#include <vector>
+#include "base/command_line.h"
+#include "base/debug/asan_invalid_access.h"
+#include "base/debug/profiler.h"
#include "base/strings/utf_string_conversions.h"
+#include "cc/base/switches.h"
#include "content/browser/gpu/gpu_process_host_ui_shim.h"
-#include "content/browser/ppapi_plugin_process_host.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/common/content_constants.h"
#include "content/public/common/url_constants.h"
#include "ppapi/proxy/ppapi_messages.h"
#include "url/gurl.h"
+#if defined(ENABLE_PLUGINS)
+#include "content/browser/ppapi_plugin_process_host.h"
+#endif
+
namespace content {
namespace {
+// Define the Asan debug URLs.
+const char kAsanCrashDomain[] = "crash";
+const char kAsanHeapOverflow[] = "/browser-heap-overflow";
+const char kAsanHeapUnderflow[] = "/browser-heap-underflow";
+const char kAsanUseAfterFree[] = "/browser-use-after-free";
+#if defined(SYZYASAN)
+const char kAsanCorruptHeapBlock[] = "/browser-corrupt-heap-block";
+const char kAsanCorruptHeap[] = "/browser-corrupt-heap";
+#endif
+
void HandlePpapiFlashDebugURL(const GURL& url) {
#if defined(ENABLE_PLUGINS)
bool crash = url == GURL(kChromeUIPpapiFlashCrashURL);
#endif
}
+bool IsAsanDebugURL(const GURL& url) {
+#if defined(SYZYASAN)
+ if (!base::debug::IsBinaryInstrumented())
+ return false;
+#endif
+
+ if (!(url.is_valid() && url.SchemeIs(kChromeUIScheme) &&
+ url.DomainIs(kAsanCrashDomain, sizeof(kAsanCrashDomain) - 1) &&
+ url.has_path())) {
+ return false;
+ }
+
+ if (url.path() == kAsanHeapOverflow || url.path() == kAsanHeapUnderflow ||
+ url.path() == kAsanUseAfterFree) {
+ return true;
+ }
+
+#if defined(SYZYASAN)
+ if (url.path() == kAsanCorruptHeapBlock || url.path() == kAsanCorruptHeap)
+ return true;
+#endif
+
+ return false;
+}
+
+bool HandleAsanDebugURL(const GURL& url) {
+#if defined(SYZYASAN)
+ if (!base::debug::IsBinaryInstrumented())
+ return false;
+
+ if (url.path() == kAsanCorruptHeapBlock) {
+ base::debug::AsanCorruptHeapBlock();
+ return true;
+ } else if (url.path() == kAsanCorruptHeap) {
+ base::debug::AsanCorruptHeap();
+ return true;
+ }
+#endif
+
+#if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
+ if (url.path() == kAsanHeapOverflow) {
+ base::debug::AsanHeapOverflow();
+ } else if (url.path() == kAsanHeapUnderflow) {
+ base::debug::AsanHeapUnderflow();
+ } else if (url.path() == kAsanUseAfterFree) {
+ base::debug::AsanHeapUseAfterFree();
+ } else {
+ return false;
+ }
+#endif
+
+ return true;
+}
+
+
} // namespace
-bool HandleDebugURL(const GURL& url, PageTransition transition) {
- // Ensure that the user explicitly navigated to this URL.
- if (!(transition & PAGE_TRANSITION_FROM_ADDRESS_BAR))
+bool HandleDebugURL(const GURL& url, ui::PageTransition transition) {
+ // Ensure that the user explicitly navigated to this URL, unless
+ // kEnableGpuBenchmarking is enabled by Telemetry.
+ bool is_telemetry_navigation =
+ base::CommandLine::ForCurrentProcess()->HasSwitch(
+ cc::switches::kEnableGpuBenchmarking) &&
+ (transition & ui::PAGE_TRANSITION_TYPED);
+
+ if (!(transition & ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) &&
+ !is_telemetry_navigation)
return false;
- if (url.host() == kChromeUIBrowserCrashHost) {
+ if (IsAsanDebugURL(url))
+ return HandleAsanDebugURL(url);
+
+ if (url == GURL(kChromeUIBrowserCrashURL)) {
// Induce an intentional crash in the browser process.
CHECK(false);
return true;
if (!url.is_valid())
return false;
- if (url.SchemeIs(kJavaScriptScheme))
+ if (url.SchemeIs(url::kJavaScriptScheme))
return true;
return url == GURL(kChromeUICrashURL) ||
+ url == GURL(kChromeUIDumpURL) ||
url == GURL(kChromeUIKillURL) ||
url == GURL(kChromeUIHangURL) ||
url == GURL(kChromeUIShorthangURL);