From 23b2d61fdd1f78679c6bb375bb9dde666cf7cc3f Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Wed, 17 Oct 2018 16:42:32 +0000
Subject: Fix the static initialization order problem for PartitionAlloc.

Inside fx_memory.cpp, the PartitionAllocatorGeneric objects are globals,
so their initialization order is not well defined.

BUG=chromium:896117

Change-Id: If4a345d6d7549b0e99a055859eaa67d5ec32c788
Reviewed-on: https://pdfium-review.googlesource.com/c/44170
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
---
 core/fxcrt/fx_memory.cpp          | 38 +++++++++++++++++++++++++-------------
 core/fxcrt/fx_memory.h            | 13 +++++++------
 core/fxcrt/string_data_template.h |  6 +++---
 fxjs/cfx_v8.cpp                   |  8 ++++----
 4 files changed, 39 insertions(+), 26 deletions(-)

diff --git a/core/fxcrt/fx_memory.cpp b/core/fxcrt/fx_memory.cpp
index 73d894aefa..8c50f23aa4 100644
--- a/core/fxcrt/fx_memory.cpp
+++ b/core/fxcrt/fx_memory.cpp
@@ -11,25 +11,36 @@
 #include "core/fxcrt/fx_safe_types.h"
 #include "third_party/base/debug/alias.h"
 
-pdfium::base::PartitionAllocatorGeneric gArrayBufferPartitionAllocator;
-pdfium::base::PartitionAllocatorGeneric gGeneralPartitionAllocator;
-pdfium::base::PartitionAllocatorGeneric gStringPartitionAllocator;
+pdfium::base::PartitionAllocatorGeneric& GetArrayBufferPartitionAllocator() {
+  static pdfium::base::PartitionAllocatorGeneric s_array_buffer_allocator;
+  return s_array_buffer_allocator;
+}
+
+pdfium::base::PartitionAllocatorGeneric& GetGeneralPartitionAllocator() {
+  static pdfium::base::PartitionAllocatorGeneric s_general_allocator;
+  return s_general_allocator;
+}
+
+pdfium::base::PartitionAllocatorGeneric& GetStringPartitionAllocator() {
+  static pdfium::base::PartitionAllocatorGeneric s_string_allocator;
+  return s_string_allocator;
+}
 
 void FXMEM_InitializePartitionAlloc() {
-  static bool s_gPartitionAllocatorsInitialized = false;
-  if (!s_gPartitionAllocatorsInitialized) {
+  static bool s_partition_allocators_initialized = false;
+  if (!s_partition_allocators_initialized) {
     pdfium::base::PartitionAllocGlobalInit(FX_OutOfMemoryTerminate);
-    gArrayBufferPartitionAllocator.init();
-    gGeneralPartitionAllocator.init();
-    gStringPartitionAllocator.init();
-    s_gPartitionAllocatorsInitialized = true;
+    GetArrayBufferPartitionAllocator().init();
+    GetGeneralPartitionAllocator().init();
+    GetStringPartitionAllocator().init();
+    s_partition_allocators_initialized = true;
   }
 }
 
 void* FXMEM_DefaultAlloc(size_t byte_size) {
   return pdfium::base::PartitionAllocGenericFlags(
-      gGeneralPartitionAllocator.root(), pdfium::base::PartitionAllocReturnNull,
-      byte_size, "GeneralPartition");
+      GetGeneralPartitionAllocator().root(),
+      pdfium::base::PartitionAllocReturnNull, byte_size, "GeneralPartition");
 }
 
 void* FXMEM_DefaultCalloc(size_t num_elems, size_t byte_size) {
@@ -38,8 +49,9 @@ void* FXMEM_DefaultCalloc(size_t num_elems, size_t byte_size) {
 
 void* FXMEM_DefaultRealloc(void* pointer, size_t new_size) {
   return pdfium::base::PartitionReallocGenericFlags(
-      gGeneralPartitionAllocator.root(), pdfium::base::PartitionAllocReturnNull,
-      pointer, new_size, "GeneralPartition");
+      GetGeneralPartitionAllocator().root(),
+      pdfium::base::PartitionAllocReturnNull, pointer, new_size,
+      "GeneralPartition");
 }
 
 void FXMEM_DefaultFree(void* pointer) {
diff --git a/core/fxcrt/fx_memory.h b/core/fxcrt/fx_memory.h
index 5ad66e710d..068f121285 100644
--- a/core/fxcrt/fx_memory.h
+++ b/core/fxcrt/fx_memory.h
@@ -30,9 +30,9 @@ void FXMEM_DefaultFree(void* pointer);
 #include "core/fxcrt/fx_safe_types.h"
 #include "third_party/base/allocator/partition_allocator/partition_alloc.h"
 
-extern pdfium::base::PartitionAllocatorGeneric gArrayBufferPartitionAllocator;
-extern pdfium::base::PartitionAllocatorGeneric gGeneralPartitionAllocator;
-extern pdfium::base::PartitionAllocatorGeneric gStringPartitionAllocator;
+pdfium::base::PartitionAllocatorGeneric& GetArrayBufferPartitionAllocator();
+pdfium::base::PartitionAllocatorGeneric& GetGeneralPartitionAllocator();
+pdfium::base::PartitionAllocatorGeneric& GetStringPartitionAllocator();
 
 void FXMEM_InitializePartitionAlloc();
 NEVER_INLINE void FX_OutOfMemoryTerminate();
@@ -46,7 +46,7 @@ inline void* FX_SafeAlloc(size_t num_members, size_t member_size) {
   constexpr int kFlags = pdfium::base::PartitionAllocReturnNull |
                          pdfium::base::PartitionAllocZeroFill;
   return pdfium::base::PartitionAllocGenericFlags(
-      gGeneralPartitionAllocator.root(), kFlags, total.ValueOrDie(),
+      GetGeneralPartitionAllocator().root(), kFlags, total.ValueOrDie(),
       "GeneralPartition");
 }
 
@@ -57,8 +57,9 @@ inline void* FX_SafeRealloc(void* ptr, size_t num_members, size_t member_size) {
     return nullptr;
 
   return pdfium::base::PartitionReallocGenericFlags(
-      gGeneralPartitionAllocator.root(), pdfium::base::PartitionAllocReturnNull,
-      ptr, size.ValueOrDie(), "GeneralPartition");
+      GetGeneralPartitionAllocator().root(),
+      pdfium::base::PartitionAllocReturnNull, ptr, size.ValueOrDie(),
+      "GeneralPartition");
 }
 
 inline void* FX_AllocOrDie(size_t num_members, size_t member_size) {
diff --git a/core/fxcrt/string_data_template.h b/core/fxcrt/string_data_template.h
index 0fe679d243..656d3501e1 100644
--- a/core/fxcrt/string_data_template.h
+++ b/core/fxcrt/string_data_template.h
@@ -36,8 +36,8 @@ class StringDataTemplate {
     size_t usableLen = (totalSize - overhead) / sizeof(CharType);
     ASSERT(usableLen >= nLen);
 
-    void* pData = gStringPartitionAllocator.root()->Alloc(totalSize,
-                                                          "StringDataTemplate");
+    void* pData = GetStringPartitionAllocator().root()->Alloc(
+        totalSize, "StringDataTemplate");
     return new (pData) StringDataTemplate(nLen, usableLen);
   }
 
@@ -50,7 +50,7 @@ class StringDataTemplate {
   void Retain() { ++m_nRefs; }
   void Release() {
     if (--m_nRefs <= 0)
-      gStringPartitionAllocator.root()->Free(this);
+      GetStringPartitionAllocator().root()->Free(this);
   }
 
   bool CanOperateInPlace(size_t nTotalLen) const {
diff --git a/fxjs/cfx_v8.cpp b/fxjs/cfx_v8.cpp
index 4d12e3353e..73d95ae9b4 100644
--- a/fxjs/cfx_v8.cpp
+++ b/fxjs/cfx_v8.cpp
@@ -206,17 +206,17 @@ v8::Local<v8::Array> CFX_V8::ToArray(v8::Local<v8::Value> pValue) {
 void* CFX_V8ArrayBufferAllocator::Allocate(size_t length) {
   if (length > kMaxAllowedBytes)
     return nullptr;
-  return gArrayBufferPartitionAllocator.root()->AllocFlags(
+  return GetArrayBufferPartitionAllocator().root()->AllocFlags(
       pdfium::base::PartitionAllocZeroFill, length, "CFX_V8ArrayBuffer");
 }
 
 void* CFX_V8ArrayBufferAllocator::AllocateUninitialized(size_t length) {
   if (length > kMaxAllowedBytes)
     return nullptr;
-  return gArrayBufferPartitionAllocator.root()->Alloc(length,
-                                                      "CFX_V8ArrayBuffer");
+  return GetArrayBufferPartitionAllocator().root()->Alloc(length,
+                                                          "CFX_V8ArrayBuffer");
 }
 
 void CFX_V8ArrayBufferAllocator::Free(void* data, size_t length) {
-  gArrayBufferPartitionAllocator.root()->Free(data);
+  GetArrayBufferPartitionAllocator().root()->Free(data);
 }
-- 
cgit v1.2.3