// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "third_party/blink/public/common/chrome_debug_urls.h" #include "base/debug/asan_invalid_access.h" #include "base/debug/dump_without_crashing.h" #include "base/logging.h" #include "base/process/process.h" #include "base/threading/platform_thread.h" #include "build/build_config.h" #include "third_party/blink/common/crash_helpers.h" #include "url/gurl.h" #if BUILDFLAG(IS_WIN) #include "base/debug/invalid_access_win.h" #include "base/process/kill.h" #elif BUILDFLAG(IS_POSIX) #include <signal.h> #elif BUILDFLAG(IS_FUCHSIA) #include <zircon/syscalls.h> #endif #if BUILDFLAG(ENABLE_RUST_CRASH) #include "third_party/blink/common/rust_crash/src/lib.rs.h" #endif namespace blink { bool IsRendererDebugURL(const GURL& url) { … } namespace { // The following methods are outside of the anonymous namespace to ensure that // the corresponding symbols get emitted even on symbol_level 1. NOINLINE void ExhaustMemory() { … } #if defined(ADDRESS_SANITIZER) NOINLINE void MaybeTriggerAsanError(const GURL& url) { // NOTE(rogerm): We intentionally perform an invalid heap access here in // order to trigger an Address Sanitizer (ASAN) error report. if (url == kChromeUICrashHeapOverflowURL) { LOG(ERROR) << "Intentionally causing ASAN heap overflow" << " because user navigated to " << url.spec(); base::debug::AsanHeapOverflow(); } else if (url == kChromeUICrashHeapUnderflowURL) { LOG(ERROR) << "Intentionally causing ASAN heap underflow" << " because user navigated to " << url.spec(); base::debug::AsanHeapUnderflow(); } else if (url == kChromeUICrashUseAfterFreeURL) { LOG(ERROR) << "Intentionally causing ASAN heap use-after-free" << " because user navigated to " << url.spec(); base::debug::AsanHeapUseAfterFree(); #if BUILDFLAG(IS_WIN) } else if (url == kChromeUICrashCorruptHeapBlockURL) { LOG(ERROR) << "Intentionally causing ASAN corrupt heap block" << " because user navigated to " << url.spec(); base::debug::AsanCorruptHeapBlock(); } else if (url == kChromeUICrashCorruptHeapURL) { LOG(ERROR) << "Intentionally causing ASAN corrupt heap" << " because user navigated to " << url.spec(); base::debug::AsanCorruptHeap(); #endif // BUILDFLAG(IS_WIN) #if BUILDFLAG(ENABLE_RUST_CRASH) } else if (url == kChromeUICrashRustOverflowURL) { // Ensure that ASAN works even in Rust code. LOG(ERROR) << "Intentionally causing ASAN heap overflow in Rust" << " because user navigated to " << url.spec(); crash_in_rust_with_overflow(); #endif } } #endif // ADDRESS_SANITIZER } // namespace void HandleChromeDebugURL(const GURL& url) { … } } // namespace blink
Codebase Browser
chromium