1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111

base / process / memory_mac.mm [blame]

// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "base/process/memory.h"

#include <stdlib.h>

#include <new>

#include "build/build_config.h"
#include "partition_alloc/buildflags.h"
#include "partition_alloc/shim/allocator_interception_apple.h"
#include "partition_alloc/shim/allocator_shim.h"

namespace base {

namespace {
void oom_killer_new() {
  TerminateBecauseOutOfMemory(0);
}
}  // namespace

void EnableTerminationOnHeapCorruption() {
#if !ARCH_CPU_64_BITS
  DLOG(WARNING) << "EnableTerminationOnHeapCorruption only works on 64-bit";
#endif
}

bool UncheckedMalloc(size_t size, void** result) {
#if PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
  // Unchecked allocations can happen before the default malloc() zone is
  // registered. In this case, going straight to the shim may explode, since the
  // memory will come from a zone which is unknown to the dispatching code in
  // libmalloc. Meaning that if the memory gets free()-d, realloc()-ed, or its
  // actual size is queried with malloc_size() *before* we get to register our
  // zone, we crash.
  //
  // The cleanest solution would be to detect it and forbid it, but tests (at
  // least) allocate in static constructors. Meaning that this code is
  // sufficient to cause a crash:
  //
  // void* ptr = [] {
  //  void* ptr;
  //  bool ok = base::UncheckedMalloc(1000, &ptr);
  //  CHECK(ok);
  //  free(ptr);
  // }();
  //
  // (Our static initializer is supposed to have priority, but it doesn't seem
  // to work in practice, at least for MachO).
  //
  // Since unchecked allocations are rare, let's err on the side of caution.
  if (!allocator_shim::IsDefaultAllocatorPartitionRootInitialized()) {
    *result = malloc(size);
    return *result != nullptr;
  }

  // Unlike use_partition_alloc_as_malloc=false, the default malloc zone is
  // replaced with PartitionAlloc, so the allocator shim functions work best.
  *result = allocator_shim::UncheckedAlloc(size);
  return *result != nullptr;
#elif PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
  return allocator_shim::UncheckedMallocMac(size, result);
#else   // !PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) &&
        // !PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
  *result = malloc(size);
  return *result != nullptr;
#endif  // !PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC) &&
        // !PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
}

// The standard version is defined in memory.cc in case of
// USE_PARTITION_ALLOC_AS_MALLOC.
#if !PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
bool UncheckedCalloc(size_t num_items, size_t size, void** result) {
#if PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
  return allocator_shim::UncheckedCallocMac(num_items, size, result);
#else
  *result = calloc(num_items, size);
  return *result != nullptr;
#endif  // PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
}
#endif  // !PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)

void EnableTerminationOnOutOfMemory() {
  // Step 1: Enable OOM killer on C++ failures.
  std::set_new_handler(oom_killer_new);

// Step 2: Enable OOM killer on C-malloc failures for the default zone (if we
// have a shim).
#if PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
  allocator_shim::SetCallNewHandlerOnMallocFailure(true);

  // Step 3: Enable OOM killer on all other malloc zones (or just "all" without
  // "other" if shim is disabled).
  allocator_shim::InterceptAllocationsMac();
#endif  // PA_BUILDFLAG(USE_ALLOCATOR_SHIM)
}

void UncheckedFree(void* ptr) {
#if PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
  // Important: might be different from free(), because in some cases, free()
  // does not necessarily know about allocator_shim::* functions.
  allocator_shim::UncheckedFree(ptr);
#else   // PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
  free(ptr);
#endif  // PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
}

}  // namespace base