TCMalloc: restrict maximum size of memory ranges

third_party/tcmalloc/chromium/src/common.cc

 // Copyright (c) 2008, Google Inc.
 // All rights reserved.
 // 
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 // 
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
@@ skipping 20 matching lines @@
 // Author: Sanjay Ghemawat <opensource@google.com>
 
 #include "config.h"
 #include "common.h"
 #include "system-alloc.h"
 
 #if defined(HAVE_UNISTD_H) && defined(HAVE_GETPAGESIZE)
 #include <unistd.h>                     // for getpagesize
 #endif
 
+#include <limits>
+
 namespace tcmalloc {
 
+bool IsAllocSizePermitted(size_t alloc_size) {
+  // Never allow an allocation of a contiguous area larger than what can
+  // be indexed via an int. This is meant as a security mitigation, see
+  // crbug.com/169369 for more background.
+
+  // Remove kPageSize to account for various rounding, padding and to
+  // have a small margin.
+  return alloc_size <= ((std::numeric_limits<int>::max)() - kPageSize);
+}
+
 // Note: the following only works for "n"s that fit in 32-bits, but
 // that is fine since we only use it for small sizes.
 static inline int LgFloor(size_t n) {
   int log = 0;
   for (int i = 4; i >= 0; --i) {
     int shift = (1 << i);
     size_t x = n >> shift;
     if (x != 0) {
       n = x;
       log += shift;
@@ skipping 160 matching lines @@
 uint64_t metadata_unmapped_bytes() { return metadata_unmapped_bytes_; }
 
 void update_metadata_system_bytes(int diff) {
   metadata_system_bytes_ += diff;
 }
 void update_metadata_unmapped_bytes(int diff) {
   metadata_unmapped_bytes_ += diff;
 }
 
 }  // namespace tcmalloc