[VM] Fix OOM handling when allocating buffers in dart:io

* Test standalone_2/file_error_test is updated for Dart 2.0 fixed-size
  integers.

* This update revealed that certain dart:io native methods do not handle
  out-of-memory properly when I/O buffers are allocated.
  This CL fixes this bug.

Change-Id: I6a9018ab86da7b163d9797d745544835dfb0f15c
Reviewed-on: https://dart-review.googlesource.com/20582
Commit-Queue: Alexander Markov <[email protected]>
Reviewed-by: Zach Anderson <[email protected]>

Author: alexmarkov

runtime/bin/dartutils.cc

@@ -945,7 +945,9 @@ Dart_CObject* CObject::NewIOBuffer(int64_t length) {
     return NULL;
   }
   uint8_t* data = IOBuffer::Allocate(static_cast<intptr_t>(length));
-  ASSERT(data != NULL);
+  if (data == NULL) {
+    return NULL;
+  }
   return NewExternalUint8Array(static_cast<intptr_t>(length), data, data,
                                IOBuffer::Finalizer);
 }

runtime/bin/file.cc

@@ -176,36 +176,39 @@ void FUNCTION_NAME(File_Read)(Dart_NativeArguments args) {
   ASSERT(file != NULL);
   Dart_Handle length_object = Dart_GetNativeArgument(args, 1);
   int64_t length = 0;
-  if (DartUtils::GetInt64Value(length_object, &length)) {
-    uint8_t* buffer = NULL;
-    Dart_Handle external_array = IOBuffer::Allocate(length, &buffer);
-    int64_t bytes_read = file->Read(reinterpret_cast<void*>(buffer), length);
-    if (bytes_read < 0) {
-      Dart_SetReturnValue(args, DartUtils::NewDartOSError());
-    } else {
-      if (bytes_read < length) {
-        const int kNumArgs = 3;
-        Dart_Handle dart_args[kNumArgs];
-        dart_args[0] = external_array;
-        dart_args[1] = Dart_NewInteger(0);
-        dart_args[2] = Dart_NewInteger(bytes_read);
-        // TODO(sgjesse): Cache the _makeUint8ListView function somewhere.
-        Dart_Handle io_lib =
-            Dart_LookupLibrary(DartUtils::NewString("dart:io"));
-        if (Dart_IsError(io_lib)) {
-          Dart_PropagateError(io_lib);
-        }
-        Dart_Handle array_view =
-            Dart_Invoke(io_lib, DartUtils::NewString("_makeUint8ListView"),
-                        kNumArgs, dart_args);
-        Dart_SetReturnValue(args, array_view);
-      } else {
-        Dart_SetReturnValue(args, external_array);
-      }
-    }
-  } else {
+  if (!DartUtils::GetInt64Value(length_object, &length) || (length < 0)) {
     OSError os_error(-1, "Invalid argument", OSError::kUnknown);
     Dart_SetReturnValue(args, DartUtils::NewDartOSError(&os_error));
+    return;
+  }
+  uint8_t* buffer = NULL;
+  Dart_Handle external_array = IOBuffer::Allocate(length, &buffer);
+  if (Dart_IsNull(external_array)) {
+    Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+    return;
+  }
+  int64_t bytes_read = file->Read(reinterpret_cast<void*>(buffer), length);
+  if (bytes_read < 0) {
+    Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+    return;
+  }
+  if (bytes_read < length) {
+    const int kNumArgs = 3;
+    Dart_Handle dart_args[kNumArgs];
+    dart_args[0] = external_array;
+    dart_args[1] = Dart_NewInteger(0);
+    dart_args[2] = Dart_NewInteger(bytes_read);
+    // TODO(sgjesse): Cache the _makeUint8ListView function somewhere.
+    Dart_Handle io_lib = Dart_LookupLibrary(DartUtils::NewString("dart:io"));
+    if (Dart_IsError(io_lib)) {
+      Dart_PropagateError(io_lib);
+    }
+    Dart_Handle array_view =
+        Dart_Invoke(io_lib, DartUtils::NewString("_makeUint8ListView"),
+                    kNumArgs, dart_args);
+    Dart_SetReturnValue(args, array_view);
+  } else {
+    Dart_SetReturnValue(args, external_array);
   }
 }
 
@@ -1105,7 +1108,9 @@ CObject* File::ReadRequest(const CObjectArray& request) {
   }
   const int64_t length = CObjectInt32OrInt64ToInt64(request[1]);
   Dart_CObject* io_buffer = CObject::NewIOBuffer(length);
-  ASSERT(io_buffer != NULL);
+  if (io_buffer == NULL) {
+    return CObject::NewOSError();
+  }
   uint8_t* data = io_buffer->value.as_external_typed_data.data;
   const int64_t bytes_read = file->Read(data, length);
   if (bytes_read < 0) {
@@ -1135,7 +1140,9 @@ CObject* File::ReadIntoRequest(const CObjectArray& request) {
   }
   const int64_t length = CObjectInt32OrInt64ToInt64(request[1]);
   Dart_CObject* io_buffer = CObject::NewIOBuffer(length);
-  ASSERT(io_buffer != NULL);
+  if (io_buffer == NULL) {
+    return CObject::NewOSError();
+  }
   uint8_t* data = io_buffer->value.as_external_typed_data.data;
   const int64_t bytes_read = file->Read(data, length);
   if (bytes_read < 0) {

runtime/bin/filter.cc

@@ -246,6 +246,10 @@ void FUNCTION_NAME(Filter_Processed)(Dart_NativeArguments args) {
   } else {
     uint8_t* io_buffer;
     Dart_Handle result = IOBuffer::Allocate(read, &io_buffer);
+    if (Dart_IsNull(result)) {
+      Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+      return;
+    }
     memmove(io_buffer, filter->processed_buffer(), read);
     Dart_SetReturnValue(args, result);
   }

runtime/bin/io_buffer.cc

@@ -9,6 +9,9 @@ namespace bin {
 
 Dart_Handle IOBuffer::Allocate(intptr_t size, uint8_t** buffer) {
   uint8_t* data = Allocate(size);
+  if (data == NULL) {
+    return Dart_Null();
+  }
   Dart_Handle result =
       Dart_NewExternalTypedData(Dart_TypedData_kUint8, data, size);
   Dart_NewWeakPersistentHandle(result, data, size, IOBuffer::Finalizer);
@@ -24,7 +27,7 @@ Dart_Handle IOBuffer::Allocate(intptr_t size, uint8_t** buffer) {
 }
 
 uint8_t* IOBuffer::Allocate(intptr_t size) {
-  return new uint8_t[size];
+  return reinterpret_cast<uint8_t*>(malloc(size));
 }
 
 }  // namespace bin

runtime/bin/io_buffer.h

@@ -22,9 +22,7 @@ class IOBuffer {
 
   // Function for disposing of IO buffer storage. All backing storage
   // for IO buffers must be freed using this function.
-  static void Free(void* buffer) {
-    delete[] reinterpret_cast<uint8_t*>(buffer);
-  }
+  static void Free(void* buffer) { free(buffer); }
 
   // Function for finalizing external byte arrays used as IO buffers.
   static void Finalizer(void* isolate_callback_data,

runtime/bin/process.cc

@@ -346,6 +346,10 @@ void FUNCTION_NAME(StringToSystemEncoding)(Dart_NativeArguments args) {
   }
   uint8_t* buffer = NULL;
   Dart_Handle external_array = IOBuffer::Allocate(system_len, &buffer);
+  if (Dart_IsNull(external_array)) {
+    Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+    return;
+  }
   if (!Dart_IsError(external_array)) {
     memmove(buffer, system_string, system_len);
   }

runtime/bin/process.h

@@ -247,6 +247,9 @@ class BufferListBase {
     uint8_t* buffer;
     intptr_t buffer_position = 0;
     Dart_Handle result = IOBuffer::Allocate(data_size_, &buffer);
+    if (Dart_IsNull(result)) {
+      return DartUtils::NewDartOSError();
+    }
     if (Dart_IsError(result)) {
       Free();
       return result;

runtime/bin/socket.cc

@@ -323,12 +323,17 @@ void FUNCTION_NAME(Socket_Read)(Dart_NativeArguments args) {
   Socket* socket =
       Socket::GetSocketIdNativeField(Dart_GetNativeArgument(args, 0));
   int64_t length = 0;
-  if (DartUtils::GetInt64Value(Dart_GetNativeArgument(args, 1), &length)) {
+  if (DartUtils::GetInt64Value(Dart_GetNativeArgument(args, 1), &length) &&
+      (length >= 0)) {
     if (Socket::short_socket_read()) {
       length = (length + 1) / 2;
     }
     uint8_t* buffer = NULL;
     Dart_Handle result = IOBuffer::Allocate(length, &buffer);
+    if (Dart_IsNull(result)) {
+      Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+      return;
+    }
     if (Dart_IsError(result)) {
       Dart_PropagateError(result);
     }
@@ -340,6 +345,10 @@ void FUNCTION_NAME(Socket_Read)(Dart_NativeArguments args) {
     } else if (bytes_read > 0) {
       uint8_t* new_buffer = NULL;
       Dart_Handle new_result = IOBuffer::Allocate(bytes_read, &new_buffer);
+      if (Dart_IsNull(new_result)) {
+        Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+        return;
+      }
       if (Dart_IsError(new_result)) {
         Dart_PropagateError(new_result);
       }
@@ -393,6 +402,10 @@ void FUNCTION_NAME(Socket_RecvFrom)(Dart_NativeArguments args) {
   ASSERT(bytes_read > 0);
   uint8_t* data_buffer = NULL;
   Dart_Handle data = IOBuffer::Allocate(bytes_read, &data_buffer);
+  if (Dart_IsNull(data)) {
+    Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+    return;
+  }
   if (Dart_IsError(data)) {
     Dart_PropagateError(data);
   }

runtime/bin/sync_socket.cc

@@ -213,20 +213,29 @@ void FUNCTION_NAME(SynchronousSocket_Read)(Dart_NativeArguments args) {
   DART_CHECK_ERROR(result);
 
   int64_t length = 0;
-  if (!DartUtils::GetInt64Value(Dart_GetNativeArgument(args, 1), &length)) {
+  if (!DartUtils::GetInt64Value(Dart_GetNativeArgument(args, 1), &length) ||
+      (length < 0)) {
     Dart_SetReturnValue(args, DartUtils::NewDartArgumentError(
                                   "First parameter must be an integer."));
     return;
   }
   uint8_t* buffer = NULL;
   result = IOBuffer::Allocate(length, &buffer);
+  if (Dart_IsNull(result)) {
+    Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+    return;
+  }
   ASSERT(buffer != NULL);
   intptr_t bytes_read = SynchronousSocket::Read(socket->fd(), buffer, length);
   if (bytes_read == length) {
     Dart_SetReturnValue(args, result);
   } else if (bytes_read > 0) {
     uint8_t* new_buffer = NULL;
     Dart_Handle new_result = IOBuffer::Allocate(bytes_read, &new_buffer);
+    if (Dart_IsNull(new_result)) {
+      Dart_SetReturnValue(args, DartUtils::NewDartOSError());
+      return;
+    }
     ASSERT(new_buffer != NULL);
     memmove(new_buffer, buffer, bytes_read);
     Dart_SetReturnValue(args, new_result);

tests/standalone_2/io/file_error_test.dart

@@ -400,7 +400,7 @@ testRepeatedlyCloseFileSync() {
 
 testReadSyncBigInt() {
   createTestFile((file, done) {
-    var bigint = 100000000000000000000000000000000000000000;
+    var bigint = 9223372036854775807;
     var openedFile = file.openSync();
     Expect.throws(
         () => openedFile.readSync(bigint), (e) => e is FileSystemException);