| blob | a7e3bc4bd6e72e95097fa198702337a7664fc7ac |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <fcntl.h>
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <string.h>
9 #include <sys/stat.h>
10 #include <sys/types.h>
12 #include <algorithm>
13 #include <limits>
21 #if defined(OS_POSIX)
22 #include <sys/mman.h>
23 #include <unistd.h>
24 #endif
26 #if defined(OS_WIN)
27 #include <new.h>
28 #endif
35 #if defined(OS_WIN)
36 // This is a permitted size but exhausts memory pretty quickly.
41 }
48 }
49 }
62 }
63 }
64 #endif
66 // This function acts as a compiler optimization barrier. We use it to
67 // prevent the compiler from making an expression a compile-time constant.
68 // We also use it so that the compiler doesn't discard certain return values
69 // as something we don't need (see the comment with calloc below).
72 #if defined(__GNUC__)
73 // In a GCC compatible compiler (GCC or Clang), make this compiler barrier
74 // more robust than merely using "volatile".
78 }
80 // Tcmalloc and Windows allocator shim support setting malloc limits.
81 // - NO_TCMALLOC (should be defined if compiled with use_allocator!="tcmalloc")
82 // - ADDRESS_SANITIZER and SYZYASAN because they have their own memory allocator
83 // - IOS does not use tcmalloc
84 // - OS_MACOSX does not use tcmalloc
85 // - Windows allocator shim defines ALLOCATOR_SHIM
86 #if (!defined(NO_TCMALLOC) || defined(ALLOCATOR_SHIM)) && \
87 !defined(ADDRESS_SANITIZER) && !defined(OS_IOS) && !defined(OS_MACOSX) && \
88 !defined(SYZYASAN)
89 #define MALLOC_OVERFLOW_TEST(function) function
90 #else
91 #define MALLOC_OVERFLOW_TEST(function) DISABLED_##function
92 #endif
94 // TODO(jln): switch to std::numeric_limits<int>::max() when we switch to
95 // C++11.
98 // Detect runtime TCMalloc bypasses.
100 #if defined(OS_LINUX)
101 // This should detect a TCMalloc bypass from Valgrind.
105 #endif
107 }
110 // The sanitizers' calloc dies on OOM instead of returning NULL.
111 // The wrapper function in base/process_util_linux.cc that is used when we
112 // compile without TCMalloc will just die on OOM instead of returning NULL.
113 #if defined(ADDRESS_SANITIZER) || \
114 defined(MEMORY_SANITIZER) || \
115 defined(THREAD_SANITIZER) || \
116 (defined(OS_LINUX) && defined(NO_TCMALLOC))
118 #else
120 #endif
121 }
123 // Fake test that allow to know the state of TCMalloc by looking at bots.
127 }
129 // The MemoryAllocationRestrictions* tests test that we can not allocate a
130 // memory range that cannot be indexed via an int. This is used to mitigate
131 // vulnerabilities in libraries that use int instead of size_t. See
132 // crbug.com/169327.
139 }
140 }
142 #if defined(GTEST_HAS_DEATH_TEST) && defined(OS_WIN)
146 {
152 }
155 }
160 {
162 }
165 }
170 {
172 }
175 }
176 #endif
183 }
184 }
193 // If realloc() did not succeed, we need to free orig_ptr.
195 }
196 }
207 }
208 }
210 #if defined(GTEST_HAS_DEATH_TEST) && defined(OS_WIN)
213 {
218 }
220 }
221 #endif
228 }
229 }
231 // The tests bellow check for overflows in new[] and calloc().
233 // There are platforms where these tests are known to fail. We would like to
234 // be able to easily check the status on the bots, but marking tests as
235 // FAILS_ is too clunky.
238 #if defined(OS_LINUX) || defined(OS_ANDROID) || defined(OS_MACOSX)
239 // Sadly, on Linux, Android, and OSX we don't have a good story yet. Don't
240 // fail the test, but report.
243 #else
244 // Otherwise, fail the test. (Note: EXPECT are ok in subfunctions, ASSERT
245 // aren't).
247 #endif
248 }
249 }
251 #if defined(OS_IOS) || defined(OS_WIN) || defined(THREAD_SANITIZER) || defined(OS_MACOSX)
252 #define MAYBE_NewOverflow DISABLED_NewOverflow
253 #else
254 #define MAYBE_NewOverflow NewOverflow
255 #endif
256 // Test array[TooBig][X] and array[X][TooBig] allocations for int overflows.
257 // IOS doesn't honor nothrow, so disable the test there.
258 // Crashes on Windows Dbg builds, disable there as well.
259 // Fails on Mac 10.8 http://crbug.com/227092
262 // We want something "dynamic" here, so that the compiler doesn't
263 // immediately reject crazy arrays.
265 // numeric_limits are still not constexpr until we switch to C++11, so we
266 // use an ugly cast.
271 {
275 }
276 // On windows, the compiler prevents static array sizes of more than
277 // 0x7fffffff (error C2148).
278 #if defined(OS_WIN) && defined(ARCH_CPU_64_BITS)
280 #else
281 {
285 }
287 }
289 // Call calloc(), eventually free the memory and return whether or not
290 // calloc() did succeed.
294 // We need the call to HideValueFromCompiler(): we have seen LLVM
295 // optimize away the call to calloc() entirely and assume
296 // the pointer to not be NULL.
298 }
300 // Test if calloc() can overflow.
309 // It's also ok for calloc to just terminate the process.
310 #if defined(GTEST_HAS_DEATH_TEST)
314 }
315 }
317 #if defined(OS_LINUX) && defined(__x86_64__)
318 // Check if ptr1 and ptr2 are separated by less than size chars.
323 }
325 // Check if TCMalloc uses an underlying random memory allocator.
330 // Check that malloc() returns an address that is neither the kernel's
331 // un-hinted mmap area, nor the current brk() area. The first malloc() may
332 // not be at a random address because TCMalloc will first exhaust any memory
333 // that it has allocated early on, before starting the sophisticated
334 // allocators.
344 // 1 MB should get us past what TCMalloc pre-allocated before initializing
345 // the sophisticated allocators.
350 // If two pointers are separated by less than 512MB, they are considered
351 // to be in the same area.
352 // Our random pointer could be anywhere within 0x3fffffffffff (46bits),
353 // and we are checking that it's not withing 1GB (30 bits) from two
354 // addresses (brk and mmap heap). We have roughly one chance out of
355 // 2^15 to flake.
365 // In the implementation, we always mask our random addresses with
366 // kRandomMask, so we use it as an additional detection mechanism.
371 }