3 files changed, 62 insertions, 3 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc
index 4f98dfeb..875df165 100644
--- a/src/processor/exploitability_linux.cc
+++ b/src/processor/exploitability_linux.cc
@@ -36,6 +36,7 @@
 
 #include "processor/exploitability_linux.h"
 
+#include "google_breakpad/common/minidump_exception_linux.h"
 #include "google_breakpad/processor/process_state.h"
 #include "google_breakpad/processor/call_stack.h"
 #include "google_breakpad/processor/stack_frame.h"
@@ -119,11 +120,23 @@ ExploitabilityRating ExploitabilityLinux::CheckPlatformExploitability() {
       return EXPLOITABILITY_ERR_PROCESSING;
   }
 
+  // Checking for the instruction pointer in a valid instruction region.
   if (!this->InstructionPointerInCode(instruction_ptr)) {
     return EXPLOITABILITY_HIGH;
   }
 
-  return EXPLOITABILITY_NONE;
+  const MDRawExceptionStream *raw_exception_stream = exception->exception();
+  if (raw_exception_stream == NULL) {
+    BPLOG(INFO) << "No raw exception stream.";
+    return EXPLOITABILITY_ERR_PROCESSING;
+  }
+
+  // Checking for benign exceptions that caused the crash.
+  if (this->BenignCrashTrigger(raw_exception_stream)) {
+    return EXPLOITABILITY_NONE;
+  }
+
+  return EXPLOITABILITY_INTERESTING;
 }
 
 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
@@ -149,4 +162,46 @@ bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
           minidump_module_list->GetModuleForAddress(instruction_ptr);
 }
 
+bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream
+                                                  *raw_exception_stream) {
+  // Here we check the cause of crash.
+  // If the exception of the crash is a benign exception,
+  // it is probably not exploitable.
+  switch (raw_exception_stream->exception_record.exception_code) {
+    case MD_EXCEPTION_CODE_LIN_SIGHUP:
+    case MD_EXCEPTION_CODE_LIN_SIGINT:
+    case MD_EXCEPTION_CODE_LIN_SIGQUIT:
+    case MD_EXCEPTION_CODE_LIN_SIGTRAP:
+    case MD_EXCEPTION_CODE_LIN_SIGABRT:
+    case MD_EXCEPTION_CODE_LIN_SIGFPE:
+    case MD_EXCEPTION_CODE_LIN_SIGKILL:
+    case MD_EXCEPTION_CODE_LIN_SIGUSR1:
+    case MD_EXCEPTION_CODE_LIN_SIGUSR2:
+    case MD_EXCEPTION_CODE_LIN_SIGPIPE:
+    case MD_EXCEPTION_CODE_LIN_SIGALRM:
+    case MD_EXCEPTION_CODE_LIN_SIGTERM:
+    case MD_EXCEPTION_CODE_LIN_SIGCHLD:
+    case MD_EXCEPTION_CODE_LIN_SIGCONT:
+    case MD_EXCEPTION_CODE_LIN_SIGSTOP:
+    case MD_EXCEPTION_CODE_LIN_SIGTSTP:
+    case MD_EXCEPTION_CODE_LIN_SIGTTIN:
+    case MD_EXCEPTION_CODE_LIN_SIGTTOU:
+    case MD_EXCEPTION_CODE_LIN_SIGURG:
+    case MD_EXCEPTION_CODE_LIN_SIGXCPU:
+    case MD_EXCEPTION_CODE_LIN_SIGXFSZ:
+    case MD_EXCEPTION_CODE_LIN_SIGVTALRM:
+    case MD_EXCEPTION_CODE_LIN_SIGPROF:
+    case MD_EXCEPTION_CODE_LIN_SIGWINCH:
+    case MD_EXCEPTION_CODE_LIN_SIGIO:
+    case MD_EXCEPTION_CODE_LIN_SIGPWR:
+    case MD_EXCEPTION_CODE_LIN_SIGSYS:
+    case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
+      return true;
+      break;
+    default:
+      return false;
+      break;
+  }
+}
+
 }  // namespace google_breakpad
diff --git a/src/processor/exploitability_linux.h b/src/processor/exploitability_linux.h
index 95607602..42f9bc52 100644
--- a/src/processor/exploitability_linux.h
+++ b/src/processor/exploitability_linux.h
@@ -53,6 +53,10 @@ class ExploitabilityLinux : public Exploitability {
   // This method takes the address of the instruction pointer and returns
   // whether the instruction pointer lies in a valid instruction region.
   bool InstructionPointerInCode(uint64_t instruction_ptr);
+
+  // This method checks the exception that triggered the creation of the
+  // minidump and reports whether the exception suggests no exploitability.
+  bool BenignCrashTrigger(const MDRawExceptionStream *raw_exception_stream);
 };
 
 }  // namespace google_breakpad
diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc
index 509ae230..cc46f9ea 100644
--- a/src/processor/exploitability_unittest.cc
+++ b/src/processor/exploitability_unittest.cc
@@ -107,7 +107,7 @@ TEST(ExploitabilityTest, TestWindowsEngine) {
 }
 
 TEST(ExploitabilityTest, TestLinuxEngine) {
-  ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
+  ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
             ExploitabilityFor("linux_null_read_av.dmp"));
   ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
             ExploitabilityFor("linux_overflow.dmp"));
@@ -115,7 +115,7 @@ TEST(ExploitabilityTest, TestLinuxEngine) {
             ExploitabilityFor("linux_stacksmash.dmp"));
   ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
             ExploitabilityFor("linux_divide_by_zero.dmp"));
-  ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
+  ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
             ExploitabilityFor("linux_null_dereference.dmp"));
   ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
             ExploitabilityFor("linux_jmp_to_0.dmp"));