diff options
Diffstat (limited to 'src/processor')
| -rw-r--r-- | src/processor/exploitability_linux.cc | 21 | ||||
| -rw-r--r-- | src/processor/exploitability_unittest.cc | 2 | ||||
| -rw-r--r-- | src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp | bin | 0 -> 38761 bytes |
3 files changed, 15 insertions, 8 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc index c520059c..63056c43 100644 --- a/src/processor/exploitability_linux.cc +++ b/src/processor/exploitability_linux.cc @@ -54,14 +54,18 @@ namespace { +// Prefixes for memory mapping names. +constexpr char kHeapPrefix[] = "[heap"; +constexpr char kStackPrefix[] = "[stack"; + // This function in libc is called if the program was compiled with // -fstack-protector and a function's stack canary changes. -const char kStackCheckFailureFunction[] = "__stack_chk_fail"; +constexpr char kStackCheckFailureFunction[] = "__stack_chk_fail"; // This function in libc is called if the program was compiled with // -D_FORTIFY_SOURCE=2, a function like strcpy() is called, and the runtime // can determine that the call would overflow the target buffer. -const char kBoundsCheckFailureFunction[] = "__chk_fail"; +constexpr char kBoundsCheckFailureFunction[] = "__chk_fail"; #ifndef _WIN32 const unsigned int MAX_INSTRUCTION_LEN = 15; @@ -539,9 +543,9 @@ bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { // Checks if the stack pointer maps to a valid mapping and if the mapping // is not the stack. If the mapping has no name, it is inconclusive whether // it is off the stack. - return !linux_maps || - (linux_maps->GetPathname().compare("") && - linux_maps->GetPathname().compare("[stack]")); + return !linux_maps || (linux_maps->GetPathname().compare("") && + linux_maps->GetPathname().compare( + 0, strlen(kStackPrefix), kStackPrefix)); } bool ExploitabilityLinux::ExecutableStackOrHeap() { @@ -551,9 +555,10 @@ bool ExploitabilityLinux::ExecutableStackOrHeap() { const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex(i); // Check for executable stack or heap for each mapping. - if (linux_maps && - (!linux_maps->GetPathname().compare("[stack]") || - !linux_maps->GetPathname().compare("[heap]")) && + if (linux_maps && (!linux_maps->GetPathname().compare( + 0, strlen(kStackPrefix), kStackPrefix) || + !linux_maps->GetPathname().compare( + 0, strlen(kHeapPrefix), kHeapPrefix)) && linux_maps->IsExecutable()) { return true; } diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc index 502edcc7..528ee5f2 100644 --- a/src/processor/exploitability_unittest.cc +++ b/src/processor/exploitability_unittest.cc @@ -161,6 +161,8 @@ TEST(ExploitabilityTest, TestLinuxEngine) { ExploitabilityFor("linux_inside_module_exe_region2.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, ExploitabilityFor("linux_stack_pointer_in_stack.dmp")); + ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, + ExploitabilityFor("linux_stack_pointer_in_stack_alt_name.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, ExploitabilityFor("linux_stack_pointer_in_module.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, diff --git a/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp Binary files differnew file mode 100644 index 00000000..55b34e8a --- /dev/null +++ b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp |