diff options
author | Joshua Peraza <jperaza@chromium.org> | 2017-03-22 16:12:05 -0700 |
---|---|---|
committer | Joshua Peraza <jperaza@chromium.org> | 2017-03-22 23:23:25 +0000 |
commit | 6cfdde4b91447633275f6c7a169de1bbac0ba1a0 (patch) | |
tree | 12831c15775cae6c140fe96f32d91e061538e397 | |
parent | Use string instead of std::string (diff) | |
download | breakpad-6cfdde4b91447633275f6c7a169de1bbac0ba1a0.tar.xz |
Sanity check frame pointer while stackwalking
BUG=
Change-Id: Ib9b0fd5ba7f829f8be8cf856ab371c6540279ee5
Reviewed-on: https://chromium-review.googlesource.com/458526
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
-rw-r--r-- | src/processor/stackwalker_amd64.cc | 6 | ||||
-rw-r--r-- | src/processor/stackwalker_amd64_unittest.cc | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/processor/stackwalker_amd64.cc b/src/processor/stackwalker_amd64.cc index 440724a1..d1333248 100644 --- a/src/processor/stackwalker_amd64.cc +++ b/src/processor/stackwalker_amd64.cc @@ -215,6 +215,12 @@ StackFrameAMD64* StackwalkerAMD64::GetCallerByFramePointerRecovery( return NULL; } + // Sanity check that resulting rbp is still inside stack memory. + uint64_t unused; + if (!memory_->GetMemoryAtAddress(caller_rbp, &unused)) { + return NULL; + } + StackFrameAMD64* frame = new StackFrameAMD64(); frame->trust = StackFrame::FRAME_TRUST_FP; frame->context = last_frame->context; diff --git a/src/processor/stackwalker_amd64_unittest.cc b/src/processor/stackwalker_amd64_unittest.cc index 935bef86..70fba11b 100644 --- a/src/processor/stackwalker_amd64_unittest.cc +++ b/src/processor/stackwalker_amd64_unittest.cc @@ -690,7 +690,8 @@ TEST_F(GetCallerFrame, CallerPushedRBP) { // frame 1 .Mark(&frame1_sp) .Append(32, 0) // body of frame1 - .Mark(&frame1_rbp); // end of stack + .Mark(&frame1_rbp) // end of stack + .D64(0); RegionFromSection(); raw_context.rip = 0x00007400c0000200ULL; |