From 0b500e330a78c7c06889dbc66143f2ed8f3eb668 Mon Sep 17 00:00:00 2001 From: "sebmarchand@chromium.org" Date: Fri, 25 Apr 2014 02:55:08 +0000 Subject: Revert of Add support for more ASAN errors generation to chrome://crash/... (https://codereview.chromium.org/247543002/) Reason for revert: This break the debug build. Original issue's description: > Add support for more ASAN errors generation to chrome://crash/... > > Adds the following crash url to chrome/chromium builds when SYZYASAN is defined (built with syzyasan=1 in GYP_DEFINES): > heap-corrupted-block > > This allows easy validation of the instrumentation/reporting for a given build without having to track down a known/unfixed memory error. > > > R=chrisha@chromium.org > > BUG= > > Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=265942 TBR=chrisha@chromium.org,jochen@chromium.org NOTREECHECKS=true NOTRY=true BUG= Review URL: https://codereview.chromium.org/250793002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266101 0039d316-1c4b-4281-b951-d872f2087c98 --- content/renderer/render_frame_impl.cc | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc index 3c5f497..c6526dd 100644 --- a/content/renderer/render_frame_impl.cc +++ b/content/renderer/render_frame_impl.cc @@ -202,31 +202,6 @@ NOINLINE static void CrashIntentionally() { *zero = 0; } -#if defined(SYZYASAN) -// This code triggers a C4509 warning as we're using an object with a destructor -// in a function with SEH. We can safely disable this as no exception will -// actually be thrown. -#pragma warning(push) -#pragma warning(disable: 4509) -NOINLINE static void CorruptMemoryBlock() { - // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to - // trigger an Address Sanitizer (ASAN) error report. - static const int kArraySize = 5; - scoped_ptr array(new int[kArraySize]); - // Encapsulate the invalid memory access into a try-catch statement to prevent - // this function from being instrumented. This way the underflow won't be - // detected but the corruption will (as the allocator will still be hooked). - __try { - int dummy = array[-1]--; - // Make sure the assignments to the dummy value aren't optimized away. - base::debug::Alias(&array); - } __except (EXCEPTION_EXECUTE_HANDLER) { - return; - } -} -#pragma warning(pop) -#endif - #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN) NOINLINE static void MaybeTriggerAsanError(const GURL& url) { // NOTE(rogerm): We intentionally perform an invalid heap access here in @@ -235,9 +210,6 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) { static const char kHeapOverflow[] = "/heap-overflow"; static const char kHeapUnderflow[] = "/heap-underflow"; static const char kUseAfterFree[] = "/use-after-free"; -#if defined(SYZYASAN) - static const char kCorruptHeapBlock[] = "/corrupt-heap-block"; -#endif static const int kArraySize = 5; if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1)) @@ -257,10 +229,6 @@ NOINLINE static void MaybeTriggerAsanError(const GURL& url) { int* dangling = array.get(); array.reset(); dummy = dangling[kArraySize / 2]; -#if defined(SYZYASAN) - } else if (crash_type == kCorruptHeapBlock) { - CorruptMemoryBlock(); -#endif } // Make sure the assignments to the dummy value aren't optimized away. -- cgit v1.1