commit | 4cdf8ae836e6e945bcfa6b6da8f3097b79f22f84 | [log] [tgz] |
---|---|---|
author | Samuel Huang <huangs@chromium.org> | Fri Jun 02 15:43:30 2023 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Jun 02 15:43:30 2023 |
tree | a7b031ee171859e25d92a739153dda3e14124a6e | |
parent | c2894ba66d9b37ab61c973b2641a6ea38fd75c88 [diff] |
[Zucchini] Remove misaligned memory access from casted pointers: Part 2/2. This CL finishes fixing aligned memory access failure brought on by: *reinterpret_cast<T*>(*uint8_ptr) Part 1 (crrev.com/c/4567104) has treated direct memory access via helper functions (e.g., GetValue<T>(), PutValue<T>()) by replacing the above with memcpy(). Part 2 (this CL) treats indirect memory access via helper functions GetPointer<T>() and GetArray<T>(). Guided by mvanbem@'s suggestion, instead of eradicating reinterpret_cast<T*> use (and making massive changes to callers), we start by simply adding the compile-time check static_assert(alignof(T) == 1) to GetValue<T>() and PutValue<T>(). The prevalent use of "#pragma align(push, 1)" for executable file format structs ensures alignof(T) == 1 for these structs, i.e., the compiler assumes member member variables access may be unaligned, and therefore won't emit alignment-sensitive instructions that will trigger SIGBUS at runtime. The check fails if T were multi-byte POD types (e.g., uint32_t). Previously this happens in two cases, which we resolved in this CL: 1. BufferSourceTest.Get{Pointer,Array}Integral: T = uint32_t, and the check fail. The solution is to wrap uint32_t into new struct UnalignedUint32T inside a "#pragma align(push, 1)" block, then use the struct (and access the internal |value|). 2. dex::CodeItemParser::GetNext() calling GetArray<uint16_t>(): The intent of this call is to skip |code_item->insns_size| 2-byte units, and if the skip runs out of data, return error. Recently in crrev.com/c/4568608 we've updated Skip() to return false on "out of data". The solution is to use Skip() instead. A (passing) usage of GetArray<dex::TryItem>() is similarly replaced. Fixing the above eliminates multi-byte POD usage for GetPointer<T>() and GetArray<T>(), so for now we don't need to worry about them. If the need arises, we can add some "Unaligned" wrapper template in the future. Also, add BufferSourceTest.Get{Pointer,Array}IntegralMisaligned to exercise misaligned (re. 4-byte boundary) access succeeding by using a UnalignedUint32T wrapper. Bug: 1446782 Change-Id: Id19a8b52eac4f43f446a9a59934f5d32f32ad6d7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4583255 Commit-Queue: Samuel Huang <huangs@chromium.org> Reviewed-by: Sorin Jianu <sorin@chromium.org> Reviewed-by: Greg Thompson <grt@chromium.org> Cr-Commit-Position: refs/heads/main@{#1152557}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone
! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.