| Index: sandbox/linux/seccomp-bpf/die.h
|
| diff --git a/sandbox/linux/seccomp-bpf/die.h b/sandbox/linux/seccomp-bpf/die.h
|
| index f15f10877e9eca0866c67c0198fa8c1d267152f1..1743b8877e885fe5f27ed560caf213e3d5dcecb4 100644
|
| --- a/sandbox/linux/seccomp-bpf/die.h
|
| +++ b/sandbox/linux/seccomp-bpf/die.h
|
| @@ -5,6 +5,10 @@
|
| #ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
|
| #define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
|
|
|
| +#include <stdint.h>
|
| +#include <stdlib.h>
|
| +
|
| +#include "base/debug/format.h"
|
| #include "sandbox/linux/seccomp-bpf/port.h"
|
|
|
|
|
| @@ -14,10 +18,72 @@ class Die {
|
| public:
|
| // This is the main API for using this file. Prints a error message and
|
| // exits with a fatal error.
|
| - #define SANDBOX_DIE(m) playground2::Die::SandboxDie(m, __FILE__, __LINE__)
|
| + #define SANDBOX_DIE(m, args...) \
|
| + do { \
|
| + /* The optimizer automatically eliminates one of the branches of the */ \
|
| + /* "if" statement. This makes sure we only ever allocate a buffer and*/ \
|
| + /* copy the string, if that is necessary to format the message. */ \
|
| + if (*#args) { \
|
| + const size_t kInitialSize = 80; \
|
| + const size_t kMaxSize = 16384; \
|
| + size_t sz = kInitialSize; \
|
| + for (;;) { \
|
| + /* Allocate a reasonably sized buffer initially. If that wasn't */ \
|
| + /* sufficient, reallocate a bigger buffer. But impose an upper */ \
|
| + /* limit. */ \
|
| + /* This approach maximizes the chances that we will find the full*/ \
|
| + /* message in a crash dump, without needlessly pushing other */ \
|
| + /* valuable data out of the dump. */ \
|
| + char buf[sz]; \
|
| + sz = base::debug::FormatN(buf, sz, (m), ##args) + 1; \
|
| + if (sz > kMaxSize) \
|
| + sz = kMaxSize; \
|
| + if (sz > sizeof(buf) && kInitialSize == sizeof(buf)) { \
|
| + continue; \
|
| + } else { \
|
| + playground2::Die::SandboxDie(sz >= 0 ? buf : "", \
|
| + __FILE__, __LINE__); \
|
| + break; \
|
| + } \
|
| + } \
|
| + } else { \
|
| + playground2::Die::SandboxDie((m), __FILE__, __LINE__); \
|
| + } \
|
| + } while (0)
|
|
|
| // Adds an informational message to the log file or stderr as appropriate.
|
| - #define SANDBOX_INFO(m) playground2::Die::SandboxInfo(m, __FILE__, __LINE__)
|
| + #define SANDBOX_INFO(m, args...) \
|
| + do { \
|
| + /* The optimizer automatically eliminates one of the branches of the */ \
|
| + /* "if" statement. This makes sure we only ever allocate a buffer and*/ \
|
| + /* copy the string, if that is necessary to format the message. */ \
|
| + if (*#args) { \
|
| + const size_t kInitialSize = 80; \
|
| + const size_t kMaxSize = 16384; \
|
| + size_t sz = kInitialSize; \
|
| + for (;;) { \
|
| + /* Allocate a reasonably sized buffer initially. If that wasn't */ \
|
| + /* sufficient, reallocate a bigger buffer. But impose an upper */ \
|
| + /* limit. */ \
|
| + /* This approach maximizes the chances that we will find the full*/ \
|
| + /* message in a crash dump, without needlessly pushing other */ \
|
| + /* valuable data out of the dump. */ \
|
| + char buf[sz]; \
|
| + sz = base::debug::FormatN(buf, sz, (m), ##args) + 1; \
|
| + if (sz > kMaxSize) \
|
| + sz = kMaxSize; \
|
| + if (sz > sizeof(buf) && kInitialSize == sizeof(buf)) { \
|
| + continue; \
|
| + } else { \
|
| + playground2::Die::SandboxInfo(sz >= 0 ? buf : "", \
|
| + __FILE__, __LINE__); \
|
| + break; \
|
| + } \
|
| + } \
|
| + } else { \
|
| + playground2::Die::SandboxInfo((m), __FILE__, __LINE__); \
|
| + } \
|
| + } while (0)
|
|
|
| // Terminate the program, even if the current sandbox policy prevents some
|
| // of the more commonly used functions used for exiting.
|
|
|
Chromium Code Reviews
Issue 18656004:
Added a new SafeSPrintf() function that implements snprintf() in an async-safe-fashion (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src