Mark all the free'ed region with special markers so that browser

will crash if free'ed memory is accessed (hoping to detect the
memory corrupters).

BUG=76891
TBR=jar
Review URL: http://codereview.chromium.org/6676098

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79258 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 1 deletions

diff --git a/third_party/tcmalloc/chromium/src/tcmalloc.cc b/third_party/tcmalloc/chromium/src/tcmalloc.cc
index e702256..629f4e0 100644
--- a/third_party/tcmalloc/chromium/src/tcmalloc.cc
+++ b/third_party/tcmalloc/chromium/src/tcmalloc.cc
@@ -1615,7 +1615,7 @@ void *(*__memalign_hook)(size_t, size_t, const void *) = MemalignOverride;
 // It will cost abotu 2% in performance, but it will catch double frees (most of
 // the time), and will often catch allocated-buffer overrun errors.  This
 // validation is only active when TCMalloc is used as the allocator.
-// #define TCMALLOC_VALIDATION
+#define TCMALLOC_VALIDATION
 
 #if !defined(TCMALLOC_VALIDATION)
 
@@ -1738,6 +1738,10 @@ static void ValidateAllocatedRegion(void* ptr, size_t cl) {
   if (current_mark != allocated_mark)
     DieFromMemoryCorruption();
   *mark = ~allocated_mark;  //  Distinctively not allocated.
+  // Copy the mark into all the free'd region.
+  size_t class_size = static_cast<size_t>(reinterpret_cast<char*>(mark) -
+                                          reinterpret_cast<char*>(ptr));
+  memset(ptr, static_cast<char>(0x36), class_size);
 }
 
 static void MarkAllocatedRegion(void* ptr) {