From c9653fb272dd2d006a2725c42b5a36ffafb099a7 Mon Sep 17 00:00:00 2001
From: Lei Zhang <thestig@chromium.org>
Date: Tue, 7 Nov 2017 18:54:51 +0000
Subject: Fix PartitionAlloc cookies for small in-place reallocs.

This ports the non-test portion of Chromium commit r514411 to PDFium.

BUG=chromium:781473

Change-Id: Iab203edf3cb49a491aca5e524815a15e74f47581
Reviewed-on: https://pdfium-review.googlesource.com/17990
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
---
 third_party/base/allocator/partition_allocator/partition_alloc.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/third_party/base/allocator/partition_allocator/partition_alloc.cc b/third_party/base/allocator/partition_allocator/partition_alloc.cc
index a33d7f1d13..ff366b861f 100644
--- a/third_party/base/allocator/partition_allocator/partition_alloc.cc
+++ b/third_party/base/allocator/partition_allocator/partition_alloc.cc
@@ -1065,8 +1065,10 @@ void* PartitionReallocGeneric(PartitionRootGeneric* root,
     // after updating statistics (and cookies, if present).
     PartitionPageSetRawSize(page, PartitionCookieSizeAdjustAdd(new_size));
 #if DCHECK_IS_ON()
-    // Write a new trailing cookie.
-    PartitionCookieWriteValue(static_cast<char*>(ptr) + new_size);
+    // Write a new trailing cookie when it is possible to keep track of
+    // |new_size| via the raw size pointer.
+    if (PartitionPageGetRawSizePtr(page))
+      PartitionCookieWriteValue(static_cast<char*>(ptr) + new_size);
 #endif
     return ptr;
   }
-- 
cgit v1.2.3