OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <fcntl.h> | |
5 #include <stdio.h> | 6 #include <stdio.h> |
6 #include <stdlib.h> | 7 #include <stdlib.h> |
7 #include <string.h> | 8 #include <string.h> |
9 #include <sys/stat.h> | |
10 #include <sys/types.h> | |
8 | 11 |
9 #include <algorithm> | 12 #include <algorithm> |
10 #include <limits> | 13 #include <limits> |
11 | 14 |
15 #include "base/file_util.h" | |
12 #include "base/logging.h" | 16 #include "base/logging.h" |
13 #include "base/memory/scoped_ptr.h" | 17 #include "base/memory/scoped_ptr.h" |
14 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
15 | 19 |
16 using std::nothrow; | 20 using std::nothrow; |
17 using std::numeric_limits; | 21 using std::numeric_limits; |
18 | 22 |
19 namespace { | 23 namespace { |
20 | 24 |
21 // Check that we can not allocate a memory range that cannot be indexed | 25 // Check that we can not allocate a memory range that cannot be indexed |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
94 } | 98 } |
95 } | 99 } |
96 | 100 |
97 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) { | 101 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) { |
98 if (!IsTcMallocBypassed()) { | 102 if (!IsTcMallocBypassed()) { |
99 scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]); | 103 scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]); |
100 ASSERT_TRUE(ptr == NULL); | 104 ASSERT_TRUE(ptr == NULL); |
101 } | 105 } |
102 } | 106 } |
103 | 107 |
104 // The tests bellow check for overflows in new[] and calloc(). | 108 // The tests bellow check for overflows in new[] and calloc(). |
jln (very slow on Chromium)
2013/01/30 20:13:05
Note: don't worry about this stuff disappearing in
| |
105 | 109 |
106 #if defined(OS_IOS) || defined(OS_WIN) | 110 #if defined(OS_IOS) || defined(OS_WIN) |
107 #define DISABLE_ON_IOS_AND_WIN(function) DISABLED_##function | 111 #define DISABLE_ON_IOS_AND_WIN(function) DISABLED_##function |
108 #else | 112 #else |
109 #define DISABLE_ON_IOS_AND_WIN(function) function | 113 #define DISABLE_ON_IOS_AND_WIN(function) function |
110 #endif | 114 #endif |
111 | 115 |
112 #if defined(ADDRESS_SANITIZER) | 116 #if defined(ADDRESS_SANITIZER) |
113 #define DISABLE_ON_ASAN(function) DISABLED_##function | 117 #define DISABLE_ON_ASAN(function) DISABLED_##function |
114 #else | 118 #else |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
185 { | 189 { |
186 scoped_ptr<char> array_pointer( | 190 scoped_ptr<char> array_pointer( |
187 static_cast<char*>(calloc(kArraySize2, kArraySize))); | 191 static_cast<char*>(calloc(kArraySize2, kArraySize))); |
188 // We need the call to HideValueFromCompiler(): we have seen LLVM | 192 // We need the call to HideValueFromCompiler(): we have seen LLVM |
189 // optimize away the call to calloc() entirely and assume | 193 // optimize away the call to calloc() entirely and assume |
190 // the pointer to not be NULL. | 194 // the pointer to not be NULL. |
191 EXPECT_TRUE(HideValueFromCompiler(array_pointer.get()) == NULL); | 195 EXPECT_TRUE(HideValueFromCompiler(array_pointer.get()) == NULL); |
192 } | 196 } |
193 } | 197 } |
194 | 198 |
199 #if (defined(OS_LINUX) || defined(OS_CHROMEOS)) && defined(__x86_64__) | |
200 // Useful for debugging. | |
201 void PrintProcSelfMaps() { | |
202 int fd = open("/proc/self/maps", O_RDONLY); | |
203 file_util::ScopedFD fd_closer(&fd); | |
204 ASSERT_GE(fd, 0); | |
205 char buffer[1<<13]; | |
206 int ret; | |
207 ret = read(fd, buffer, sizeof(buffer) - 1); | |
208 ASSERT_GT(ret, 0); | |
209 buffer[ret - 1] = 0; | |
210 fprintf(stdout, "%s\n", buffer); | |
211 } | |
212 | |
213 // Check if TCMalloc uses an underlying random memory allocator. | |
214 TEST(SecurityTest, ALLOC_TEST(RandomMemoryAllocations)) { | |
215 if (IsTcMallocBypassed()) | |
216 return; | |
217 // Two successive calls to mmap() have roughly one chance out of 2^6 to be | |
218 // detected as having the same order. With 32 allocations, we see ~16 that | |
jar (doing other things)
2013/01/30 17:20:48
I didn't understand the argument.
Down below, you
jln (very slow on Chromium)
2013/01/30 20:11:33
6 comes from the smallest mask that we use in the
| |
219 // trigger a call to mmap, so the chances of this test flaking is roughly | |
jar (doing other things)
2013/01/30 17:20:48
I'm not sure why these calls would trigger mmap ca
jln (very slow on Chromium)
2013/01/30 20:11:33
I did check the number of mmaps by adding some ins
| |
220 // 2^-(6*15), i.e. virtually impossible. | |
221 const int kAllocNumber = 32; | |
222 bool is_contiguous = true; | |
223 // Make kAllocNumber successive allocations of growing size and compare the | |
224 // successive pointers to detect adjacent mappings. We grow the size because | |
225 // TCMalloc can sometimes over-allocate. | |
226 scoped_ptr<char, base::FreeDeleter> ptr[kAllocNumber]; | |
227 for (int i = 0; i < kAllocNumber; ++i) { | |
228 // Grow the Malloc size slightly sub-exponentially. | |
229 const size_t kMallocSize = 1 << (12 + (i>>1)); | |
230 ptr[i].reset(static_cast<char*>(malloc(kMallocSize))); | |
231 ASSERT_TRUE(ptr[i] != NULL); | |
232 if (i > 0) { | |
233 // Without mmap randomization, the two high order nibbles | |
234 // of a 47 bits userland address address will be identical. | |
235 const uintptr_t kHighOrderMask = 0xff0000000000ULL; | |
236 bool pointer_have_same_high_order = | |
237 (reinterpret_cast<size_t>(ptr[i].get()) & kHighOrderMask) == | |
238 (reinterpret_cast<size_t>(ptr[i - 1].get()) & kHighOrderMask); | |
239 if (!pointer_have_same_high_order) { | |
240 // PrintProcSelfMaps(); | |
241 is_contiguous = false; | |
jar (doing other things)
2013/01/30 17:20:48
This test will break out of this loop (causing the
jln (very slow on Chromium)
2013/01/30 20:11:33
You make good points, but I am quite happy with wh
| |
242 break; | |
jar (doing other things)
2013/01/30 17:35:29
nit: if you keep this test as is, it is much more
jln (very slow on Chromium)
2013/01/30 20:11:33
Done.
| |
243 } | |
244 } | |
245 } | |
246 ASSERT_FALSE(is_contiguous); | |
247 } | |
248 | |
249 #endif // (defined(OS_LINUX) || defined(OS_CHROMEOS)) && defined(__x86_64__) | |
250 | |
195 } // namespace | 251 } // namespace |
OLD | NEW |