Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / 5c7e1a15fb2055ebafc23272c36279d2449bec9a^! / . / src / gpu / GrMemoryPool.cpp
commit5c7e1a15fb2055ebafc23272c36279d2449bec9a[log] [tgz]
authorJohn Stiles <johnstiles@google.com>Wed Nov 04 09:59:36 2020 -0500
committerSkia Commit-Bot <skia-commit-bot@chromium.org>Wed Nov 04 20:58:13 2020 +0000
treee674f11dd61d98299421dcafc15b27ed570a94cd
parent3e251dc3c21a2d84256caf8d7742c70306ad015e [diff] [blame]
Poison the GrMemoryPool's sentinel field when ASAN is enabled.

The fSentinel field can now serve as an ASAN barrier, to prevent wild
writes across pooled nodes.

It's also been moved to the very end of the Header so that it
immediately precedes the actual pooled node; this will make it easier to
catch wild writes that come before the front of the object. (Padding
between nodes, when there is any, should already able to catch wild
writes that extend off the back end of an object.)

Change-Id: Ibf20dbdc1bb45e012f4971a1cd39e5c94a5a938f
Bug: skia:10885
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/332176
Auto-Submit: John Stiles <johnstiles@google.com>
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>

diff --git a/src/gpu/GrMemoryPool.cpp b/src/gpu/GrMemoryPool.cpp
index 2686cbf..0a20527 100644
--- a/src/gpu/GrMemoryPool.cpp
+++ b/src/gpu/GrMemoryPool.cpp

@@ -8,6 +8,7 @@
 #include "src/gpu/GrMemoryPool.h"
 
 #include "include/private/SkTPin.h"
+#include "src/core/SkASAN.h"
 #include "src/gpu/ops/GrOp.h"
 
 #ifdef SK_DEBUG
@@ -69,8 +70,13 @@
     // Update live count within the block
     alloc.fBlock->setMetadata(alloc.fBlock->metadata() + 1);
 
-#ifdef SK_DEBUG
+#if defined(SK_SANITIZE_ADDRESS)
+    sk_asan_poison_memory_region(&header->fSentinel, sizeof(header->fSentinel));
+#elif defined(SK_DEBUG)
     header->fSentinel = GrBlockAllocator::kAssignedMarker;
+#endif
+
+#if defined(SK_DEBUG)
     header->fID = []{
         static std::atomic<int> nextID{1};
         return nextID++;
@@ -89,16 +95,20 @@
     // NOTE: if we needed it, (p - block) would equal the original alignedOffset value returned by
     // GrBlockAllocator::allocate()
     Header* header = reinterpret_cast<Header*>(reinterpret_cast<intptr_t>(p) - sizeof(Header));
+
+#if defined(SK_SANITIZE_ADDRESS)
+    sk_asan_unpoison_memory_region(&header->fSentinel, sizeof(header->fSentinel));
+#elif defined(SK_DEBUG)
     SkASSERT(GrBlockAllocator::kAssignedMarker == header->fSentinel);
-
-    GrBlockAllocator::Block* block = fAllocator.owningBlock<kAlignment>(header, header->fStart);
-
-#ifdef SK_DEBUG
     header->fSentinel = GrBlockAllocator::kFreedMarker;
+#endif
+
+#if defined(SK_DEBUG)
     fAllocatedIDs.remove(header->fID);
     fAllocationCount--;
 #endif
 
+    GrBlockAllocator::Block* block = fAllocator.owningBlock<kAlignment>(header, header->fStart);
     int alive = block->metadata();
     if (alive == 1) {
         // This was last allocation in the block, so remove it