diff options
| author | Liu.andrew.x@gmail.com <Liu.andrew.x@gmail.com> | 2015-08-21 16:22:19 +0000 |
|---|---|---|
| committer | Liu.andrew.x@gmail.com <Liu.andrew.x@gmail.com> | 2015-08-21 16:22:19 +0000 |
| commit | f073540795b917be5068e119a0888814a767b019 (patch) | |
| tree | 70e983f55556919d989d75a929954e7737e4faf0 /src/google_breakpad/processor | |
| parent | Don't use strtok_s for mingw builds (diff) | |
| download | breakpad-f073540795b917be5068e119a0888814a767b019.tar.xz | |
Add check for Linux minidump ending on bad write for exploitability rating.
If a crash occurred as a result to a write to unwritable memory, it is reason
to suggest exploitability. The processor checks for a bad write by
disassembling the command that caused the crash by piping the raw bytes near
the instruction pointer through objdump. This allows the processor to see if
the instruction that caused the crash is a write to memory and where the
target of the address is located.
R=ivanpe@chromium.org
Review URL: https://codereview.chromium.org/1273823004
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1497 4c0a9323-5329-0410-9bdc-e9ce6186880e
Diffstat (limited to 'src/google_breakpad/processor')
| -rw-r--r-- | src/google_breakpad/processor/exploitability.h | 9 | ||||
| -rw-r--r-- | src/google_breakpad/processor/minidump_processor.h | 6 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/google_breakpad/processor/exploitability.h b/src/google_breakpad/processor/exploitability.h index 67255a3a..014413c9 100644 --- a/src/google_breakpad/processor/exploitability.h +++ b/src/google_breakpad/processor/exploitability.h @@ -53,6 +53,15 @@ class Exploitability { static Exploitability *ExploitabilityForPlatform(Minidump *dump, ProcessState *process_state); + // The boolean parameter signals whether the exploitability engine is + // enabled to call out to objdump for disassembly. This is disabled by + // default. It is used to check the identity of the instruction that + // caused the program to crash. This should not be enabled if there are + // portability concerns. + static Exploitability *ExploitabilityForPlatform(Minidump *dump, + ProcessState *process_state, + bool enable_objdump); + ExploitabilityRating CheckExploitability(); bool AddressIsAscii(uint64_t); diff --git a/src/google_breakpad/processor/minidump_processor.h b/src/google_breakpad/processor/minidump_processor.h index d2c94e2b..387115ef 100644 --- a/src/google_breakpad/processor/minidump_processor.h +++ b/src/google_breakpad/processor/minidump_processor.h @@ -125,6 +125,8 @@ class MinidumpProcessor { // does not exist or cannot be determined. static string GetAssertion(Minidump* dump); + void set_enable_objdump(bool enabled) { enable_objdump_ = enabled; } + private: StackFrameSymbolizer* frame_symbolizer_; // Indicate whether resolver_helper_ is owned by this instance. @@ -134,6 +136,10 @@ class MinidumpProcessor { // guess how likely it is that the crash represents an exploitable // memory corruption issue. bool enable_exploitability_; + + // This flag permits the exploitability scanner to shell out to objdump + // for purposes of disassembly. + bool enable_objdump_; }; } // namespace google_breakpad |