zhuyijun
/
BRPC
mirror of https://gitee.com/baidu/BRPC.git


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#if defined(OS_WIN)
#include <windows.h>
#endif

#include "base/debug/alias.h"
#include "base/debug/asan_invalid_access.h"
#include "base/logging.h"
#include "base/memory/scoped_ptr.h"

namespace base {
namespace debug {

namespace {

#if defined(SYZYASAN)
// Corrupt a memory block and make sure that the corruption gets detected either
// when we free it or when another crash happens (if |induce_crash| is set to
// true).
NOINLINE void CorruptMemoryBlock(bool induce_crash) {
  // NOTE(sebmarchand): We intentionally corrupt a memory block here in order to
  //     trigger an Address Sanitizer (ASAN) error report.
  static const int kArraySize = 5;
  int* array = new int[kArraySize];
  // Encapsulate the invalid memory access into a try-catch statement to prevent
  // this function from being instrumented. This way the underflow won't be
  // detected but the corruption will (as the allocator will still be hooked).
  try {
    // Declares the dummy value as volatile to make sure it doesn't get
    // optimized away.
    int volatile dummy = array[-1]--;
    base::debug::Alias(const_cast<int*>(&dummy));
  } catch (...) {
  }
  if (induce_crash)
    CHECK(false);
  delete[] array;
}
#endif

}  // namespace

#if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
// NOTE(sebmarchand): We intentionally perform some invalid heap access here in
//     order to trigger an AddressSanitizer (ASan) error report.

static const int kArraySize = 5;

void AsanHeapOverflow() {
  scoped_ptr<int[]> array(new int[kArraySize]);
  // Declares the dummy value as volatile to make sure it doesn't get optimized
  // away.
  int volatile dummy = 0;
  dummy = array[kArraySize];
  base::debug::Alias(const_cast<int*>(&dummy));
}

void AsanHeapUnderflow() {
  scoped_ptr<int[]> array(new int[kArraySize]);
  // Declares the dummy value as volatile to make sure it doesn't get optimized
  // away.
  int volatile dummy = 0;
  dummy = array[-1];
  base::debug::Alias(const_cast<int*>(&dummy));
}

void AsanHeapUseAfterFree() {
  scoped_ptr<int[]> array(new int[kArraySize]);
  // Declares the dummy value as volatile to make sure it doesn't get optimized
  // away.
  int volatile dummy = 0;
  int* dangling = array.get();
  array.reset();
  dummy = dangling[kArraySize / 2];
  base::debug::Alias(const_cast<int*>(&dummy));
}

#endif  // ADDRESS_SANITIZER || SYZYASAN

#if defined(SYZYASAN)
void AsanCorruptHeapBlock() {
  CorruptMemoryBlock(false);
}

void AsanCorruptHeap() {
  CorruptMemoryBlock(true);
}
#endif  // SYZYASAN

}  // namespace debug
}  // namespace base