Add PA_UNSAFE_BUFFER_USAGE macro to partition alloc.

tsepez · copybara-github · commit f5d9c0b9bfcc · 2025-08-01T11:06:49.000-07:00
Mirror what chromium does in the standalone partition alloc file. First step towards removing PA from unsafe_buffers_paths.txt suppression file, and a precursor to catching some unsafe raw ptr indexing as allowed. -- Also add PA_UNSAFE_BUFFERS() and PA_UNSAFE_TODO(). Bug: 435068772 Change-Id: If606654f5ed61b6fae439b2071dea55feecc3943 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6803082 Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/main@{#1495591} NOKEYCHECK=True GitOrigin-RevId: a0517a2258135a1dd2c43073d893001a3d6c992e
diff --git a/src/partition_alloc/partition_alloc_base/compiler_specific.h b/src/partition_alloc/partition_alloc_base/compiler_specific.h
@@ -480,4 +480,32 @@ inline constexpr bool AnalyzerAssumeTrue(bool arg) {
 #define PA_NOPROFILE
 #endif
 
+// Annotates a function or class data member indicating it can lead to
+// out-of-bounds accesses (OOB) if given incorrect inputs.
+#if PA_HAS_CPP_ATTRIBUTE(clang::unsafe_buffer_usage)
+#define PA_UNSAFE_BUFFER_USAGE [[clang::unsafe_buffer_usage]]
+#else
+#define PA_UNSAFE_BUFFER_USAGE
+#endif
+
+// Annotates code indicating that it should be permanently exempted from
+// `-Wunsafe-buffer-usage`. For temporary cases such as migrating callers to
+// safer patterns, use `UNSAFE_TODO()` instead;
+#if defined(__clang__)
+// Disabling `clang-format` allows each `_Pragma` to be on its own line, as
+// recommended by https://gcc.gnu.org/onlinedocs/cpp/Pragmas.html.
+// clang-format off
+#define PA_UNSAFE_BUFFERS(...)                  \
+  _Pragma("clang unsafe_buffer_usage begin") \
+  __VA_ARGS__                                \
+  _Pragma("clang unsafe_buffer_usage end")
+// clang-format on
+#else
+#define PA_UNSAFE_BUFFERS(...) __VA_ARGS__
+#endif
+
+// Annotates code indicating that it should be temporarily exempted from
+// `-Wunsafe-buffer-usage`.
+#define PA_UNSAFE_TODO(...) PA_UNSAFE_BUFFERS(__VA_ARGS__)
+
 #endif  // PARTITION_ALLOC_PARTITION_ALLOC_BASE_COMPILER_SPECIFIC_H_
