commit 223069fe337489f7104c8931fa402818bba0e9e7
author Colin Cross <ccross@android.com> Wed Nov 28 17:01:59 2018 -0800
committer Colin Cross <ccross@android.com> Thu Nov 29 11:02:56 2018 -0800
tree 339f35976f1c50ecf6c1d56f04f1dffcd73483e6
parent c2c76d489070ae1ee1f253ef6fee64d539f96e41

Validate allocations against mappings

Bug 120032857 is seeing what appears to be allocations with incorrect
end addresses, leading to a much later crash when it tries to map
a zero page outside the valid virtual address space.  Detect allocations
that extend outside the highest or lowest memory mapping and crash
immediately instead.

Test: memunreachable_test
Bug: 120032857
Change-Id: I9be670a025143e7078360a6bf7a83219279614d9

HeapWalker.h

diff --git a/HeapWalker.h b/HeapWalker.h
index b37cc62..9e3db08 100644
--- a/HeapWalker.h
+++ b/HeapWalker.h
@@ -59,6 +59,8 @@
         segv_page_count_(0) {
     valid_allocations_range_.end = 0;
     valid_allocations_range_.begin = ~valid_allocations_range_.end;
+    valid_mappings_range_.end = 0;
+    valid_mappings_range_.begin = ~valid_allocations_range_.end;
 
     segv_handler_.install(
         SIGSEGV, [=](ScopedSignalHandler& handler, int signal, siginfo_t* siginfo, void* uctx) {
@@ -68,6 +70,7 @@
 
   ~HeapWalker() {}
   bool Allocation(uintptr_t begin, uintptr_t end);
+  void Mapping(uintptr_t begin, uintptr_t end);
   void Root(uintptr_t begin, uintptr_t end);
   void Root(const allocator::vector<uintptr_t>& vals);
 
@@ -98,6 +101,7 @@
   AllocationMap allocations_;
   size_t allocation_bytes_;
   Range valid_allocations_range_;
+  Range valid_mappings_range_;
 
   allocator::vector<Range> roots_;
   allocator::vector<uintptr_t> root_vals_;