launch_posix.cc revision c5cede9ae108bb15f6b7a8aea21c7e1fefa2834c
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/process/launch.h" 6 7#include <dirent.h> 8#include <errno.h> 9#include <fcntl.h> 10#include <signal.h> 11#include <stdlib.h> 12#include <sys/resource.h> 13#include <sys/time.h> 14#include <sys/types.h> 15#include <sys/wait.h> 16#include <unistd.h> 17 18#include <iterator> 19#include <limits> 20#include <set> 21 22#include "base/allocator/type_profiler_control.h" 23#include "base/command_line.h" 24#include "base/compiler_specific.h" 25#include "base/debug/debugger.h" 26#include "base/debug/stack_trace.h" 27#include "base/file_util.h" 28#include "base/files/dir_reader_posix.h" 29#include "base/files/scoped_file.h" 30#include "base/logging.h" 31#include "base/memory/scoped_ptr.h" 32#include "base/posix/eintr_wrapper.h" 33#include "base/process/kill.h" 34#include "base/process/process_metrics.h" 35#include "base/strings/stringprintf.h" 36#include "base/synchronization/waitable_event.h" 37#include "base/third_party/dynamic_annotations/dynamic_annotations.h" 38#include "base/threading/platform_thread.h" 39#include "base/threading/thread_restrictions.h" 40 41#if defined(OS_LINUX) 42#include <sys/prctl.h> 43#endif 44 45#if defined(OS_CHROMEOS) 46#include <sys/ioctl.h> 47#endif 48 49#if defined(OS_FREEBSD) 50#include <sys/event.h> 51#include <sys/ucontext.h> 52#endif 53 54#if defined(OS_MACOSX) 55#include <crt_externs.h> 56#include <sys/event.h> 57#else 58extern char** environ; 59#endif 60 61namespace base { 62 63namespace { 64 65// Get the process's "environment" (i.e. the thing that setenv/getenv 66// work with). 67char** GetEnvironment() { 68#if defined(OS_MACOSX) 69 return *_NSGetEnviron(); 70#else 71 return environ; 72#endif 73} 74 75// Set the process's "environment" (i.e. the thing that setenv/getenv 76// work with). 77void SetEnvironment(char** env) { 78#if defined(OS_MACOSX) 79 *_NSGetEnviron() = env; 80#else 81 environ = env; 82#endif 83} 84 85// Set the calling thread's signal mask to new_sigmask and return 86// the previous signal mask. 87sigset_t SetSignalMask(const sigset_t& new_sigmask) { 88 sigset_t old_sigmask; 89#if defined(OS_ANDROID) 90 // POSIX says pthread_sigmask() must be used in multi-threaded processes, 91 // but Android's pthread_sigmask() was broken until 4.1: 92 // https://code.google.com/p/android/issues/detail?id=15337 93 // http://stackoverflow.com/questions/13777109/pthread-sigmask-on-android-not-working 94 RAW_CHECK(sigprocmask(SIG_SETMASK, &new_sigmask, &old_sigmask) == 0); 95#else 96 RAW_CHECK(pthread_sigmask(SIG_SETMASK, &new_sigmask, &old_sigmask) == 0); 97#endif 98 return old_sigmask; 99} 100 101#if !defined(OS_LINUX) || \ 102 (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) 103void ResetChildSignalHandlersToDefaults() { 104 // The previous signal handlers are likely to be meaningless in the child's 105 // context so we reset them to the defaults for now. http://crbug.com/44953 106 // These signal handlers are set up at least in browser_main_posix.cc: 107 // BrowserMainPartsPosix::PreEarlyInitialization and stack_trace_posix.cc: 108 // EnableInProcessStackDumping. 109 signal(SIGHUP, SIG_DFL); 110 signal(SIGINT, SIG_DFL); 111 signal(SIGILL, SIG_DFL); 112 signal(SIGABRT, SIG_DFL); 113 signal(SIGFPE, SIG_DFL); 114 signal(SIGBUS, SIG_DFL); 115 signal(SIGSEGV, SIG_DFL); 116 signal(SIGSYS, SIG_DFL); 117 signal(SIGTERM, SIG_DFL); 118} 119 120#else 121 122// TODO(jln): remove the Linux special case once kernels are fixed. 123 124// Internally the kernel makes sigset_t an array of long large enough to have 125// one bit per signal. 126typedef uint64_t kernel_sigset_t; 127 128// This is what struct sigaction looks like to the kernel at least on X86 and 129// ARM. MIPS, for instance, is very different. 130struct kernel_sigaction { 131 void* k_sa_handler; // For this usage it only needs to be a generic pointer. 132 unsigned long k_sa_flags; 133 void* k_sa_restorer; // For this usage it only needs to be a generic pointer. 134 kernel_sigset_t k_sa_mask; 135}; 136 137// glibc's sigaction() will prevent access to sa_restorer, so we need to roll 138// our own. 139int sys_rt_sigaction(int sig, const struct kernel_sigaction* act, 140 struct kernel_sigaction* oact) { 141 return syscall(SYS_rt_sigaction, sig, act, oact, sizeof(kernel_sigset_t)); 142} 143 144// This function is intended to be used in between fork() and execve() and will 145// reset all signal handlers to the default. 146// The motivation for going through all of them is that sa_restorer can leak 147// from parents and help defeat ASLR on buggy kernels. We reset it to NULL. 148// See crbug.com/177956. 149void ResetChildSignalHandlersToDefaults(void) { 150 for (int signum = 1; ; ++signum) { 151 struct kernel_sigaction act = {0}; 152 int sigaction_get_ret = sys_rt_sigaction(signum, NULL, &act); 153 if (sigaction_get_ret && errno == EINVAL) { 154#if !defined(NDEBUG) 155 // Linux supports 32 real-time signals from 33 to 64. 156 // If the number of signals in the Linux kernel changes, someone should 157 // look at this code. 158 const int kNumberOfSignals = 64; 159 RAW_CHECK(signum == kNumberOfSignals + 1); 160#endif // !defined(NDEBUG) 161 break; 162 } 163 // All other failures are fatal. 164 if (sigaction_get_ret) { 165 RAW_LOG(FATAL, "sigaction (get) failed."); 166 } 167 168 // The kernel won't allow to re-set SIGKILL or SIGSTOP. 169 if (signum != SIGSTOP && signum != SIGKILL) { 170 act.k_sa_handler = reinterpret_cast<void*>(SIG_DFL); 171 act.k_sa_restorer = NULL; 172 if (sys_rt_sigaction(signum, &act, NULL)) { 173 RAW_LOG(FATAL, "sigaction (set) failed."); 174 } 175 } 176#if !defined(NDEBUG) 177 // Now ask the kernel again and check that no restorer will leak. 178 if (sys_rt_sigaction(signum, NULL, &act) || act.k_sa_restorer) { 179 RAW_LOG(FATAL, "Cound not fix sa_restorer."); 180 } 181#endif // !defined(NDEBUG) 182 } 183} 184#endif // !defined(OS_LINUX) || 185 // (!defined(__i386__) && !defined(__x86_64__) && !defined(__arm__)) 186 187} // anonymous namespace 188 189// Functor for |ScopedDIR| (below). 190struct ScopedDIRClose { 191 inline void operator()(DIR* x) const { 192 if (x) 193 closedir(x); 194 } 195}; 196 197// Automatically closes |DIR*|s. 198typedef scoped_ptr<DIR, ScopedDIRClose> ScopedDIR; 199 200#if defined(OS_LINUX) 201static const char kFDDir[] = "/proc/self/fd"; 202#elif defined(OS_MACOSX) 203static const char kFDDir[] = "/dev/fd"; 204#elif defined(OS_SOLARIS) 205static const char kFDDir[] = "/dev/fd"; 206#elif defined(OS_FREEBSD) 207static const char kFDDir[] = "/dev/fd"; 208#elif defined(OS_OPENBSD) 209static const char kFDDir[] = "/dev/fd"; 210#elif defined(OS_ANDROID) 211static const char kFDDir[] = "/proc/self/fd"; 212#endif 213 214void CloseSuperfluousFds(const base::InjectiveMultimap& saved_mapping) { 215 // DANGER: no calls to malloc or locks are allowed from now on: 216 // http://crbug.com/36678 217 218 // Get the maximum number of FDs possible. 219 size_t max_fds = GetMaxFds(); 220 221 DirReaderPosix fd_dir(kFDDir); 222 if (!fd_dir.IsValid()) { 223 // Fallback case: Try every possible fd. 224 for (size_t i = 0; i < max_fds; ++i) { 225 const int fd = static_cast<int>(i); 226 if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) 227 continue; 228 // Cannot use STL iterators here, since debug iterators use locks. 229 size_t j; 230 for (j = 0; j < saved_mapping.size(); j++) { 231 if (fd == saved_mapping[j].dest) 232 break; 233 } 234 if (j < saved_mapping.size()) 235 continue; 236 237 // Since we're just trying to close anything we can find, 238 // ignore any error return values of close(). 239 close(fd); 240 } 241 return; 242 } 243 244 const int dir_fd = fd_dir.fd(); 245 246 for ( ; fd_dir.Next(); ) { 247 // Skip . and .. entries. 248 if (fd_dir.name()[0] == '.') 249 continue; 250 251 char *endptr; 252 errno = 0; 253 const long int fd = strtol(fd_dir.name(), &endptr, 10); 254 if (fd_dir.name()[0] == 0 || *endptr || fd < 0 || errno) 255 continue; 256 if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) 257 continue; 258 // Cannot use STL iterators here, since debug iterators use locks. 259 size_t i; 260 for (i = 0; i < saved_mapping.size(); i++) { 261 if (fd == saved_mapping[i].dest) 262 break; 263 } 264 if (i < saved_mapping.size()) 265 continue; 266 if (fd == dir_fd) 267 continue; 268 269 // When running under Valgrind, Valgrind opens several FDs for its 270 // own use and will complain if we try to close them. All of 271 // these FDs are >= |max_fds|, so we can check against that here 272 // before closing. See https://bugs.kde.org/show_bug.cgi?id=191758 273 if (fd < static_cast<int>(max_fds)) { 274 int ret = IGNORE_EINTR(close(fd)); 275 DPCHECK(ret == 0); 276 } 277 } 278} 279 280bool LaunchProcess(const std::vector<std::string>& argv, 281 const LaunchOptions& options, 282 ProcessHandle* process_handle) { 283 size_t fd_shuffle_size = 0; 284 if (options.fds_to_remap) { 285 fd_shuffle_size = options.fds_to_remap->size(); 286 } 287 288 InjectiveMultimap fd_shuffle1; 289 InjectiveMultimap fd_shuffle2; 290 fd_shuffle1.reserve(fd_shuffle_size); 291 fd_shuffle2.reserve(fd_shuffle_size); 292 293 scoped_ptr<char*[]> argv_cstr(new char*[argv.size() + 1]); 294 scoped_ptr<char*[]> new_environ; 295 if (!options.environ.empty()) 296 new_environ = AlterEnvironment(GetEnvironment(), options.environ); 297 298 sigset_t full_sigset; 299 sigfillset(&full_sigset); 300 const sigset_t orig_sigmask = SetSignalMask(full_sigset); 301 302 pid_t pid; 303#if defined(OS_LINUX) 304 if (options.clone_flags) { 305 // Signal handling in this function assumes the creation of a new 306 // process, so we check that a thread is not being created by mistake 307 // and that signal handling follows the process-creation rules. 308 RAW_CHECK( 309 !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM))); 310 pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0); 311 } else 312#endif 313 { 314 pid = fork(); 315 } 316 317 // Always restore the original signal mask in the parent. 318 if (pid != 0) { 319 SetSignalMask(orig_sigmask); 320 } 321 322 if (pid < 0) { 323 DPLOG(ERROR) << "fork"; 324 return false; 325 } else if (pid == 0) { 326 // Child process 327 328 // DANGER: no calls to malloc or locks are allowed from now on: 329 // http://crbug.com/36678 330 331 // DANGER: fork() rule: in the child, if you don't end up doing exec*(), 332 // you call _exit() instead of exit(). This is because _exit() does not 333 // call any previously-registered (in the parent) exit handlers, which 334 // might do things like block waiting for threads that don't even exist 335 // in the child. 336 337 // If a child process uses the readline library, the process block forever. 338 // In BSD like OSes including OS X it is safe to assign /dev/null as stdin. 339 // See http://crbug.com/56596. 340 base::ScopedFD null_fd(HANDLE_EINTR(open("/dev/null", O_RDONLY))); 341 if (!null_fd.is_valid()) { 342 RAW_LOG(ERROR, "Failed to open /dev/null"); 343 _exit(127); 344 } 345 346 int new_fd = HANDLE_EINTR(dup2(null_fd.get(), STDIN_FILENO)); 347 if (new_fd != STDIN_FILENO) { 348 RAW_LOG(ERROR, "Failed to dup /dev/null for stdin"); 349 _exit(127); 350 } 351 352 if (options.new_process_group) { 353 // Instead of inheriting the process group ID of the parent, the child 354 // starts off a new process group with pgid equal to its process ID. 355 if (setpgid(0, 0) < 0) { 356 RAW_LOG(ERROR, "setpgid failed"); 357 _exit(127); 358 } 359 } 360 361 // Stop type-profiler. 362 // The profiler should be stopped between fork and exec since it inserts 363 // locks at new/delete expressions. See http://crbug.com/36678. 364 base::type_profiler::Controller::Stop(); 365 366 if (options.maximize_rlimits) { 367 // Some resource limits need to be maximal in this child. 368 for (size_t i = 0; i < options.maximize_rlimits->size(); ++i) { 369 const int resource = (*options.maximize_rlimits)[i]; 370 struct rlimit limit; 371 if (getrlimit(resource, &limit) < 0) { 372 RAW_LOG(WARNING, "getrlimit failed"); 373 } else if (limit.rlim_cur < limit.rlim_max) { 374 limit.rlim_cur = limit.rlim_max; 375 if (setrlimit(resource, &limit) < 0) { 376 RAW_LOG(WARNING, "setrlimit failed"); 377 } 378 } 379 } 380 } 381 382#if defined(OS_MACOSX) 383 RestoreDefaultExceptionHandler(); 384#endif // defined(OS_MACOSX) 385 386 ResetChildSignalHandlersToDefaults(); 387 SetSignalMask(orig_sigmask); 388 389#if 0 390 // When debugging it can be helpful to check that we really aren't making 391 // any hidden calls to malloc. 392 void *malloc_thunk = 393 reinterpret_cast<void*>(reinterpret_cast<intptr_t>(malloc) & ~4095); 394 mprotect(malloc_thunk, 4096, PROT_READ | PROT_WRITE | PROT_EXEC); 395 memset(reinterpret_cast<void*>(malloc), 0xff, 8); 396#endif // 0 397 398#if defined(OS_CHROMEOS) 399 if (options.ctrl_terminal_fd >= 0) { 400 // Set process' controlling terminal. 401 if (HANDLE_EINTR(setsid()) != -1) { 402 if (HANDLE_EINTR( 403 ioctl(options.ctrl_terminal_fd, TIOCSCTTY, NULL)) == -1) { 404 RAW_LOG(WARNING, "ioctl(TIOCSCTTY), ctrl terminal not set"); 405 } 406 } else { 407 RAW_LOG(WARNING, "setsid failed, ctrl terminal not set"); 408 } 409 } 410#endif // defined(OS_CHROMEOS) 411 412 if (options.fds_to_remap) { 413 // Cannot use STL iterators here, since debug iterators use locks. 414 for (size_t i = 0; i < options.fds_to_remap->size(); ++i) { 415 const FileHandleMappingVector::value_type& value = 416 (*options.fds_to_remap)[i]; 417 fd_shuffle1.push_back(InjectionArc(value.first, value.second, false)); 418 fd_shuffle2.push_back(InjectionArc(value.first, value.second, false)); 419 } 420 } 421 422 if (!options.environ.empty()) 423 SetEnvironment(new_environ.get()); 424 425 // fd_shuffle1 is mutated by this call because it cannot malloc. 426 if (!ShuffleFileDescriptors(&fd_shuffle1)) 427 _exit(127); 428 429 CloseSuperfluousFds(fd_shuffle2); 430 431 // Set NO_NEW_PRIVS by default. Since NO_NEW_PRIVS only exists in kernel 432 // 3.5+, do not check the return value of prctl here. 433#if defined(OS_LINUX) 434#ifndef PR_SET_NO_NEW_PRIVS 435#define PR_SET_NO_NEW_PRIVS 38 436#endif 437 if (!options.allow_new_privs) { 438 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { 439 DCHECK_EQ(EINVAL, errno); 440 } 441 } 442#endif 443 444 for (size_t i = 0; i < argv.size(); i++) 445 argv_cstr[i] = const_cast<char*>(argv[i].c_str()); 446 argv_cstr[argv.size()] = NULL; 447 execvp(argv_cstr[0], argv_cstr.get()); 448 449 RAW_LOG(ERROR, "LaunchProcess: failed to execvp:"); 450 RAW_LOG(ERROR, argv_cstr[0]); 451 _exit(127); 452 } else { 453 // Parent process 454 if (options.wait) { 455 // While this isn't strictly disk IO, waiting for another process to 456 // finish is the sort of thing ThreadRestrictions is trying to prevent. 457 base::ThreadRestrictions::AssertIOAllowed(); 458 pid_t ret = HANDLE_EINTR(waitpid(pid, 0, 0)); 459 DPCHECK(ret > 0); 460 } 461 462 if (process_handle) 463 *process_handle = pid; 464 } 465 466 return true; 467} 468 469 470bool LaunchProcess(const CommandLine& cmdline, 471 const LaunchOptions& options, 472 ProcessHandle* process_handle) { 473 return LaunchProcess(cmdline.argv(), options, process_handle); 474} 475 476void RaiseProcessToHighPriority() { 477 // On POSIX, we don't actually do anything here. We could try to nice() or 478 // setpriority() or sched_getscheduler, but these all require extra rights. 479} 480 481// Return value used by GetAppOutputInternal to encapsulate the various exit 482// scenarios from the function. 483enum GetAppOutputInternalResult { 484 EXECUTE_FAILURE, 485 EXECUTE_SUCCESS, 486 GOT_MAX_OUTPUT, 487}; 488 489// Executes the application specified by |argv| and wait for it to exit. Stores 490// the output (stdout) in |output|. If |do_search_path| is set, it searches the 491// path for the application; in that case, |envp| must be null, and it will use 492// the current environment. If |do_search_path| is false, |argv[0]| should fully 493// specify the path of the application, and |envp| will be used as the 494// environment. Redirects stderr to /dev/null. 495// If we successfully start the application and get all requested output, we 496// return GOT_MAX_OUTPUT, or if there is a problem starting or exiting 497// the application we return RUN_FAILURE. Otherwise we return EXECUTE_SUCCESS. 498// The GOT_MAX_OUTPUT return value exists so a caller that asks for limited 499// output can treat this as a success, despite having an exit code of SIG_PIPE 500// due to us closing the output pipe. 501// In the case of EXECUTE_SUCCESS, the application exit code will be returned 502// in |*exit_code|, which should be checked to determine if the application 503// ran successfully. 504static GetAppOutputInternalResult GetAppOutputInternal( 505 const std::vector<std::string>& argv, 506 char* const envp[], 507 std::string* output, 508 size_t max_output, 509 bool do_search_path, 510 int* exit_code) { 511 // Doing a blocking wait for another command to finish counts as IO. 512 base::ThreadRestrictions::AssertIOAllowed(); 513 // exit_code must be supplied so calling function can determine success. 514 DCHECK(exit_code); 515 *exit_code = EXIT_FAILURE; 516 517 int pipe_fd[2]; 518 pid_t pid; 519 InjectiveMultimap fd_shuffle1, fd_shuffle2; 520 scoped_ptr<char*[]> argv_cstr(new char*[argv.size() + 1]); 521 522 fd_shuffle1.reserve(3); 523 fd_shuffle2.reserve(3); 524 525 // Either |do_search_path| should be false or |envp| should be null, but not 526 // both. 527 DCHECK(!do_search_path ^ !envp); 528 529 if (pipe(pipe_fd) < 0) 530 return EXECUTE_FAILURE; 531 532 switch (pid = fork()) { 533 case -1: // error 534 close(pipe_fd[0]); 535 close(pipe_fd[1]); 536 return EXECUTE_FAILURE; 537 case 0: // child 538 { 539 // DANGER: no calls to malloc or locks are allowed from now on: 540 // http://crbug.com/36678 541 542#if defined(OS_MACOSX) 543 RestoreDefaultExceptionHandler(); 544#endif 545 546 // Obscure fork() rule: in the child, if you don't end up doing exec*(), 547 // you call _exit() instead of exit(). This is because _exit() does not 548 // call any previously-registered (in the parent) exit handlers, which 549 // might do things like block waiting for threads that don't even exist 550 // in the child. 551 int dev_null = open("/dev/null", O_WRONLY); 552 if (dev_null < 0) 553 _exit(127); 554 555 // Stop type-profiler. 556 // The profiler should be stopped between fork and exec since it inserts 557 // locks at new/delete expressions. See http://crbug.com/36678. 558 base::type_profiler::Controller::Stop(); 559 560 fd_shuffle1.push_back(InjectionArc(pipe_fd[1], STDOUT_FILENO, true)); 561 fd_shuffle1.push_back(InjectionArc(dev_null, STDERR_FILENO, true)); 562 fd_shuffle1.push_back(InjectionArc(dev_null, STDIN_FILENO, true)); 563 // Adding another element here? Remeber to increase the argument to 564 // reserve(), above. 565 566 for (size_t i = 0; i < fd_shuffle1.size(); ++i) 567 fd_shuffle2.push_back(fd_shuffle1[i]); 568 569 if (!ShuffleFileDescriptors(&fd_shuffle1)) 570 _exit(127); 571 572 CloseSuperfluousFds(fd_shuffle2); 573 574 for (size_t i = 0; i < argv.size(); i++) 575 argv_cstr[i] = const_cast<char*>(argv[i].c_str()); 576 argv_cstr[argv.size()] = NULL; 577 if (do_search_path) 578 execvp(argv_cstr[0], argv_cstr.get()); 579 else 580 execve(argv_cstr[0], argv_cstr.get(), envp); 581 _exit(127); 582 } 583 default: // parent 584 { 585 // Close our writing end of pipe now. Otherwise later read would not 586 // be able to detect end of child's output (in theory we could still 587 // write to the pipe). 588 close(pipe_fd[1]); 589 590 output->clear(); 591 char buffer[256]; 592 size_t output_buf_left = max_output; 593 ssize_t bytes_read = 1; // A lie to properly handle |max_output == 0| 594 // case in the logic below. 595 596 while (output_buf_left > 0) { 597 bytes_read = HANDLE_EINTR(read(pipe_fd[0], buffer, 598 std::min(output_buf_left, sizeof(buffer)))); 599 if (bytes_read <= 0) 600 break; 601 output->append(buffer, bytes_read); 602 output_buf_left -= static_cast<size_t>(bytes_read); 603 } 604 close(pipe_fd[0]); 605 606 // Always wait for exit code (even if we know we'll declare 607 // GOT_MAX_OUTPUT). 608 bool success = WaitForExitCode(pid, exit_code); 609 610 // If we stopped because we read as much as we wanted, we return 611 // GOT_MAX_OUTPUT (because the child may exit due to |SIGPIPE|). 612 if (!output_buf_left && bytes_read > 0) 613 return GOT_MAX_OUTPUT; 614 else if (success) 615 return EXECUTE_SUCCESS; 616 return EXECUTE_FAILURE; 617 } 618 } 619} 620 621bool GetAppOutput(const CommandLine& cl, std::string* output) { 622 return GetAppOutput(cl.argv(), output); 623} 624 625bool GetAppOutput(const std::vector<std::string>& argv, std::string* output) { 626 // Run |execve()| with the current environment and store "unlimited" data. 627 int exit_code; 628 GetAppOutputInternalResult result = GetAppOutputInternal( 629 argv, NULL, output, std::numeric_limits<std::size_t>::max(), true, 630 &exit_code); 631 return result == EXECUTE_SUCCESS && exit_code == EXIT_SUCCESS; 632} 633 634// TODO(viettrungluu): Conceivably, we should have a timeout as well, so we 635// don't hang if what we're calling hangs. 636bool GetAppOutputRestricted(const CommandLine& cl, 637 std::string* output, size_t max_output) { 638 // Run |execve()| with the empty environment. 639 char* const empty_environ = NULL; 640 int exit_code; 641 GetAppOutputInternalResult result = GetAppOutputInternal( 642 cl.argv(), &empty_environ, output, max_output, false, &exit_code); 643 return result == GOT_MAX_OUTPUT || (result == EXECUTE_SUCCESS && 644 exit_code == EXIT_SUCCESS); 645} 646 647bool GetAppOutputWithExitCode(const CommandLine& cl, 648 std::string* output, 649 int* exit_code) { 650 // Run |execve()| with the current environment and store "unlimited" data. 651 GetAppOutputInternalResult result = GetAppOutputInternal( 652 cl.argv(), NULL, output, std::numeric_limits<std::size_t>::max(), true, 653 exit_code); 654 return result == EXECUTE_SUCCESS; 655} 656 657} // namespace base 658