[PartitionAlloc] fix cookie tracking for large no-op reallocs

The new test case will trip an assert under debug builds prior to the patch: *cookie_ptr == kCookieValue[i] because a new cookie is not written, and the old location now is part of the space made available to the caller. Bug: 897585 Change-Id: I9cb0a0378bd692445580f7b8b796200154bc15c6 Reviewed-on: https://chromium-review.googlesource.com/c/1294724Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/master@{#602042}

[PartitionAlloc] fix cookie tracking for large no-op reallocs
The new test case will trip an assert under debug builds prior to the patch: *cookie_ptr == kCookieValue[i] because a new cookie is not written, and the old location now is part of the space made available to the caller. Bug: 897585 Change-Id: I9cb0a0378bd692445580f7b8b796200154bc15c6 Reviewed-on: https://chromium-review.googlesource.com/c/1294724Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/master@{#602042}
26c94f4e · Tom Sepez · Commit Bot · 4d860005 · 26c94f4e · 26c94f4e
Commit 26c94f4e authored Oct 23, 2018 by Tom Sepez Committed by Commit Bot Oct 23, 2018
2 changed files
--- a/base/allocator/partition_allocator/partition_alloc.cc
+++ b/base/allocator/partition_allocator/partition_alloc.cc
@@ -207,12 +207,10 @@ bool PartitionReallocDirectMappedInPlace(PartitionRootGeneric* root,

  // bucket->slot_size is the current size of the allocation.
  size_t current_size = page->bucket->slot_size;
-  if (new_size == current_size)
-    return true;
-
  char* char_ptr = static_cast<char*>(internal::PartitionPage::ToPointer(page));
-
-  if (new_size < current_size) {
+  if (new_size == current_size) {
+    // No need to move any memory around, but update size and cookie below.
+  } else if (new_size < current_size) {
    size_t map_size =
        internal::PartitionDirectMapExtent::FromPage(page)->map_size;


--- a/base/allocator/partition_allocator/partition_alloc_unittest.cc
+++ b/base/allocator/partition_allocator/partition_alloc_unittest.cc
@@ -2211,6 +2211,24 @@ TEST_F(PartitionAllocTest, ZeroFill) {
  }
 }

+TEST_F(PartitionAllocTest, Bug_897585) {
+  // Need sizes big enough to be direct mapped and a delta small enough to
+  // allow re-use of the page when cookied. These numbers fall out of the
+  // test case in the indicated bug.
+  size_t kInitialSize = 983040;
+  size_t kDesiredSize = 983100;
+  void* ptr = PartitionAllocGenericFlags(generic_allocator.root(),
+                                         PartitionAllocReturnNull, kInitialSize,
+                                         nullptr);
+  ASSERT_NE(nullptr, ptr);
+  ptr = PartitionReallocGenericFlags(generic_allocator.root(),
+                                     PartitionAllocReturnNull, ptr,
+                                     kDesiredSize, nullptr);
+  ASSERT_NE(nullptr, ptr);
+  memset(ptr, 0xbd, kDesiredSize);
+  PartitionFree(ptr);
+}
+
 }  // namespace internal
 }  // namespace base