jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 1 | // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 5 | #include <fcntl.h> |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 6 | #include <stdio.h> |
| 7 | #include <stdlib.h> |
| 8 | #include <string.h> |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 9 | #include <sys/stat.h> |
| 10 | #include <sys/types.h> |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 11 | |
| 12 | #include <algorithm> |
| 13 | #include <limits> |
| 14 | |
brettw@chromium.org | 01f3da4 | 2014-08-14 05:22:14 +0900 | [diff] [blame] | 15 | #include "base/files/file_util.h" |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 16 | #include "base/logging.h" |
| 17 | #include "base/memory/scoped_ptr.h" |
jln@chromium.org | a55baa6 | 2013-02-05 08:39:48 +0900 | [diff] [blame] | 18 | #include "build/build_config.h" |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 19 | #include "testing/gtest/include/gtest/gtest.h" |
| 20 | |
jln@chromium.org | a55baa6 | 2013-02-05 08:39:48 +0900 | [diff] [blame] | 21 | #if defined(OS_POSIX) |
| 22 | #include <sys/mman.h> |
| 23 | #include <unistd.h> |
| 24 | #endif |
| 25 | |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 26 | using std::nothrow; |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 27 | using std::numeric_limits; |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 28 | |
| 29 | namespace { |
| 30 | |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 31 | // This function acts as a compiler optimization barrier. We use it to |
| 32 | // prevent the compiler from making an expression a compile-time constant. |
| 33 | // We also use it so that the compiler doesn't discard certain return values |
| 34 | // as something we don't need (see the comment with calloc below). |
| 35 | template <typename Type> |
| 36 | Type HideValueFromCompiler(volatile Type value) { |
jln@chromium.org | 5975586 | 2013-04-04 21:02:35 +0900 | [diff] [blame] | 37 | #if defined(__GNUC__) |
| 38 | // In a GCC compatible compiler (GCC or Clang), make this compiler barrier |
| 39 | // more robust than merely using "volatile". |
| 40 | __asm__ volatile ("" : "+r" (value)); |
| 41 | #endif // __GNUC__ |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 42 | return value; |
| 43 | } |
| 44 | |
dmikurube@chromium.org | 1df3651 | 2014-03-06 05:07:26 +0900 | [diff] [blame] | 45 | // - NO_TCMALLOC (should be defined if compiled with use_allocator!="tcmalloc") |
chrisha@google.com | 87839ab | 2014-03-28 00:08:04 +0900 | [diff] [blame] | 46 | // - ADDRESS_SANITIZER and SYZYASAN because they have their own memory allocator |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 47 | // - IOS does not use tcmalloc |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 48 | // - OS_MACOSX does not use tcmalloc |
| 49 | #if !defined(NO_TCMALLOC) && !defined(ADDRESS_SANITIZER) && \ |
chrisha@google.com | 87839ab | 2014-03-28 00:08:04 +0900 | [diff] [blame] | 50 | !defined(OS_IOS) && !defined(OS_MACOSX) && !defined(SYZYASAN) |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 51 | #define TCMALLOC_TEST(function) function |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 52 | #else |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 53 | #define TCMALLOC_TEST(function) DISABLED_##function |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 54 | #endif |
| 55 | |
| 56 | // TODO(jln): switch to std::numeric_limits<int>::max() when we switch to |
| 57 | // C++11. |
| 58 | const size_t kTooBigAllocSize = INT_MAX; |
| 59 | |
| 60 | // Detect runtime TCMalloc bypasses. |
| 61 | bool IsTcMallocBypassed() { |
estade@chromium.org | d841d6d | 2014-04-16 05:58:09 +0900 | [diff] [blame] | 62 | #if defined(OS_LINUX) |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 63 | // This should detect a TCMalloc bypass from Valgrind. |
| 64 | char* g_slice = getenv("G_SLICE"); |
| 65 | if (g_slice && !strcmp(g_slice, "always-malloc")) |
| 66 | return true; |
wfh@chromium.org | 91738f6 | 2013-06-11 08:48:49 +0900 | [diff] [blame] | 67 | #elif defined(OS_WIN) |
| 68 | // This should detect a TCMalloc bypass from setting |
| 69 | // the CHROME_ALLOCATOR environment variable. |
| 70 | char* allocator = getenv("CHROME_ALLOCATOR"); |
| 71 | if (allocator && strcmp(allocator, "tcmalloc")) |
| 72 | return true; |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 73 | #endif |
| 74 | return false; |
| 75 | } |
| 76 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 77 | bool CallocDiesOnOOM() { |
thakis@chromium.org | f057926 | 2013-10-12 15:02:42 +0900 | [diff] [blame] | 78 | // The sanitizers' calloc dies on OOM instead of returning NULL. |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 79 | // The wrapper function in base/process_util_linux.cc that is used when we |
| 80 | // compile without TCMalloc will just die on OOM instead of returning NULL. |
timurrrr@chromium.org | 05680db | 2014-05-07 17:57:46 +0900 | [diff] [blame] | 81 | #if defined(ADDRESS_SANITIZER) || \ |
| 82 | defined(MEMORY_SANITIZER) || \ |
| 83 | defined(THREAD_SANITIZER) || \ |
| 84 | (defined(OS_LINUX) && defined(NO_TCMALLOC)) |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 85 | return true; |
| 86 | #else |
| 87 | return false; |
| 88 | #endif |
| 89 | } |
| 90 | |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 91 | // Fake test that allow to know the state of TCMalloc by looking at bots. |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 92 | TEST(SecurityTest, TCMALLOC_TEST(IsTCMallocDynamicallyBypassed)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 93 | printf("Malloc is dynamically bypassed: %s\n", |
| 94 | IsTcMallocBypassed() ? "yes." : "no."); |
| 95 | } |
| 96 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 97 | // The MemoryAllocationRestrictions* tests test that we can not allocate a |
| 98 | // memory range that cannot be indexed via an int. This is used to mitigate |
| 99 | // vulnerabilities in libraries that use int instead of size_t. See |
| 100 | // crbug.com/169327. |
| 101 | |
| 102 | TEST(SecurityTest, TCMALLOC_TEST(MemoryAllocationRestrictionsMalloc)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 103 | if (!IsTcMallocBypassed()) { |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 104 | scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>( |
| 105 | HideValueFromCompiler(malloc(kTooBigAllocSize)))); |
| 106 | ASSERT_TRUE(!ptr); |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 107 | } |
| 108 | } |
| 109 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 110 | TEST(SecurityTest, TCMALLOC_TEST(MemoryAllocationRestrictionsCalloc)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 111 | if (!IsTcMallocBypassed()) { |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 112 | scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>( |
| 113 | HideValueFromCompiler(calloc(kTooBigAllocSize, 1)))); |
| 114 | ASSERT_TRUE(!ptr); |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 115 | } |
| 116 | } |
| 117 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 118 | TEST(SecurityTest, TCMALLOC_TEST(MemoryAllocationRestrictionsRealloc)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 119 | if (!IsTcMallocBypassed()) { |
| 120 | char* orig_ptr = static_cast<char*>(malloc(1)); |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 121 | ASSERT_TRUE(orig_ptr); |
| 122 | scoped_ptr<char, base::FreeDeleter> ptr(static_cast<char*>( |
| 123 | HideValueFromCompiler(realloc(orig_ptr, kTooBigAllocSize)))); |
| 124 | ASSERT_TRUE(!ptr); |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 125 | // If realloc() did not succeed, we need to free orig_ptr. |
| 126 | free(orig_ptr); |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | typedef struct { |
| 131 | char large_array[kTooBigAllocSize]; |
| 132 | } VeryLargeStruct; |
| 133 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 134 | TEST(SecurityTest, TCMALLOC_TEST(MemoryAllocationRestrictionsNew)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 135 | if (!IsTcMallocBypassed()) { |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 136 | scoped_ptr<VeryLargeStruct> ptr( |
| 137 | HideValueFromCompiler(new (nothrow) VeryLargeStruct)); |
| 138 | ASSERT_TRUE(!ptr); |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 139 | } |
| 140 | } |
| 141 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 142 | TEST(SecurityTest, TCMALLOC_TEST(MemoryAllocationRestrictionsNewArray)) { |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 143 | if (!IsTcMallocBypassed()) { |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 144 | scoped_ptr<char[]> ptr( |
| 145 | HideValueFromCompiler(new (nothrow) char[kTooBigAllocSize])); |
| 146 | ASSERT_TRUE(!ptr); |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 147 | } |
| 148 | } |
| 149 | |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 150 | // The tests bellow check for overflows in new[] and calloc(). |
| 151 | |
glider@chromium.org | e9bbb5a | 2013-10-24 17:57:19 +0900 | [diff] [blame] | 152 | #if defined(OS_IOS) || defined(OS_WIN) || defined(THREAD_SANITIZER) |
| 153 | #define DISABLE_ON_IOS_AND_WIN_AND_TSAN(function) DISABLED_##function |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 154 | #else |
glider@chromium.org | e9bbb5a | 2013-10-24 17:57:19 +0900 | [diff] [blame] | 155 | #define DISABLE_ON_IOS_AND_WIN_AND_TSAN(function) function |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 156 | #endif |
| 157 | |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 158 | // There are platforms where these tests are known to fail. We would like to |
| 159 | // be able to easily check the status on the bots, but marking tests as |
| 160 | // FAILS_ is too clunky. |
| 161 | void OverflowTestsSoftExpectTrue(bool overflow_detected) { |
| 162 | if (!overflow_detected) { |
| 163 | #if defined(OS_LINUX) || defined(OS_ANDROID) || defined(OS_MACOSX) |
| 164 | // Sadly, on Linux, Android, and OSX we don't have a good story yet. Don't |
| 165 | // fail the test, but report. |
| 166 | printf("Platform has overflow: %s\n", |
| 167 | !overflow_detected ? "yes." : "no."); |
| 168 | #else |
| 169 | // Otherwise, fail the test. (Note: EXPECT are ok in subfunctions, ASSERT |
| 170 | // aren't). |
| 171 | EXPECT_TRUE(overflow_detected); |
| 172 | #endif |
| 173 | } |
| 174 | } |
| 175 | |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 176 | // Test array[TooBig][X] and array[X][TooBig] allocations for int overflows. |
| 177 | // IOS doesn't honor nothrow, so disable the test there. |
jln@chromium.org | 5975586 | 2013-04-04 21:02:35 +0900 | [diff] [blame] | 178 | // Crashes on Windows Dbg builds, disable there as well. |
glider@chromium.org | e9bbb5a | 2013-10-24 17:57:19 +0900 | [diff] [blame] | 179 | TEST(SecurityTest, DISABLE_ON_IOS_AND_WIN_AND_TSAN(NewOverflow)) { |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 180 | const size_t kArraySize = 4096; |
| 181 | // We want something "dynamic" here, so that the compiler doesn't |
| 182 | // immediately reject crazy arrays. |
| 183 | const size_t kDynamicArraySize = HideValueFromCompiler(kArraySize); |
| 184 | // numeric_limits are still not constexpr until we switch to C++11, so we |
| 185 | // use an ugly cast. |
| 186 | const size_t kMaxSizeT = ~static_cast<size_t>(0); |
| 187 | ASSERT_EQ(numeric_limits<size_t>::max(), kMaxSizeT); |
| 188 | const size_t kArraySize2 = kMaxSizeT / kArraySize + 10; |
| 189 | const size_t kDynamicArraySize2 = HideValueFromCompiler(kArraySize2); |
| 190 | { |
| 191 | scoped_ptr<char[][kArraySize]> array_pointer(new (nothrow) |
| 192 | char[kDynamicArraySize2][kArraySize]); |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 193 | OverflowTestsSoftExpectTrue(!array_pointer); |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 194 | } |
jln@chromium.org | 5975586 | 2013-04-04 21:02:35 +0900 | [diff] [blame] | 195 | // On windows, the compiler prevents static array sizes of more than |
| 196 | // 0x7fffffff (error C2148). |
| 197 | #if !defined(OS_WIN) || !defined(ARCH_CPU_64_BITS) |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 198 | { |
| 199 | scoped_ptr<char[][kArraySize2]> array_pointer(new (nothrow) |
| 200 | char[kDynamicArraySize][kArraySize2]); |
jln@chromium.org | c6d4422 | 2013-02-06 12:23:49 +0900 | [diff] [blame] | 201 | OverflowTestsSoftExpectTrue(!array_pointer); |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 202 | } |
jln@chromium.org | 5975586 | 2013-04-04 21:02:35 +0900 | [diff] [blame] | 203 | #endif // !defined(OS_WIN) || !defined(ARCH_CPU_64_BITS) |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 204 | } |
| 205 | |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 206 | // Call calloc(), eventually free the memory and return whether or not |
| 207 | // calloc() did succeed. |
| 208 | bool CallocReturnsNull(size_t nmemb, size_t size) { |
| 209 | scoped_ptr<char, base::FreeDeleter> array_pointer( |
| 210 | static_cast<char*>(calloc(nmemb, size))); |
| 211 | // We need the call to HideValueFromCompiler(): we have seen LLVM |
| 212 | // optimize away the call to calloc() entirely and assume |
| 213 | // the pointer to not be NULL. |
| 214 | return HideValueFromCompiler(array_pointer.get()) == NULL; |
| 215 | } |
| 216 | |
jln@chromium.org | d010344 | 2013-04-05 02:24:04 +0900 | [diff] [blame] | 217 | // Test if calloc() can overflow. |
hans@chromium.org | dbe2475 | 2013-10-15 04:37:12 +0900 | [diff] [blame] | 218 | TEST(SecurityTest, CallocOverflow) { |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 219 | const size_t kArraySize = 4096; |
| 220 | const size_t kMaxSizeT = numeric_limits<size_t>::max(); |
| 221 | const size_t kArraySize2 = kMaxSizeT / kArraySize + 10; |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 222 | if (!CallocDiesOnOOM()) { |
| 223 | EXPECT_TRUE(CallocReturnsNull(kArraySize, kArraySize2)); |
| 224 | EXPECT_TRUE(CallocReturnsNull(kArraySize2, kArraySize)); |
| 225 | } else { |
| 226 | // It's also ok for calloc to just terminate the process. |
| 227 | #if defined(GTEST_HAS_DEATH_TEST) |
| 228 | EXPECT_DEATH(CallocReturnsNull(kArraySize, kArraySize2), ""); |
| 229 | EXPECT_DEATH(CallocReturnsNull(kArraySize2, kArraySize), ""); |
| 230 | #endif // GTEST_HAS_DEATH_TEST |
jln@chromium.org | d06052c | 2013-01-26 13:41:15 +0900 | [diff] [blame] | 231 | } |
| 232 | } |
| 233 | |
estade@chromium.org | d841d6d | 2014-04-16 05:58:09 +0900 | [diff] [blame] | 234 | #if defined(OS_LINUX) && defined(__x86_64__) |
jln@chromium.org | a55baa6 | 2013-02-05 08:39:48 +0900 | [diff] [blame] | 235 | // Check if ptr1 and ptr2 are separated by less than size chars. |
| 236 | bool ArePointersToSameArea(void* ptr1, void* ptr2, size_t size) { |
| 237 | ptrdiff_t ptr_diff = reinterpret_cast<char*>(std::max(ptr1, ptr2)) - |
| 238 | reinterpret_cast<char*>(std::min(ptr1, ptr2)); |
| 239 | return static_cast<size_t>(ptr_diff) <= size; |
| 240 | } |
| 241 | |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 242 | // Check if TCMalloc uses an underlying random memory allocator. |
jln@chromium.org | fe78d55 | 2013-02-15 15:10:40 +0900 | [diff] [blame] | 243 | TEST(SecurityTest, TCMALLOC_TEST(RandomMemoryAllocations)) { |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 244 | if (IsTcMallocBypassed()) |
| 245 | return; |
jln@chromium.org | a55baa6 | 2013-02-05 08:39:48 +0900 | [diff] [blame] | 246 | size_t kPageSize = 4096; // We support x86_64 only. |
| 247 | // Check that malloc() returns an address that is neither the kernel's |
| 248 | // un-hinted mmap area, nor the current brk() area. The first malloc() may |
| 249 | // not be at a random address because TCMalloc will first exhaust any memory |
| 250 | // that it has allocated early on, before starting the sophisticated |
| 251 | // allocators. |
| 252 | void* default_mmap_heap_address = |
| 253 | mmap(0, kPageSize, PROT_READ|PROT_WRITE, |
| 254 | MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); |
| 255 | ASSERT_NE(default_mmap_heap_address, |
| 256 | static_cast<void*>(MAP_FAILED)); |
| 257 | ASSERT_EQ(munmap(default_mmap_heap_address, kPageSize), 0); |
| 258 | void* brk_heap_address = sbrk(0); |
| 259 | ASSERT_NE(brk_heap_address, reinterpret_cast<void*>(-1)); |
| 260 | ASSERT_TRUE(brk_heap_address != NULL); |
| 261 | // 1 MB should get us past what TCMalloc pre-allocated before initializing |
| 262 | // the sophisticated allocators. |
| 263 | size_t kAllocSize = 1<<20; |
| 264 | scoped_ptr<char, base::FreeDeleter> ptr( |
| 265 | static_cast<char*>(malloc(kAllocSize))); |
| 266 | ASSERT_TRUE(ptr != NULL); |
| 267 | // If two pointers are separated by less than 512MB, they are considered |
| 268 | // to be in the same area. |
| 269 | // Our random pointer could be anywhere within 0x3fffffffffff (46bits), |
| 270 | // and we are checking that it's not withing 1GB (30 bits) from two |
| 271 | // addresses (brk and mmap heap). We have roughly one chance out of |
| 272 | // 2^15 to flake. |
| 273 | const size_t kAreaRadius = 1<<29; |
| 274 | bool in_default_mmap_heap = ArePointersToSameArea( |
| 275 | ptr.get(), default_mmap_heap_address, kAreaRadius); |
| 276 | EXPECT_FALSE(in_default_mmap_heap); |
| 277 | |
| 278 | bool in_default_brk_heap = ArePointersToSameArea( |
| 279 | ptr.get(), brk_heap_address, kAreaRadius); |
| 280 | EXPECT_FALSE(in_default_brk_heap); |
| 281 | |
| 282 | // In the implementation, we always mask our random addresses with |
| 283 | // kRandomMask, so we use it as an additional detection mechanism. |
| 284 | const uintptr_t kRandomMask = 0x3fffffffffffULL; |
| 285 | bool impossible_random_address = |
| 286 | reinterpret_cast<uintptr_t>(ptr.get()) & ~kRandomMask; |
| 287 | EXPECT_FALSE(impossible_random_address); |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 288 | } |
| 289 | |
estade@chromium.org | d841d6d | 2014-04-16 05:58:09 +0900 | [diff] [blame] | 290 | #endif // defined(OS_LINUX) && defined(__x86_64__) |
jln@chromium.org | c71a4da | 2013-01-31 11:23:43 +0900 | [diff] [blame] | 291 | |
jln@chromium.org | 4faaf21 | 2013-01-16 05:16:33 +0900 | [diff] [blame] | 292 | } // namespace |