PA: Call PartitionRefCountPointerNoDCheck on 2 more paths

If GigaCage isn't enabled, this DCHECK will get triggered: {FreeNoHooksImmediate,PartitionAllocFreeForRefCounting}-> ->PartitionRefCountPointer->DCheckGetSlotOffsetIsZero-> ->PartitionAllocGetSlotOffset-> ->DCheckIfManagedByPartitionAllocNormalBuckets GigaCage isn't needed to set up PartitionRefCount. It's only needed to easily detect from BackupRefPtr code if PartitionRefCount is available, but this won't be an issue because BackupRefPtr is disabled when GigaCage isn't needed. Bug: 1073933 Change-Id: I78faea9427ca06643033d0025cdef6472131c816 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2621855 Auto-Submit: Bartek Nowierski <bartekn@chromium.org> Commit-Queue: Keishi Hattori <keishi@chromium.org> Reviewed-by: Keishi Hattori <keishi@chromium.org> Cr-Commit-Position: refs/heads/master@{#842861}

PA: Call PartitionRefCountPointerNoDCheck on 2 more paths
If GigaCage isn't enabled, this DCHECK will get triggered: {FreeNoHooksImmediate,PartitionAllocFreeForRefCounting}-> ->PartitionRefCountPointer->DCheckGetSlotOffsetIsZero-> ->PartitionAllocGetSlotOffset-> ->DCheckIfManagedByPartitionAllocNormalBuckets GigaCage isn't needed to set up PartitionRefCount. It's only needed to easily detect from BackupRefPtr code if PartitionRefCount is available, but this won't be an issue because BackupRefPtr is disabled when GigaCage isn't needed. Bug: 1073933 Change-Id: I78faea9427ca06643033d0025cdef6472131c816 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2621855 Auto-Submit: Bartek Nowierski <bartekn@chromium.org> Commit-Queue: Keishi Hattori <keishi@chromium.org> Reviewed-by: Keishi Hattori <keishi@chromium.org> Cr-Commit-Position: refs/heads/master@{#842861}
f2adce5b · Bartek Nowierski · Chromium LUCI CQ · 8692c7cc · f2adce5b
Commit f2adce5b authored Jan 13, 2021 by Bartek Nowierski Committed by Chromium LUCI CQ Jan 13, 2021
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

base/allocator/partition_allocator/partition_root.h base/allocator/partition_allocator/partition_root.h +2 -2

No files found.
--- a/base/allocator/partition_allocator/partition_root.h
+++ b/base/allocator/partition_allocator/partition_root.h
@@ -693,7 +693,7 @@ ALWAYS_INLINE void* PartitionAllocGetSlotStart(void* ptr) {
 // TODO(glazunov): Simplify the function once the non-thread-safe PartitionRoot
 // is no longer used.
 ALWAYS_INLINE void PartitionAllocFreeForRefCounting(void* slot_start) {
-  PA_DCHECK(!internal::PartitionRefCountPointer(slot_start)->IsAlive());
+  PA_DCHECK(!internal::PartitionRefCountPointerNoDCheck(slot_start)->IsAlive());
  auto* slot_span =
      SlotSpanMetadata<ThreadSafe>::FromPointerNoAlignmentCheck(slot_start);
@@ -870,7 +870,7 @@ ALWAYS_INLINE void PartitionRoot<thread_safe>::FreeNoHooksImmediate(
 #if ENABLE_REF_COUNT_FOR_BACKUP_REF_PTR
  if (allow_ref_count) {
    if (LIKELY(!slot_span->bucket->is_direct_mapped())) {
-      auto* ref_count = internal::PartitionRefCountPointer(slot_start);
+      auto* ref_count = internal::PartitionRefCountPointerNoDCheck(slot_start);
      // If we are holding the last reference to the allocation, it can be freed
      // immediately. Otherwise, defer the operation and zap the memory to turn
      // potential use-after-free issues into unexploitable crashes.