diff options
author | sebmarchand@chromium.org <sebmarchand@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-25 02:55:08 +0000 |
---|---|---|
committer | sebmarchand@chromium.org <sebmarchand@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-04-25 02:55:08 +0000 |
commit | 0b500e330a78c7c06889dbc66143f2ed8f3eb668 (patch) | |
tree | bbd48be4d4bf7284adcac1795e32b94dd95edf57 | |
parent | 7ba5c06377a24329ae22678c9dec6ee4f05d1bd9 (diff) | |
download | chromium_src-0b500e330a78c7c06889dbc66143f2ed8f3eb668.zip chromium_src-0b500e330a78c7c06889dbc66143f2ed8f3eb668.tar.gz chromium_src-0b500e330a78c7c06889dbc66143f2ed8f3eb668.tar.bz2 |
Revert of Add support for more ASAN errors generation to chrome://crash/... (https://codereview.chromium.org/247543002/)
Reason for revert:
This break the debug build.
Original issue's description:
> Add support for more ASAN errors generation to chrome://crash/...
>
> Adds the following crash url to chrome/chromium builds when SYZYASAN is defined (built with syzyasan=1 in GYP_DEFINES):
> heap-corrupted-block
>
> This allows easy validation of the instrumentation/reporting for a given build without having to track down a known/unfixed memory error.
>
>
> R=chrisha@chromium.org
>
> BUG=
>
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=265942
TBR=chrisha@chromium.org,jochen@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/250793002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266101 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | content/renderer/render_frame_impl.cc | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc index 3c5f497..c6526dd 100644 --- a/content/renderer/render_frame_impl.cc +++ b/content/renderer/render_frame_impl.cc @@ -202,31 +202,6 @@ NOINLINE static void CrashIntentionally() { *zero = 0; } -#if defined(SYZYASAN) -// This code triggers a C4509 warning as we're using an object with a destructor -// in a function with SEH. We can safely disable this as no exception will -// actually be thrown. -#pragma warning(push) -#pragma warning(disable: 4509) -NOINLINE static void CorruptMemoryBlock() { - // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to - // trigger an Address Sanitizer (ASAN) error report. - static const int kArraySize = 5; - scoped_ptr<int[]> array(new int[kArraySize]); - // Encapsulate the invalid memory access into a try-catch statement to prevent - // this function from being instrumented. This way the underflow won't be - // detected but the corruption will (as the allocator will still be hooked). - __try { - int dummy = array[-1]--; - // Make sure the assignments to the dummy value aren't optimized away. - base::debug::Alias(&array); - } __except (EXCEPTION_EXECUTE_HANDLER) { - return; - } -} -#pragma warning(pop) -#endif - #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) NOINLINE static void MaybeTriggerAsanError(const GURL& url) { // NOTE(rogerm): We intentionally perform an invalid heap access here in @@ -235,9 +210,6 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) { static const char kHeapOverflow[] = "/heap-overflow"; static const char kHeapUnderflow[] = "/heap-underflow"; static const char kUseAfterFree[] = "/use-after-free"; -#if defined(SYZYASAN) - static const char kCorruptHeapBlock[] = "/corrupt-heap-block"; -#endif static const int kArraySize = 5; if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1)) @@ -257,10 +229,6 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) { int* dangling = array.get(); array.reset(); dummy = dangling[kArraySize / 2]; -#if defined(SYZYASAN) - } else if (crash_type == kCorruptHeapBlock) { - CorruptMemoryBlock(); -#endif } // Make sure the assignments to the dummy value aren't optimized away. |