| commit | 4cdf8ae836e6e945bcfa6b6da8f3097b79f22f84 | [log] [tgz] |
|---|---|---|
| author | Samuel Huang <huangs@chromium.org> | Fri Jun 02 15:43:30 2023 |
| committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Jun 02 15:43:30 2023 |
| tree | a7b031ee171859e25d92a739153dda3e14124a6e | |
| parent | c2894ba66d9b37ab61c973b2641a6ea38fd75c88 [diff] |
[Zucchini] Remove misaligned memory access from casted pointers: Part 2/2.
This CL finishes fixing aligned memory access failure brought on by:
*reinterpret_cast<T*>(*uint8_ptr)
Part 1 (crrev.com/c/4567104) has treated direct memory access via helper
functions (e.g., GetValue<T>(), PutValue<T>()) by replacing the above
with memcpy().
Part 2 (this CL) treats indirect memory access via helper functions
GetPointer<T>() and GetArray<T>(). Guided by mvanbem@'s suggestion,
instead of eradicating reinterpret_cast<T*> use (and making massive
changes to callers), we start by simply adding the compile-time check
static_assert(alignof(T) == 1)
to GetValue<T>() and PutValue<T>(). The prevalent use of
"#pragma align(push, 1)" for executable file format structs ensures
alignof(T) == 1 for these structs, i.e., the compiler assumes member
member variables access may be unaligned, and therefore won't emit
alignment-sensitive instructions that will trigger SIGBUS at runtime.
The check fails if T were multi-byte POD types (e.g., uint32_t).
Previously this happens in two cases, which we resolved in this CL:
1. BufferSourceTest.Get{Pointer,Array}Integral: T = uint32_t, and the
check fail. The solution is to wrap uint32_t into new struct
UnalignedUint32T inside a "#pragma align(push, 1)" block, then use
the struct (and access the internal |value|).
2. dex::CodeItemParser::GetNext() calling GetArray<uint16_t>(): The
intent of this call is to skip |code_item->insns_size| 2-byte units,
and if the skip runs out of data, return error. Recently in
crrev.com/c/4568608 we've updated Skip() to return false on "out of
data". The solution is to use Skip() instead. A (passing) usage
of GetArray<dex::TryItem>() is similarly replaced.
Fixing the above eliminates multi-byte POD usage for GetPointer<T>() and
GetArray<T>(), so for now we don't need to worry about them. If the need
arises, we can add some "Unaligned" wrapper template in the future.
Also, add BufferSourceTest.Get{Pointer,Array}IntegralMisaligned to
exercise misaligned (re. 4-byte boundary) access succeeding by using a
UnalignedUint32T wrapper.
Bug: 1446782
Change-Id: Id19a8b52eac4f43f446a9a59934f5d32f32ad6d7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4583255
Commit-Queue: Samuel Huang <huangs@chromium.org>
Reviewed-by: Sorin Jianu <sorin@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1152557}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.