28 // true). | 28 // true). |
29 NOINLINE void CorruptMemoryBlock(bool induce_crash) { | 29 NOINLINE void CorruptMemoryBlock(bool induce_crash) { |
30 // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to | 30 // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to |
31 // trigger an Address Sanitizer (ASAN) error report. | 31 // trigger an Address Sanitizer (ASAN) error report. |
32 static const int kArraySize = 5; | 32 static const int kArraySize = 5; |
33 int* array = new int[kArraySize]; | 33 int* array = new int[kArraySize]; |
34 // Encapsulate the invalid memory access into a try-catch statement to prevent | 34 // Encapsulate the invalid memory access into a try-catch statement to prevent |
35 // this function from being instrumented. This way the underflow won't be | 35 // this function from being instrumented. This way the underflow won't be |
36 // detected but the corruption will (as the allocator will still be hooked). | 36 // detected but the corruption will (as the allocator will still be hooked). |
37 try { | 37 try { |
38 // Declares the dummy value as volatile to make sure it doesn't get | 38 // Declares the dummy value as volatile to make sure it doesn't get |
39 // optimized away. | 39 // optimized away. |
40 int volatile dummy = array[-1]--; | 40 int volatile dummy = array[-1]--; |
41 base::debug::Alias(const_cast<int*>(&dummy)); | 41 base::debug::Alias(const_cast<int*>(&dummy)); |
42 } catch (...) { | 42 } catch (...) { |
43 } | 43 } |
44 if (induce_crash) | 44 if (induce_crash) |
45 CHECK(false); | 45 CHECK(false); |
46 delete[] array; | 46 delete[] array; |
47 } | 47 } |
48 #pragma warning(pop) | 48 #pragma warning(pop) |
49 #endif | 49 #endif // SYZYASAN && COMPILER_MSVC |
50 | 50 |
51 } // namespace | 51 } // namespace |
52 | 52 |
53 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) | 53 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) |
54 // NOTE(sebmarchand): We intentionally perform some invalid heap access here in | 54 // NOTE(sebmarchand): We intentionally perform some invalid heap access here in |
55 // order to trigger an AddressSanitizer (ASan) error report. | 55 // order to trigger an AddressSanitizer (ASan) error report. |
56 | 56 |
57 static const size_t kArraySize = 5; | 57 static const size_t kArraySize = 5; |
58 | 58 |
59 void AsanHeapOverflow() { | 59 void AsanHeapOverflow() { |
(...skipping 24 matching lines...) Expand all Loading... |
84 // away. | 84 // away. |
85 int volatile dummy = 0; | 85 int volatile dummy = 0; |
86 int* dangling = array.get(); | 86 int* dangling = array.get(); |
87 array.reset(); | 87 array.reset(); |
88 dummy = dangling[kArraySize / 2]; | 88 dummy = dangling[kArraySize / 2]; |
89 base::debug::Alias(const_cast<int*>(&dummy)); | 89 base::debug::Alias(const_cast<int*>(&dummy)); |
90 } | 90 } |
91 | 91 |
92 #endif // ADDRESS_SANITIZER || SYZYASAN | 92 #endif // ADDRESS_SANITIZER || SYZYASAN |
93 | 93 |
94 #if defined(SYZYASAN) | 94 #if defined(SYZYASAN) && defined(COMPILER_MSVC) |
95 void AsanCorruptHeapBlock() { | 95 void AsanCorruptHeapBlock() { |
96 CorruptMemoryBlock(false); | 96 CorruptMemoryBlock(false); |
97 } | 97 } |
98 | 98 |
99 void AsanCorruptHeap() { | 99 void AsanCorruptHeap() { |
100 CorruptMemoryBlock(true); | 100 CorruptMemoryBlock(true); |
101 } | 101 } |
102 #endif // SYZYASAN | 102 #endif // SYZYASAN && COMPILER_MSVC |
103 | 103 |
104 } // namespace debug | 104 } // namespace debug |
105 } // namespace base | 105 } // namespace base |
OLD | NEW |