diff options
| author | simonb@chromium.org <simonb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-22 16:12:38 +0000 |
|---|---|---|
| committer | simonb@chromium.org <simonb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-22 16:12:38 +0000 |
| commit | cd168d331c23af5fb04ef98b99870c845fef2ef7 (patch) | |
| tree | eb586fee1dbed7d70e203552951a5131ef12a92a /third_party | |
| parent | d31ddcf1c2b08771a5a22efdac6820f55494712f (diff) | |
| download | chromium_src-cd168d331c23af5fb04ef98b99870c845fef2ef7.zip chromium_src-cd168d331c23af5fb04ef98b99870c845fef2ef7.tar.gz chromium_src-cd168d331c23af5fb04ef98b99870c845fef2ef7.tar.bz2 | |
Provide consistent behaviour for memchr(_,_,0)
A memchr() search of a zero-byte range returns an undefined value.
On arm32 it always returns NULL, but on arm64 it does not. This
causes random crashes while reading /proc/self/maps when loading the
64-bit libchrome.
Fix by setting the value to which memchr() assigns to NULL if the
search range is zero bytes. There are three calls to memchr(). Two
of them could encounter this; the third is safe.
BUG=394306
Review URL: https://codereview.chromium.org/405153002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@284693 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party')
3 files changed, 18 insertions, 6 deletions
diff --git a/third_party/android_crazy_linker/README.chromium b/third_party/android_crazy_linker/README.chromium index e308232..485d50a 100644 --- a/third_party/android_crazy_linker/README.chromium +++ b/third_party/android_crazy_linker/README.chromium @@ -29,3 +29,5 @@ Local Modifications: - Fix -Werror=sign-compare error encountered in NDK build. - Improve permission denied message to mention upgrading from L-preview. + +- Fix for crbug/394306 (Chrome crashes during startup ... on Arm64 AAW15) diff --git a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp index c020daa..8c63370 100644 --- a/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp +++ b/third_party/android_crazy_linker/src/src/crazy_linker_line_reader.cpp @@ -51,10 +51,15 @@ bool LineReader::GetNextLine() { buff_size_, buff_capacity_); - // Find the end of the current line in the current buffer. + // Find the end of the current line in the current buffer. The result + // of memchr(_,_,0) is undefined, treated as not-found. const char* line = buff_ + line_start_; - const char* line_end = reinterpret_cast<const char*>( - ::memchr(line, '\n', buff_size_ - line_start_)); + const size_t range = buff_size_ - line_start_; + const char* line_end; + if (range > 0) + line_end = reinterpret_cast<const char*>(::memchr(line, '\n', range)); + else + line_end = NULL; if (line_end != NULL) { // Found one, return it directly. line_len_ = static_cast<size_t>(line_end + 1 - line); diff --git a/third_party/android_crazy_linker/src/src/crazy_linker_proc_maps.cpp b/third_party/android_crazy_linker/src/src/crazy_linker_proc_maps.cpp index 104f609..713870b 100644 --- a/third_party/android_crazy_linker/src/src/crazy_linker_proc_maps.cpp +++ b/third_party/android_crazy_linker/src/src/crazy_linker_proc_maps.cpp @@ -56,10 +56,15 @@ bool ParseProcMapsLine(const char* line, p++; // find start and end of current token, and compute start of - // next search. + // next search. The result of memchr(_,_,0) is undefined, treated as + // not-found. const char* tok_start = p; - const char* tok_end = - static_cast<const char*>(memchr(p, separator, line_end - p)); + const size_t range = line_end - p; + const char* tok_end; + if (range > 0) + tok_end = static_cast<const char*>(memchr(p, separator, range)); + else + tok_end = NULL; if (!tok_end) { tok_end = line_end; p = line_end; |