Index: base/security_unittest.cc |
diff --git a/base/security_unittest.cc b/base/security_unittest.cc |
index ffb92024ca0fcf12bb565d907b2b2498048a1de9..b22ddd6b7ec6b0527d66cbe6f9a27e98967e8594 100644 |
--- a/base/security_unittest.cc |
+++ b/base/security_unittest.cc |
@@ -2,9 +2,12 @@ |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
+#include <fcntl.h> |
#include <stdio.h> |
#include <stdlib.h> |
#include <string.h> |
+#include <sys/stat.h> |
+#include <sys/types.h> |
#include <algorithm> |
#include <limits> |
@@ -192,4 +195,55 @@ TEST(SecurityTest, DISABLE_ON_ASAN(CallocOverflow)) { |
} |
} |
+#if (defined(OS_LINUX) || defined(OS_CHROMEOS)) && defined(__x86_64__) |
+// Useful for debugging. |
+void PrintProcSelfMaps() { |
+ int fd = open("/proc/self/maps", O_RDONLY); |
+ ASSERT_GE(fd, 0); |
+ char buffer[1<<13]; |
+ int ret; |
+ ret = read(fd, buffer, sizeof(buffer) - 1); |
+ ASSERT_GT(ret, 0); |
+ buffer[ret - 1] = 0; |
+ fprintf(stdout, "%s\n", buffer); |
Marius
2013/01/29 06:45:21
close(fd)?
jln (very slow on Chromium)
2013/01/29 07:02:16
Arg. Thanks. Done.
|
+} |
+ |
+// Check if TCMalloc uses an underlying random memory allocator. |
+TEST(SecurityTest, ALLOC_TEST(RandomMemoryAllocations)) { |
+ if (IsTcMallocBypassed()) |
+ return; |
+ // Two successive calls to mmap() have roughly one chance out of 2^7 to be |
Marius
2013/01/29 06:45:21
With the 0x6f mask, there's only 6 bits of random
jln (very slow on Chromium)
2013/01/29 07:02:16
This had been patched in a previous revision alrea
|
+ // detected as having the same order. With 32 allocations, we see ~16 that |
+ // trigger a call to mmap, so the chances of this test flaking is roughly |
+ // 2^-(7*15), i.e. virtually impossible. |
+ const int kAllocNumber = 32; |
+ bool is_contiguous = true; |
+ // Make kAllocNumber successive allocations of growing size and compare the |
+ // successive pointers to detect adjacent mappings. We grow the size because |
+ // TCMalloc can sometimes over-allocate. |
+ scoped_ptr<char, base::FreeDeleter> ptr[kAllocNumber]; |
+ for (int i = 0; i < kAllocNumber; ++i) { |
+ // Grow the Malloc size slightly sub-exponentially. |
+ const size_t kMallocSize = 1 << (12 + (i>>1)); |
+ ptr[i].reset(static_cast<char*>(malloc(kMallocSize))); |
+ ASSERT_TRUE(ptr[i] != NULL); |
+ if (i > 0) { |
+ // Without mmap randomization, the two high order nibbles |
+ // of a 47 bits userland address address will be identical. |
+ const size_t kHighOrderMask = 0xff0000000000; |
+ bool pointer_have_same_high_order = |
+ (reinterpret_cast<size_t>(ptr[i].get()) & kHighOrderMask) == |
+ (reinterpret_cast<size_t>(ptr[i - 1].get()) & kHighOrderMask); |
+ if (!pointer_have_same_high_order) { |
+ // PrintProcSelfMaps(); |
+ is_contiguous = false; |
+ break; |
+ } |
+ } |
+ } |
+ ASSERT_FALSE(is_contiguous); |
+} |
+ |
+#endif // (defined(OS_LINUX) || defined(OS_CHROMEOS)) && defined(__x86_64__) |
+ |
} // namespace |