[webkit-changes] [207646] trunk/Source/bmalloc

Thu, 20 Oct 2016 17:15:07 -0700

Title: [207646] trunk/Source/bmalloc
Revision
207646
Author
mark....@apple.com
Date
2016-10-20 17:15:31 -0700 (Thu, 20 Oct 2016)

Log Message

bmalloc api should crash on failure to allocate when !isBmallocEnabled.
https://bugs.webkit.org/show_bug.cgi?id=163766

Reviewed by Keith Miller and Filip Pizlo.

We want to crash in bmalloc on failure to allocate even when !isBmallocEnabled.
This is so that failures to allocate memory will manifest as crashes with a
unique signature (i.e. as a SIGTRAP on release builds, or as a write to illegal
address 0xbbadbeef on debug builds) and the crash will manifest inside bmalloc.
This distinguishes allocation failures from other crashing bugs that manifest as
SIGSEGVs due to random pointer dereferences in the clients of bmalloc.

* bmalloc/Allocator.cpp:
(bmalloc::Allocator::allocateImpl):
(bmalloc::Allocator::reallocate):
(bmalloc::Allocator::allocateSlowCase):

Modified Paths

Diff

Modified: trunk/Source/bmalloc/ChangeLog (207645 => 207646)


--- trunk/Source/bmalloc/ChangeLog	2016-10-21 00:04:36 UTC (rev 207645)
+++ trunk/Source/bmalloc/ChangeLog	2016-10-21 00:15:31 UTC (rev 207646)
@@ -1,3 +1,22 @@
+2016-10-20  Mark Lam  <mark....@apple.com>
+
+        bmalloc api should crash on failure to allocate when !isBmallocEnabled.
+        https://bugs.webkit.org/show_bug.cgi?id=163766
+
+        Reviewed by Keith Miller and Filip Pizlo.
+
+        We want to crash in bmalloc on failure to allocate even when !isBmallocEnabled.
+        This is so that failures to allocate memory will manifest as crashes with a
+        unique signature (i.e. as a SIGTRAP on release builds, or as a write to illegal
+        address 0xbbadbeef on debug builds) and the crash will manifest inside bmalloc.
+        This distinguishes allocation failures from other crashing bugs that manifest as
+        SIGSEGVs due to random pointer dereferences in the clients of bmalloc.
+
+        * bmalloc/Allocator.cpp:
+        (bmalloc::Allocator::allocateImpl):
+        (bmalloc::Allocator::reallocate):
+        (bmalloc::Allocator::allocateSlowCase):
+
 2016-09-26  Yoshiaki Jitsukawa  <yoshiaki.jitsuk...@sony.com>
 
         Avoid implicit conversion from iterator to pointer

Modified: trunk/Source/bmalloc/bmalloc/Allocator.cpp (207645 => 207646)


--- trunk/Source/bmalloc/bmalloc/Allocator.cpp	2016-10-21 00:04:36 UTC (rev 207645)
+++ trunk/Source/bmalloc/bmalloc/Allocator.cpp	2016-10-21 00:15:31 UTC (rev 207646)
@@ -80,8 +80,11 @@
 
     if (!m_isBmallocEnabled) {
         void* result = nullptr;
-        if (posix_memalign(&result, alignment, size))
+        if (posix_memalign(&result, alignment, size)) {
+            if (crashOnFailure)
+                BCRASH();
             return nullptr;
+        }
         return result;
     }
 
@@ -100,8 +103,12 @@
 
 void* Allocator::reallocate(void* object, size_t newSize)
 {
-    if (!m_isBmallocEnabled)
-        return realloc(object, newSize);
+    if (!m_isBmallocEnabled) {
+        void* result = realloc(object, newSize);
+        if (!result)
+            BCRASH();
+        return result;
+    }
 
     size_t oldSize = 0;
     switch (objectType(object)) {
@@ -186,8 +193,12 @@
 
 void* Allocator::allocateSlowCase(size_t size)
 {
-    if (!m_isBmallocEnabled)
-        return malloc(size);
+    if (!m_isBmallocEnabled) {
+        void* result = malloc(size);
+        if (!result)
+            BCRASH();
+        return result;
+    }
 
     if (size <= maskSizeClassMax) {
         size_t sizeClass = bmalloc::maskSizeClass(size);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to