aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoshua Peraza <jperaza@chromium.org>2017-03-22 16:12:05 -0700
committerJoshua Peraza <jperaza@chromium.org>2017-03-22 23:23:25 +0000
commit6cfdde4b91447633275f6c7a169de1bbac0ba1a0 (patch)
tree12831c15775cae6c140fe96f32d91e061538e397
parentUse string instead of std::string (diff)
downloadbreakpad-6cfdde4b91447633275f6c7a169de1bbac0ba1a0.tar.xz
Sanity check frame pointer while stackwalking
BUG= Change-Id: Ib9b0fd5ba7f829f8be8cf856ab371c6540279ee5 Reviewed-on: https://chromium-review.googlesource.com/458526 Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
-rw-r--r--src/processor/stackwalker_amd64.cc6
-rw-r--r--src/processor/stackwalker_amd64_unittest.cc3
2 files changed, 8 insertions, 1 deletions
diff --git a/src/processor/stackwalker_amd64.cc b/src/processor/stackwalker_amd64.cc
index 440724a1..d1333248 100644
--- a/src/processor/stackwalker_amd64.cc
+++ b/src/processor/stackwalker_amd64.cc
@@ -215,6 +215,12 @@ StackFrameAMD64* StackwalkerAMD64::GetCallerByFramePointerRecovery(
return NULL;
}
+ // Sanity check that resulting rbp is still inside stack memory.
+ uint64_t unused;
+ if (!memory_->GetMemoryAtAddress(caller_rbp, &unused)) {
+ return NULL;
+ }
+
StackFrameAMD64* frame = new StackFrameAMD64();
frame->trust = StackFrame::FRAME_TRUST_FP;
frame->context = last_frame->context;
diff --git a/src/processor/stackwalker_amd64_unittest.cc b/src/processor/stackwalker_amd64_unittest.cc
index 935bef86..70fba11b 100644
--- a/src/processor/stackwalker_amd64_unittest.cc
+++ b/src/processor/stackwalker_amd64_unittest.cc
@@ -690,7 +690,8 @@ TEST_F(GetCallerFrame, CallerPushedRBP) {
// frame 1
.Mark(&frame1_sp)
.Append(32, 0) // body of frame1
- .Mark(&frame1_rbp); // end of stack
+ .Mark(&frame1_rbp) // end of stack
+ .D64(0);
RegionFromSection();
raw_context.rip = 0x00007400c0000200ULL;