Issue 202: reviewed by Waylonis

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@205 4c0a9323-5329-0410-9bdc-e9ce6186880e

src/client/mac/handler/exception_handler.cc

@@ -34,6 +34,20 @@
 #include "client/mac/handler/minidump_generator.h"
 #include "common/mac/macho_utilities.h"
 
+#ifndef USE_PROTECTED_ALLOCATIONS
+#define USE_PROTECTED_ALLOCATIONS 0
+#endif
+
+// If USE_PROTECTED_ALLOCATIONS is activated then the
+// gBreakpadAllocator needs to be setup in other code
+// ahead of time.  Please see ProtectedMemoryAllocator.h
+// for more details.
+#if USE_PROTECTED_ALLOCATIONS
+  #include "protected_memory_allocator.h"
+  extern ProtectedMemoryAllocator *gBreakpadAllocator;
+#endif
+
+
 namespace google_breakpad {
 
 using std::map;
@@ -360,6 +374,12 @@ void *ExceptionHandler::WaitForMessage(void *exception_handler_class) {
                                     MACH_RCV_MSG | MACH_RCV_LARGE, 0,
                                     sizeof(receive), self->handler_port_,
                                     MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL);
+
+#if USE_PROTECTED_ALLOCATIONS
+    if(gBreakpadAllocator)
+      gBreakpadAllocator->Unprotect();
+#endif
+    
     if (result == KERN_SUCCESS) {
       // Uninstall our handler so that we don't get in a loop if the process of
       // writing out a minidump causes an exception.  However, if the exception
@@ -426,7 +446,13 @@ void *ExceptionHandler::WaitForMessage(void *exception_handler_class) {
 
 bool ExceptionHandler::InstallHandler() {
   try {
+#if USE_PROTECTED_ALLOCATIONS
+    previous_ = new (gBreakpadAllocator->Allocate(sizeof(ExceptionParameters)) )
+      ExceptionParameters();    
+#else
     previous_ = new ExceptionParameters();
+#endif
+  
   }
   catch (std::bad_alloc) {
     return false;
@@ -472,7 +498,11 @@ bool ExceptionHandler::UninstallHandler(bool in_exception) {
     
     // this delete should NOT happen if an exception just occurred!
     if (!in_exception) {
+#if USE_PROTECTED_ALLOCATIONS
+      previous_->~ExceptionParameters();
+#else
       delete previous_; 
+#endif
     }
     
     previous_ = NULL;

src/client/mac/handler/protected_memory_allocator.cc

@@ -0,0 +1,92 @@
+// Copyright (c) 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// ProtectedMemoryAllocator
+//
+// See the header file for documentation
+
+#include "protected_memory_allocator.h"
+#include <assert.h>
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ProtectedMemoryAllocator::ProtectedMemoryAllocator(vm_size_t pool_size) 
+  : pool_size_(pool_size),
+    next_alloc_offset_(0),
+    valid_(false) {
+  
+  kern_return_t result = vm_allocate(mach_task_self(),
+                                     &base_address_,
+                                     pool_size,
+                                     TRUE
+                                     );
+  
+  valid_ = (result == KERN_SUCCESS);
+  assert(valid_);
+}
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ProtectedMemoryAllocator::~ProtectedMemoryAllocator() {
+  vm_deallocate(mach_task_self(),
+                base_address_,
+                pool_size_
+                );
+}
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+char *ProtectedMemoryAllocator::Allocate(size_t bytes) {
+  if (valid_ && next_alloc_offset_ + bytes <= pool_size_) {
+    char *p = (char*)base_address_ + next_alloc_offset_;
+    next_alloc_offset_ += bytes;
+    return p;
+  }
+  
+  return NULL;  // ran out of memory in our allocation block
+}
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+kern_return_t  ProtectedMemoryAllocator::Protect() {
+  kern_return_t result = vm_protect(mach_task_self(),
+                                    base_address_,
+                                    pool_size_,
+                                    FALSE,
+                                    VM_PROT_READ);
+  
+  return result;
+}
+
+//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+kern_return_t  ProtectedMemoryAllocator::Unprotect() {
+  kern_return_t result = vm_protect(mach_task_self(),
+                                    base_address_,
+                                    pool_size_,
+                                    FALSE,
+                                    VM_PROT_READ | VM_PROT_WRITE);
+  
+  return result;
+}

src/client/mac/handler/protected_memory_allocator.h

@@ -0,0 +1,85 @@
+// Copyright (c) 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// ProtectedMemoryAllocator
+//
+// A very simple allocator class which allows allocation, but not deallocation.
+// The allocations can be made read-only with the Protect() method.
+// This class is NOT useful as a general-purpose memory allocation system,
+// since it does not allow deallocation.  It is useful to use for a group
+// of allocations which are created in the same time-frame and destroyed
+// in the same time-frame.  It is useful for making allocations of memory
+// which will not need to change often once initialized.  This memory can then
+// be protected from memory smashers by calling the Protect() method.
+
+#ifndef PROTECTED_MEMORY_ALLOCATOR_H__
+#define PROTECTED_MEMORY_ALLOCATOR_H__
+
+#include <mach/mach.h>
+
+//
+class ProtectedMemoryAllocator {
+ public:
+  ProtectedMemoryAllocator(vm_size_t pool_size);  
+  ~ProtectedMemoryAllocator();
+  
+  // Returns a pointer to an allocation of size n within the pool.
+  // Fails by returning NULL is no more space is available.
+  // Please note that the pointers returned from this method should not
+  // be freed in any way (for example by calling free() on them ).
+  char *         Allocate(size_t n);
+  
+  // Returns the base address of the allocation pool.
+  char *         GetBaseAddress() { return (char*)base_address_; }
+
+  // Returns the size of the allocation pool, including allocated
+  // plus free space.
+  vm_size_t      GetTotalSize() { return pool_size_; }
+
+  // Returns the number of bytes already allocated in the pool.
+  vm_size_t      GetAllocatedSize() { return next_alloc_offset_; }
+
+  // Returns the number of bytes available for allocation.
+  vm_size_t      GetFreeSize() { return pool_size_ - next_alloc_offset_; }
+  
+  // Makes the entire allocation pool read-only including, of course,
+  // all allocations made from the pool.
+  kern_return_t  Protect();  
+
+  // Makes the entire allocation pool read/write.
+  kern_return_t  Unprotect();  
+  
+ private:
+  vm_size_t      pool_size_;
+  vm_address_t   base_address_;
+  int            next_alloc_offset_;
+  bool           valid_;
+};
+
+#endif // PROTECTED_MEMORY_ALLOCATOR_H__