Commit 53c4461c authored by Vlad Tsyrklevich's avatar Vlad Tsyrklevich Committed by Commit Bot

GWP-ASan: Replace DCHECK for reachable conditiion

Currently, GetErrorType() sanity checks that a crash never happens when
accessing an allocated page; however, while testing locally I was able
to trigger this DCHECK very infrequently. Replace it with a LOG and
return kUnknown instead to be safe.

Change-Id: I2a970ac4ff22b88155598988a4ce23aada542b36
Reviewed-on: https://chromium-review.googlesource.com/c/1354652
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: default avatarVitaly Buka <vitalybuka@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612467}
parent eb48f2f9
......@@ -102,7 +102,19 @@ AllocatorState::ErrorType AllocatorState::GetErrorType(uintptr_t addr,
if (addr > last_page_addr)
return ErrorType::kBufferOverflow;
const uintptr_t offset = addr - first_page_addr;
DCHECK_NE((offset >> base::bits::Log2Floor(page_size)) % 2, 0ULL);
// If we hit this condition, it means we crashed on accessing an allocation
// even though it's currently allocated [there is a if(deallocated) return
// earlier.] This can happen when a use-after-free causes a crash and another
// thread manages to allocate the page in another thread before it's stopped.
// This can happen with low sampling frequencies and high parallel allocator
// usage.
if ((offset >> base::bits::Log2Floor(page_size)) % 2 == 0) {
LOG(WARNING) << "Hit impossible error condition, likely caused by a racy "
"use-after-free";
return ErrorType::kUnknown;
}
const size_t kHalfPageSize = page_size / 2;
return (offset >> base::bits::Log2Floor(kHalfPageSize)) % 2 == 0
? ErrorType::kBufferOverflow
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment