TCMalloc: restrict maximum size of memory ranges

third_party/tcmalloc/chromium/src/common.cc

Index: third_party/tcmalloc/chromium/src/common.cc
diff --git a/third_party/tcmalloc/chromium/src/common.cc b/third_party/tcmalloc/chromium/src/common.cc
index 5a55b3908391666703e11c00afc45536f92a4faf..7fbae844efd23083bdbb74f209e20ca30f7f90a2 100644
--- a/third_party/tcmalloc/chromium/src/common.cc
+++ b/third_party/tcmalloc/chromium/src/common.cc
@@ -38,8 +38,20 @@
 #include <unistd.h>                     // for getpagesize
 #endif
 
+#include <limits>
+
 namespace tcmalloc {
 
+bool IsAllocSizePermitted(size_t alloc_size) {
+  // Never allow an allocation of a contiguous area larger than what can
+  // be indexed via an int. This is meant as a security mitigation, see
+  // crbug.com/169369 for more background.
+
+  // Remove kPageSize to account for various rounding, padding and to
+  // have a small margin.
+  return alloc_size <= ((std::numeric_limits<int>::max)() - kPageSize);
+}
+
 // Note: the following only works for "n"s that fit in 32-bits, but
 // that is fine since we only use it for small sizes.
 static inline int LgFloor(size_t n) {