summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--third_party/base/allocator/partition_allocator/address_space_randomization.cc19
-rw-r--r--third_party/base/allocator/partition_allocator/partition_alloc.cc9
2 files changed, 22 insertions, 6 deletions
diff --git a/third_party/base/allocator/partition_allocator/address_space_randomization.cc b/third_party/base/allocator/partition_allocator/address_space_randomization.cc
index fdcc5911b9..08f22be80a 100644
--- a/third_party/base/allocator/partition_allocator/address_space_randomization.cc
+++ b/third_party/base/allocator/partition_allocator/address_space_randomization.cc
@@ -15,6 +15,11 @@
#include <unistd.h>
#endif
+// VersionHelpers.h must be included after windows.h.
+#if defined(OS_WIN)
+#include <VersionHelpers.h>
+#endif
+
namespace pdfium {
namespace base {
@@ -90,11 +95,17 @@ void* GetRandomPageBase() {
// This address mask gives a low likelihood of address space collisions. We
// handle the situation gracefully if there is a collision.
#if defined(OS_WIN)
- // 64-bit Windows has a bizarrely small 8TB user address space. Allocates in
- // the 1-5TB region. TODO(palmer): See if Windows >= 8.1 has the full 47 bits,
- // and use it if so. crbug.com/672219
random &= 0x3ffffffffffUL;
- random += 0x10000000000UL;
+ // Windows >= 8.1 has the full 47 bits. Use them where available.
+ static bool windows_81 = false;
+ static bool windows_81_initialized = false;
+ if (!windows_81_initialized) {
+ windows_81 = IsWindows8Point1OrGreater();
+ windows_81_initialized = true;
+ }
+ if (!windows_81) {
+ random += 0x10000000000UL;
+ }
#elif defined(MEMORY_TOOL_REPLACES_ALLOCATOR)
// This range is copied from the TSan source, but works for all tools.
random &= 0x007fffffffffUL;
diff --git a/third_party/base/allocator/partition_allocator/partition_alloc.cc b/third_party/base/allocator/partition_allocator/partition_alloc.cc
index 9523e78d46..a33d7f1d13 100644
--- a/third_party/base/allocator/partition_allocator/partition_alloc.cc
+++ b/third_party/base/allocator/partition_allocator/partition_alloc.cc
@@ -1061,8 +1061,13 @@ void* PartitionReallocGeneric(PartitionRootGeneric* root,
// determine it is a win.
if (actual_new_size == actual_old_size) {
// Trying to allocate a block of size new_size would give us a block of
- // the same size as the one we've already got, so no point in doing
- // anything here.
+ // the same size as the one we've already got, so re-use the allocation
+ // after updating statistics (and cookies, if present).
+ PartitionPageSetRawSize(page, PartitionCookieSizeAdjustAdd(new_size));
+#if DCHECK_IS_ON()
+ // Write a new trailing cookie.
+ PartitionCookieWriteValue(static_cast<char*>(ptr) + new_size);
+#endif
return ptr;
}