MachMessageServer: scribble over memory allocations in debug mode.

This exposed a bug in the ExcClientVariants test, which was expecting the memory used for new_state to be initialized with zeroes. In reality, no guarantee of initialization is made. MIG “out” parameters are strictly “out” and may contain garbage at function entry. TEST=util_test R=rsesek@chromium.org Review URL: https://codereview.chromium.org/779633004
2025-03-09 14:06:33 +00:00 · 2014-12-03 18:24:27 -05:00 · 2014-12-03 18:24:27 -05:00 · 86588c5526
commit 86588c5526
parent 9f520e3fbf
2 changed files with 23 additions and 17 deletions
--- a/util/mach/exc_client_variants_test.cc
+++ b/util/mach/exc_client_variants_test.cc
@ -117,7 +117,6 @@ class TestExcClientVariants : public UniversalMachExcServer,

      // Send a new state back to the client.
      for (size_t index = 0; index < *new_state_count; ++index) {
-        EXPECT_EQ(0u, new_state[index]);
        new_state[index] = MACHINE_THREAD_STATE_COUNT - index;
      }
    } else {
--- a/util/mach/mach_message_server.cc
+++ b/util/mach/mach_message_server.cc
@ -14,6 +14,8 @@

 #include "util/mach/mach_message_server.h"

+#include <string.h>
+
 #include <limits>

 #include "base/logging.h"
@ -48,27 +50,32 @@ class MachMessageBuffer {
    // This test uses == instead of > so that a large reallocation to receive a
    // large message doesn’t cause permanent memory bloat for the duration of
    // a MachMessageServer::Run() loop.
-    if (size == vm_.size()) {
-      return KERN_SUCCESS;
-    }
+    if (size != vm_.size()) {
+      // reset() first, so that two allocations don’t exist simultaneously.
+      vm_.reset();

-    // reset() first, so that two allocations don’t exist simultaneously.
-    vm_.reset();
+      if (size) {
+        vm_address_t address;
+        kern_return_t kr =
+            vm_allocate(mach_task_self(),
+                        &address,
+                        size,
+                        VM_FLAGS_ANYWHERE | VM_MAKE_TAG(VM_MEMORY_MACH_MSG));
+        if (kr != KERN_SUCCESS) {
+          return kr;
+        }

-    if (size) {
-      vm_address_t address;
-      kern_return_t kr =
-          vm_allocate(mach_task_self(),
-                      &address,
-                      size,
-                      VM_FLAGS_ANYWHERE | VM_MAKE_TAG(VM_MEMORY_MACH_MSG));
-      if (kr != KERN_SUCCESS) {
-        return kr;
+        vm_.reset(address, size);
      }
-
-      vm_.reset(address, size);
    }

+#if !defined(NDEBUG)
+    // Regardless of whether the allocation was changed, scribble over the
+    // memory to make sure that nothing relies on zero-initialization or stale
+    // contents.
+    memset(Header(), 0x66, size);
+#endif
+
    return KERN_SUCCESS;
  }