Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libchrome / c6d4422a3d811ef3bbcc8c918e5db944c1edc433^! / . / base / security_unittest.cc
commitc6d4422a3d811ef3bbcc8c918e5db944c1edc433[log] [tgz]
authorjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>Wed Feb 06 12:23:49 2013 +0900
committerQijiang Fan <fqj@google.com>Thu Jun 04 14:02:31 2020 +0900
treeb0a03cf5b0d6fe1a8482d68e6fe09b24aac3a3f2
parente2b8d468334a89ee49a66d0b920eb69a6a2e865d [diff] [blame]
Security unittests: add more compiler barriers

Add more compiler barriers to prevent the compiler from optimizing
out calls to the very function we're testing.

This makes SecurityTest* pass in a Clang release build.

BUG=174452
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/12210023

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@180888 0039d316-1c4b-4281-b951-d872f2087c98


CrOS-Libchrome-Original-Commit: fe394f3488fbbdce06e7b40b2703696ef0b6dd1e

diff --git a/base/security_unittest.cc b/base/security_unittest.cc
index 0b7e7f3..f81ee0d 100644
--- a/base/security_unittest.cc
+++ b/base/security_unittest.cc

@@ -28,6 +28,15 @@
 
 namespace {
 
+// This function acts as a compiler optimization barrier. We use it to
+// prevent the compiler from making an expression a compile-time constant.
+// We also use it so that the compiler doesn't discard certain return values
+// as something we don't need (see the comment with calloc below).
+template <typename Type>
+Type HideValueFromCompiler(volatile Type value) {
+  return value;
+}
+
 // Check that we can not allocate a memory range that cannot be indexed
 // via an int. This is used to mitigate vulnerabilities in libraries that use
 // int instead of size_t.
@@ -67,27 +76,27 @@
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsMalloc)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(malloc(kTooBigAllocSize)));
-    ASSERT_TRUE(ptr == NULL);
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(malloc(kTooBigAllocSize))));
+    ASSERT_TRUE(!ptr);
   }
 }
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsCalloc)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(calloc(kTooBigAllocSize, 1)));
-    ASSERT_TRUE(ptr == NULL);
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(calloc(kTooBigAllocSize, 1))));
+    ASSERT_TRUE(!ptr);
   }
 }
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsRealloc)) {
   if (!IsTcMallocBypassed()) {
     char* orig_ptr = static_cast<char*>(malloc(1));
-    ASSERT_TRUE(orig_ptr != NULL);
-    scoped_ptr<char, base::FreeDeleter>
-        ptr(static_cast<char*>(realloc(orig_ptr, kTooBigAllocSize)));
-    ASSERT_TRUE(ptr == NULL);
+    ASSERT_TRUE(orig_ptr);
+    scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>(
+        HideValueFromCompiler(realloc(orig_ptr, kTooBigAllocSize))));
+    ASSERT_TRUE(!ptr);
     // If realloc() did not succeed, we need to free orig_ptr.
     free(orig_ptr);
   }
@@ -99,15 +108,17 @@
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNew)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<VeryLargeStruct> ptr(new (nothrow) VeryLargeStruct);
-    ASSERT_TRUE(ptr == NULL);
+    scoped_ptr<VeryLargeStruct> ptr(
+        HideValueFromCompiler(new (nothrow) VeryLargeStruct));
+    ASSERT_TRUE(!ptr);
   }
 }
 
 TEST(SecurityTest, ALLOC_TEST(MemoryAllocationRestrictionsNewArray)) {
   if (!IsTcMallocBypassed()) {
-    scoped_ptr<char[]> ptr(new (nothrow) char[kTooBigAllocSize]);
-    ASSERT_TRUE(ptr == NULL);
+    scoped_ptr<char[]> ptr(
+        HideValueFromCompiler(new (nothrow) char[kTooBigAllocSize]));
+    ASSERT_TRUE(!ptr);
   }
 }
 
@@ -143,15 +154,6 @@
   }
 }
 
-// This function acts as a compiler optimization barrier. We use it to
-// prevent the compiler from making an expression a compile-time constant.
-// We also use it so that the compiler doesn't discard certain return values
-// as something we don't need (see the comment with calloc below).
-template <typename Type>
-Type HideValueFromCompiler(volatile Type value) {
-  return value;
-}
-
 // Test array[TooBig][X] and array[X][TooBig] allocations for int overflows.
 // IOS doesn't honor nothrow, so disable the test there.
 // Disable on Windows, we suspect some are failing because of it.
@@ -169,12 +171,12 @@
   {
     scoped_ptr<char[][kArraySize]> array_pointer(new (nothrow)
         char[kDynamicArraySize2][kArraySize]);
-    OverflowTestsSoftExpectTrue(array_pointer == NULL);
+    OverflowTestsSoftExpectTrue(!array_pointer);
   }
   {
     scoped_ptr<char[][kArraySize2]> array_pointer(new (nothrow)
         char[kDynamicArraySize][kArraySize2]);
-    OverflowTestsSoftExpectTrue(array_pointer == NULL);
+    OverflowTestsSoftExpectTrue(!array_pointer);
   }
 }