diff options
author | 2015-12-08 11:55:17 -0800 | |
---|---|---|
committer | 2015-12-08 11:55:17 -0800 | |
commit | cc881dafcbd00e8a811c47c14b472acdba5dd6c6 (patch) | |
tree | 773a113973a0d838954eebfe2f7ba9bd76c5aab8 /include/core/SkTArray.h | |
parent | 290f00cd752b51f517b88c40bc89016fcaf5e477 (diff) |
Add sk_careful_memcpy to catch undefined behavior in memcpy.
It's undefined behavior to pass null as src or dst to memcpy, even if len is 0.
This currently triggers -fsanitize=attribute-nonnull warnings, but also can
lead to very unexpected code generation with GCC.
sk_careful_memcpy() checks len first before calling memcpy(),
which prevents that weird undefined situation.
This allows me to mark all sanitizers as no-recover, i.e. make-the-bots-red fatal.
CQ_EXTRA_TRYBOTS=client.skia:Test-Ubuntu-GCC-GCE-CPU-AVX2-x86_64-Debug-ASAN-Trybot
BUG=skia:4641
NOTREECHECKS=true
Review URL: https://codereview.chromium.org/1510683002
Diffstat (limited to 'include/core/SkTArray.h')
-rw-r--r-- | include/core/SkTArray.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/core/SkTArray.h b/include/core/SkTArray.h index 401f7084d6..9f1bfa1ac1 100644 --- a/include/core/SkTArray.h +++ b/include/core/SkTArray.h @@ -23,11 +23,11 @@ inline void copy(SkTArray<T, true>* self, int dst, int src) { } template<typename T> inline void copy(SkTArray<T, true>* self, const T* array) { - memcpy(self->fMemArray, array, self->fCount * sizeof(T)); + sk_careful_memcpy(self->fMemArray, array, self->fCount * sizeof(T)); } template<typename T> inline void copyAndDelete(SkTArray<T, true>* self, char* newMemArray) { - memcpy(newMemArray, self->fMemArray, self->fCount * sizeof(T)); + sk_careful_memcpy(newMemArray, self->fMemArray, self->fCount * sizeof(T)); } template<typename T> |