Crash @ bmalloc::Environment::computeIsBmallocEnabled
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Aug 2015 21:31:30 +0000 (21:31 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 19 Aug 2015 21:31:30 +0000 (21:31 +0000)
https://bugs.webkit.org/show_bug.cgi?id=148183

Reviewed by NOBODY Michael Saboff.

CrashTracer says we have some crashes beneath computeIsBmallocEnabled
dereferencing null in strstr. We null check getenv but not
_dyld_get_image_name, so deduction indicates that _dyld_get_image_name
must be returning null. _dyld_get_image_name isn't really documented,
so let's assume it can return null.

* bmalloc/Environment.cpp:
(bmalloc::isASanEnabled): Check _dyld_get_image_name's return value for
null because we can't prove it won't be null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@188651 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/bmalloc/ChangeLog
Source/bmalloc/bmalloc/Environment.cpp

index 44a5ba3..7f7f447 100644 (file)
@@ -1,3 +1,20 @@
+2015-08-19  Geoffrey Garen  <ggaren@apple.com>
+
+        Crash @ bmalloc::Environment::computeIsBmallocEnabled
+        https://bugs.webkit.org/show_bug.cgi?id=148183
+
+        Reviewed by NOBODY Michael Saboff.
+
+        CrashTracer says we have some crashes beneath computeIsBmallocEnabled
+        dereferencing null in strstr. We null check getenv but not
+        _dyld_get_image_name, so deduction indicates that _dyld_get_image_name
+        must be returning null. _dyld_get_image_name isn't really documented,
+        so let's assume it can return null.
+
+        * bmalloc/Environment.cpp:
+        (bmalloc::isASanEnabled): Check _dyld_get_image_name's return value for
+        null because we can't prove it won't be null.
+
 2015-07-24  Geoffrey Garen  <ggaren@apple.com>
 
         vmmap crash at JavaScriptCore: 0x31cd12f6 (the JavaScript malloc zone enumerator)
index 2683b05..8522f0c 100644 (file)
@@ -78,7 +78,10 @@ static bool isASanEnabled()
 #if BOS(DARWIN)
     uint32_t imageCount = _dyld_image_count();
     for (uint32_t i = 0; i < imageCount; ++i) {
-        if (strstr(_dyld_get_image_name(i), "/libclang_rt.asan_"))
+        const char* imageName = _dyld_get_image_name(i);
+        if (!imageName)
+            continue;
+        if (strstr(imageName, "/libclang_rt.asan_"))
             return true;
     }
     return false;