Make possible to check memory allocations inside chromium

base/process/memory_linux.cc

Index: base/process/memory_linux.cc
diff --git a/base/process/memory_linux.cc b/base/process/memory_linux.cc
index 6bed68bd8320346b1ff98a39417e604e0339b020..2ab531a1edcaf53473f0a1811d788af67ca1edc7 100644
--- a/base/process/memory_linux.cc
+++ b/base/process/memory_linux.cc
@@ -12,6 +12,10 @@
 #include "base/process/internal_linux.h"
 #include "base/strings/string_number_conversions.h"
 
+#if defined(USE_TCMALLOC)
+#include "third_party/tcmalloc/chromium/src/gperftools/tcmalloc.h"
+#endif
+
 namespace base {
 
 size_t g_oom_size = 0U;
@@ -125,6 +129,47 @@ int posix_memalign(void** ptr, size_t alignment, size_t size) {
 
 #endif  // !*_SANITIZER
 
+#if defined(USE_TCMALLOC)
+static tc_malloc_skip_new_handler_function tc_malloc_skip_new_handler = NULL;
+
+void SetTCMallocSkipNewHandlerFunction(
+    tc_malloc_skip_new_handler_function function) {

[willchan no longer on Chromium, 2014/01/16 01:30:05]

Please CHECK(!tc_malloc_skip_new_handler); It should only be called once.

+  tc_malloc_skip_new_handler = function;
+}
+#endif
+
+bool UncheckedMalloc(size_t size, void** result) {

[willchan no longer on Chromium, 2014/01/16 01:30:05]

I'm confused in this function. Why don't we always just use malloc()? tc_malloc
overrides the malloc() weak symbol. And libc's malloc provides the malloc weak
symbol, so it should be safe to call malloc() there too instead of
__libc_malloc.

AFAICT, the only conditional needed is the USE_TCMALLOC so you know whether or
not to check skipping the new handler.

[kbalazs, 2014/01/16 02:24:50]

In case of LIBC_GLIBC && !USE_TCMALLOC we override malloc in this file to die on
oom. So we need to call the original one to be able to not die.

[willchan no longer on Chromium, 2014/01/16 02:54:44]

I see. That's a good point...I'm trying to think up an alternative, but I don't
know of one. You and I understand these issues now, but this code is pretty
unreadable to anyone else :) Would be great if we could improve this somehow...

+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
+    defined(THREAD_SANITIZER) || defined(LEAK_SANITIZER) || \
+    (!defined(LIBC_GLIBC) && !defined(USE_TCMALLOC))
+  *result = malloc(size);
+#elif defined(LIBC_GLIBC) && !defined(USE_TCMALLOC)
+  *result = __libc_malloc(size);
+#elif defined(USE_TCMALLOC)
+  *result = tc_malloc_skip_new_handler ?
+      (*tc_malloc_skip_new_handler)(size) : malloc(size);
+#else
+#error Not implemented

[willchan no longer on Chromium, 2014/01/16 01:30:05]

I don't believe it's possible to ever hit this #else. You have:

#if ((foo) || (!A && !B))
...
#elif (A && !B)
...
#elif (B)
...
#else
...
#endif

+#endif
+  return *result;
+}
+
+bool UncheckedCalloc(size_t num_items, size_t size, void** result) {
+  const size_t alloc_size = num_items * size;
+
+  // Overflow check
+  if (size && ((alloc_size / size) != num_items)) {
+    result = NULL;
+    return false;
+  }
+
+  if (!UncheckedMalloc(alloc_size, result))
+    return false;
+
+  memset(result, 0, alloc_size);
+  return true;
+}
+
 void EnableTerminationOnHeapCorruption() {
   // On Linux, there nothing to do AFAIK.
 }