Allow ASAN reports to be logged on Windows

Before this CL any ASAN reports on Windows with the sandbox
enabled would be swallowed as the standard handles are not
available in the child.

The sanitizer API provides a function to supply a handle
which is called when initializing sanitizers - this allows
santizier reports to be emitted to a log file:

.\out\asan\chrome.exe --enable-logging --log-file=c:\temp\asan.log
chrome://crash/use-after-free

Will now log the report into the log file, and the sandbox
will be running.

Bug: 1510695
Change-Id: Iddc9748a8d609c4992264c747532737e91998fda
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5112945
Reviewed-by: Sergei Glazunov <glazunov@google.com>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1236346}

base/debug/asan_service.cc

@@ -12,15 +12,25 @@
 #include "base/process/process.h"
 #include "base/process/process_handle.h"
 #include "base/strings/stringprintf.h"
+#include "build/build_config.h"
 
-#if defined(COMPONENT_BUILD) && defined(_WIN32)
+#if BUILDFLAG(IS_WIN)
+#include "base/files/file.h"
+#include "base/files/file_path.h"
+#include "base/logging.h"
+#endif  // BUILDFLAG(IS_WIN)
+
+#if defined(COMPONENT_BUILD) && BUILDFLAG(IS_WIN)
 // In component builds on Windows, weak function exported by ASan have the
 // `__dll` suffix. ASan itself uses the `alternatename` directive to account for
 // that.
 #pragma comment(linker,                                                \
                     "/alternatename:__sanitizer_report_error_summary=" \
                     "__sanitizer_report_error_summary__dll")
-#endif  // defined(COMPONENT_BUILD) && defined(_WIN32)
+#pragma comment(linker,                                     \
+                "/alternatename:__sanitizer_set_report_fd=" \
+                "__sanitizer_set_report_fd__dll")
+#endif  // defined(COMPONENT_BUILD) && BUILDFLAG(IS_WIN)
 
 namespace base {
 namespace debug {
@@ -60,6 +70,20 @@ AsanService* AsanService::GetInstance() {
 void AsanService::Initialize() {
   AutoLock lock(lock_);
   if (!is_initialized_) {
+#if BUILDFLAG(IS_WIN)
+    if (logging::IsLoggingToFileEnabled()) {
+      // This path is allowed by the sandbox when `--enable-logging
+      //  --log-file={path}` are both specified when launching Chromium.
+      auto log_file = base::File(
+          base::FilePath(logging::GetLogFileFullPath()),
+          base::File::Flags::FLAG_OPEN_ALWAYS | base::File::Flags::FLAG_APPEND);
+      if (log_file.IsValid()) {
+        // Sanitizer APIs need a HANDLE cast to void*.
+        __sanitizer_set_report_fd(
+            reinterpret_cast<void*>(log_file.TakePlatformFile()));
+      }
+    }
+#endif  // BUILDFLAG(IS_WIN)
     __asan_set_error_report_callback(ErrorReportCallback);
     error_callbacks_.push_back(TaskTraceErrorCallback);
     is_initialized_ = true;

docs/asan.md

@@ -131,8 +131,9 @@ although it shouldn't be necessary on Linux and Windows, where Chrome uses the
 llvm-symbolizer in its source tree by default.
 
 ASan should perfectly work with Chrome's sandbox. You should only need to run
-with `--no-sandbox` on Linux if you're debugging ASan.
-Note: you have to disable the sandbox on Windows until it is supported.
+with `--no-sandbox` on Linux if you're debugging ASan. To get reports on Windows
+from sandboxed processes you will have to run with both `--enable-logging` and
+`--log-file=d:\valid\path.log` then inspect the logfile.
 
 You may need to run with `--disable-gpu` on Linux with NVIDIA driver older than
 295.20.