From 7e3a2d182ead4d2c544c209cef67f7bb1e288345 Mon Sep 17 00:00:00 2001 From: Jiulong Wang Date: Wed, 17 May 2023 12:19:50 -0700 Subject: [PATCH] address review comments --- src/google/protobuf/parse_context.h | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/google/protobuf/parse_context.h b/src/google/protobuf/parse_context.h index cbe1ce72ef..446cda8fb1 100644 --- a/src/google/protobuf/parse_context.h +++ b/src/google/protobuf/parse_context.h @@ -133,31 +133,42 @@ class PROTOBUF_EXPORT EpsCopyInputStream { if (count > 0) StreamBackUp(count); } - // Use an optional to guarantee that: + // In sanitizer mode we use memory poisoning to guarantee that: // - We do not read an uninitialized token. // - Every non-empty token is moved from and consumed. class LimitToken { public: - LimitToken() = default; - explicit LimitToken(int token) : token_(token) {} + LimitToken() { PROTOBUF_POISON_MEMORY_REGION(this, sizeof(LimitToken)); } + explicit LimitToken(int token) : token_(token) { PROTOBUF_UNPOISON_MEMORY_REGION(this, sizeof(LimitToken)); } LimitToken(LimitToken&& other) { *this = std::move(other); } LimitToken& operator=(LimitToken&& other) { - token_ = std::exchange(other.token_, absl::nullopt); + PROTOBUF_UNPOISON_MEMORY_REGION(this, sizeof(LimitToken)); + token_ = other.token_; + PROTOBUF_POISON_MEMORY_REGION(&other, sizeof(LimitToken)); return *this; } - ~LimitToken() { ABSL_CHECK(!token_.has_value()); } + ~LimitToken() { +#ifdef ADDRESS_SANITIZER + ABSL_CHECK(__asan_address_is_poisoned(this)); +#endif + } LimitToken(const LimitToken&) = delete; LimitToken& operator=(const LimitToken&) = delete; int token() && { - ABSL_CHECK(token_.has_value()); - return *std::exchange(token_, absl::nullopt); +#ifdef ADDRESS_SANITIZER + int t = token_; + PROTOBUF_POISON_MEMORY_REGION(this, sizeof(LimitToken)); + return t; +#else + return token_; +#endif } private: - absl::optional token_; + int token_; }; // If return value is negative it's an error