gwp-asan: Fix potential race in GuardedPageAllocator.

|total_allocations_| is used after the mutex guarding it is released. This CL reads its value before releasing the mutex, removing the race condition. Bug: 881875 Change-Id: Iba1539eb75012bb69bf2bd6631345fa9518a62cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2098017 Commit-Queue: Victor Costan <pwnall@chromium.org> Auto-Submit: Victor Costan <pwnall@chromium.org> Reviewed-by: Colin Blundell <blundell@chromium.org> Cr-Commit-Position: refs/heads/master@{#749175}

gwp-asan: Fix potential race in GuardedPageAllocator.
|total_allocations_| is used after the mutex guarding it is released. This CL reads its value before releasing the mutex, removing the race condition. Bug: 881875 Change-Id: Iba1539eb75012bb69bf2bd6631345fa9518a62cd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2098017 Commit-Queue: Victor Costan <pwnall@chromium.org> Auto-Submit: Victor Costan <pwnall@chromium.org> Reviewed-by: Colin Blundell <blundell@chromium.org> Cr-Commit-Position: refs/heads/master@{#749175}
e56ee14a · Victor Costan · Commit Bot · 49bb7ead · e56ee14a
Commit e56ee14a authored Mar 11, 2020 by Victor Costan Committed by Commit Bot Mar 11, 2020
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

components/gwp_asan/client/guarded_page_allocator.cc components/gwp_asan/client/guarded_page_allocator.cc +2 -1

No files found.
--- a/components/gwp_asan/client/guarded_page_allocator.cc
+++ b/components/gwp_asan/client/guarded_page_allocator.cc
@@ -347,8 +347,9 @@ bool GuardedPageAllocator::ReserveSlotAndMetadata(
    if (!oom_hit_) {
      if (++consecutive_failed_allocations_ == kOutOfMemoryCount) {
        oom_hit_ = true;
+        size_t allocations = total_allocations_ - kOutOfMemoryCount;
        base::AutoUnlock unlock(lock_);
-        std::move(oom_callback_).Run(total_allocations_ - kOutOfMemoryCount);
+        std::move(oom_callback_).Run(allocations);
      }
    }
    return false;