| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ | 5 #ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ |
| 6 #define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ | 6 #define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ |
| 7 | 7 |
| 8 #include <stdint.h> |
| 9 #include <stdlib.h> |
| 10 |
| 11 #include "base/debug/format.h" |
| 8 #include "sandbox/linux/seccomp-bpf/port.h" | 12 #include "sandbox/linux/seccomp-bpf/port.h" |
| 9 | 13 |
| 10 | 14 |
| 11 namespace playground2 { | 15 namespace playground2 { |
| 12 | 16 |
| 13 class Die { | 17 class Die { |
| 14 public: | 18 public: |
| 15 // This is the main API for using this file. Prints a error message and | 19 // This is the main API for using this file. Prints a error message and |
| 16 // exits with a fatal error. | 20 // exits with a fatal error. |
| 17 #define SANDBOX_DIE(m) playground2::Die::SandboxDie(m, __FILE__, __LINE__) | 21 #define SANDBOX_DIE(m, args...) \ |
| 22 do { \ |
| 23 /* The optimizer automatically eliminates one of the branches of the */ \ |
| 24 /* "if" statement. This makes sure we only ever allocate a buffer and*/ \ |
| 25 /* copy the string, if that is necessary to format the message. */ \ |
| 26 if (*#args) { \ |
| 27 const size_t kInitialSize = 80; \ |
| 28 const size_t kMaxSize = 16384; \ |
| 29 size_t sz = kInitialSize; \ |
| 30 for (;;) { \ |
| 31 /* Allocate a reasonably sized buffer initially. If that wasn't */ \ |
| 32 /* sufficient, reallocate a bigger buffer. But impose an upper */ \ |
| 33 /* limit. */ \ |
| 34 /* This approach maximizes the chances that we will find the full*/ \ |
| 35 /* message in a crash dump, without needlessly pushing other */ \ |
| 36 /* valuable data out of the dump. */ \ |
| 37 char buf[sz]; \ |
| 38 sz = base::debug::FormatN(buf, sz, (m), ##args) + 1; \ |
| 39 if (sz > kMaxSize) \ |
| 40 sz = kMaxSize; \ |
| 41 if (sz > sizeof(buf) && kInitialSize == sizeof(buf)) { \ |
| 42 continue; \ |
| 43 } else { \ |
| 44 playground2::Die::SandboxDie(sz >= 0 ? buf : "", \ |
| 45 __FILE__, __LINE__); \ |
| 46 break; \ |
| 47 } \ |
| 48 } \ |
| 49 } else { \ |
| 50 playground2::Die::SandboxDie((m), __FILE__, __LINE__); \ |
| 51 } \ |
| 52 } while (0) |
| 18 | 53 |
| 19 // Adds an informational message to the log file or stderr as appropriate. | 54 // Adds an informational message to the log file or stderr as appropriate. |
| 20 #define SANDBOX_INFO(m) playground2::Die::SandboxInfo(m, __FILE__, __LINE__) | 55 #define SANDBOX_INFO(m, args...) \ |
| 56 do { \ |
| 57 /* The optimizer automatically eliminates one of the branches of the */ \ |
| 58 /* "if" statement. This makes sure we only ever allocate a buffer and*/ \ |
| 59 /* copy the string, if that is necessary to format the message. */ \ |
| 60 if (*#args) { \ |
| 61 const size_t kInitialSize = 80; \ |
| 62 const size_t kMaxSize = 16384; \ |
| 63 size_t sz = kInitialSize; \ |
| 64 for (;;) { \ |
| 65 /* Allocate a reasonably sized buffer initially. If that wasn't */ \ |
| 66 /* sufficient, reallocate a bigger buffer. But impose an upper */ \ |
| 67 /* limit. */ \ |
| 68 /* This approach maximizes the chances that we will find the full*/ \ |
| 69 /* message in a crash dump, without needlessly pushing other */ \ |
| 70 /* valuable data out of the dump. */ \ |
| 71 char buf[sz]; \ |
| 72 sz = base::debug::FormatN(buf, sz, (m), ##args) + 1; \ |
| 73 if (sz > kMaxSize) \ |
| 74 sz = kMaxSize; \ |
| 75 if (sz > sizeof(buf) && kInitialSize == sizeof(buf)) { \ |
| 76 continue; \ |
| 77 } else { \ |
| 78 playground2::Die::SandboxInfo(sz >= 0 ? buf : "", \ |
| 79 __FILE__, __LINE__); \ |
| 80 break; \ |
| 81 } \ |
| 82 } \ |
| 83 } else { \ |
| 84 playground2::Die::SandboxInfo((m), __FILE__, __LINE__); \ |
| 85 } \ |
| 86 } while (0) |
| 21 | 87 |
| 22 // Terminate the program, even if the current sandbox policy prevents some | 88 // Terminate the program, even if the current sandbox policy prevents some |
| 23 // of the more commonly used functions used for exiting. | 89 // of the more commonly used functions used for exiting. |
| 24 // Most users would want to call SANDBOX_DIE() instead, as it logs extra | 90 // Most users would want to call SANDBOX_DIE() instead, as it logs extra |
| 25 // information. But calling ExitGroup() is correct and in some rare cases | 91 // information. But calling ExitGroup() is correct and in some rare cases |
| 26 // preferable. So, we make it part of the public API. | 92 // preferable. So, we make it part of the public API. |
| 27 static void ExitGroup() __attribute__((noreturn)); | 93 static void ExitGroup() __attribute__((noreturn)); |
| 28 | 94 |
| 29 // This method gets called by SANDBOX_DIE(). There is normally no reason | 95 // This method gets called by SANDBOX_DIE(). There is normally no reason |
| 30 // to call it directly unless you are defining your own exiting macro. | 96 // to call it directly unless you are defining your own exiting macro. |
| (...skipping 22 matching lines...) Expand all Loading... |
| 53 private: | 119 private: |
| 54 static bool simple_exit_; | 120 static bool simple_exit_; |
| 55 static bool suppress_info_; | 121 static bool suppress_info_; |
| 56 | 122 |
| 57 DISALLOW_IMPLICIT_CONSTRUCTORS(Die); | 123 DISALLOW_IMPLICIT_CONSTRUCTORS(Die); |
| 58 }; | 124 }; |
| 59 | 125 |
| 60 } // namespace | 126 } // namespace |
| 61 | 127 |
| 62 #endif // SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ | 128 #endif // SANDBOX_LINUX_SECCOMP_BPF_DIE_H__ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18656004:
Added a new SafeSPrintf() function that implements snprintf() in an async-safe-fashion (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src