aboutsummaryrefslogtreecommitdiff
path: root/src/processor
Commit message (Collapse)AuthorAgeFilesLines
* Make EXC_BAD_ACCESS / EXC_I386_GPFLT print nicely in the processorTed Mielczarek2016-03-291-5/+21
| | | | | | | | | | | | | | | | | | | | | Currently EXC_BAD_ACCESS doesn't support EXC_I386_GPFLT as exception_flags for pretty-printing in the processor, but this happens for a lot of things: http://opensource.apple.com/source/xnu/xnu-2050.24.15/osfmk/i386/trap.c (search for EXC_I386_GPFLT). And we get a lot of these in the wild: https://crash-stats.mozilla.com/search/?reason=%3DEXC_BAD_ACCESS+%2F+0x0000000d&cpu_name=amd64&_facets=signature&_facets=address&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=address#crash-reports This patch makes them show up with a nice name instead of the current "EXC_BAD_ACCESS / 0x0000000d". Additionally, this patch fixes some other cases where x86-64 wasn't being handled in the same way as x86, and fixes some x86-specific exception flags to be stringified with I386 in the output. R=mark@chromium.org BUG= Review URL: https://codereview.chromium.org/1833123002 .
* Explicitly call non-sized delete on dynamically sized memory for correct ↵Ivan Penkov2016-03-111-1/+1
| | | | | | | | | | | | | | | | behavior under sized-delete. The code as it stands allocates a chunk of memory of arbitrary size and places an object into it. It stores a pointer to that object and memory into a list telling the compiler that it is a pointer to a char. When the compiler deletes the objects in the list it thinks that the list contains pointers to chars - not pointers to arbitrarily sized regions of memory. This is fixing an issue that will reproduces when the following optimization (C++ sized dealocation) is enabled: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3536.html The fix is to explicitly call the non-sized delete operator, and the library code that supports malloc/free/new/delete will figure out the size of the block of memory from the pointer being passed in. Patch provided by Darryl Gove. R=mark@chromium.org Review URL: https://codereview.chromium.org/1788473002 .
* Handle multiple microdumps in system log.Maria Mandlis2016-02-263-4/+211
| | | | | | | | Properly handle microdump processing, when the system_log file contains an incomplete microdump section at the top. The processor will process the first complete microdump section. R=primiano@chromium.org Review URL: https://codereview.chromium.org/1742843002 .
* Support processing microdumps for x86 architecture.Maria Mandlis2016-02-183-6/+215
| | | | | | | BUG=587536 R=primiano@chromium.org Review URL: https://codereview.chromium.org/1704243002 .
* Fix buffer overrun in MinidumpModule::debug_identifier with MDCVInfoELFTed Mielczarek2016-02-171-1/+3
|
* Fixing a flaky Linux exploitability unittest.Ivan Penkov2016-02-163-15/+81
| | | | | | | BUG=https://code.google.com/p/chromium/issues/detail?id=584174 R=mmandlis@chromium.org Review URL: https://codereview.chromium.org/1697963002 .
* Parse additional line introduced in the microdump format and containing the ↵Maria Mandlis2016-02-1110-0/+47
| | | | | | | | | | | | | | | GPU infromation in the following format: G GL_VERSION|GL_VENDOR|GL_RENDERER. The GPU version, vendor and renderer are extracted during microdump parsing and populated in the appropriate fields in the SystemInfo struct. This is to match the changes introduced in crrev.com/1343713002 and crrev.com/1334473003 BUG=chromium:536769 R=primiano@chromium.org Review URL: https://codereview.chromium.org/1678463002 .
* Revert "Added a switch to dump minidump modules in minidump_stackwalk."Lei Zhang2016-02-103-30/+5
| | | | | | | | | | | This reverts commit cb936a0243c97ae9cd2d4bb19d95dde0421fed6d. A=dyen@chromium.org Original Review: https://codereview.chromium.org/1672773002/ R=dyen@chromium.org Review URL: https://codereview.chromium.org/1688493003 .
* Change MDCVInfoELF into something usable.Ted Mielczarek2016-02-102-39/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch changes MDCVInfoELF (which is currently unused, apparently a vestigal bit of code landed as part of Solaris support) into a supported CodeView format that simply contains a build id as raw bytes. Modern ELF toolchains support build ids nicely: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Developer_Guide/compiling-build-id.html It would be useful to have the original build ids of loaded modules in Linux minidumps, since tools like Fedora's darkserver allow querying by build id and the current Breakpad code truncates the build id to the size of a GUID, which loses information: https://darkserver.fedoraproject.org/ A follow-up patch will change the Linux minidump generation code to produce MDCVInfoELF in minidumps instead of MDCVInfoPDB70. This patch should be landed first to ensure that crash processors are able to handle this format before dumps are generated containing it. The full build id is exposed as the return value of Minidump::code_identifier(), which currently just returns "id" for modules in Linux dumps. For backwards-compatibility, Minidump::debug_identifier() continues to treat the build id as a GUID, so debug identifiers for existing modules will not change. BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1675413002 .
* [mips64] Support for mips n64Mike Frysinger2016-02-069-130/+1027
| | | | | | | | | | Adding remaining mips n64 support including stackwalker. BUG=None TEST=manually tested on Linux/Android R=vapier@chromium.org Review URL: https://codereview.chromium.org/1418453011 .
* Added a switch to dump minidump modules in minidump_stackwalk.Lei Zhang2016-01-293-5/+30
| | | | | | | | | | | | In order to figure out what symbols we need associated to a minidump, it is useful to be able to dump all the modules the minidump contains. A=dyen@chromium.org Original Review: https://codereview.chromium.org/1651593002/ BUG=563716 R=dyen@chromium.org Review URL: https://codereview.chromium.org/1650713002 .
* Improvements to GYP buildPavel Labath2016-01-291-3/+2
| | | | | | | | | | | | | | | | | | | | | | This updates the GYP build for the processor component (on windows). - adds/removes references to files which were added or removed from the repository - includes build/common.gypi in the gyp files: needed to correctly detect the OS (I think, the generated MSVC solutions were broken without it) - conditionally compiles code platform-specific code for the given platform After this minidump processor nearly compiles with VS2013: the generated project is correct, but some files still have compilation errors. Disclaimer: I have not tested the GYP changes on non-windows platform, as there does not seem to be anyone using it there. BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1643633004 .
* exploitability_unittest: fix warningsMike Frysinger2016-01-211-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The std::getline function always returns its first arg (which is an iostream object) and cannot return anything else. Thus, testing its value is pointless, and even leads to build errors w/at least gcc-5 due to gtest ASSERT_TRUE funcs only taking bool types: .../exploitability_unittest.cc: In member function 'virtual void {anonymous}::ExploitabilityLinuxUtilsTest_DisassembleBytesTest_Test::TestBody()': .../exploitability_unittest.cc:200:136: error: no matching function for call to 'testing::AssertionResult::AssertionResult(std::basic_istream<char>&)' In file included from .../breakpad_googletest_includes.h:33:0, from .../exploitability_unittest.cc:35: .../gtest.h:262:12: note: candidate: testing::AssertionResult::AssertionResult(bool) Since we know this never fails, simply drop the ASSERT_TRUE usage. The next line already checks the content of the buffer we read. Further on in the file, we hit some signed warnings: In file included from .../breakpad_googletest_includes.h:33:0, from .../exploitability_unittest.cc:35: .../gtest.h: In instantiation of 'testing::AssertionResult testing::internal::CmpHelperEQ(const char*, const char*, const T1&, const T2&) [with T1 = long unsigned int; T2 = int]': .../gtest.h:1484:23: required from 'static testing::AssertionResult testing::internal::EqHelper<lhs_is_null_literal>::Compare(const char*, const char*, const T1&, const T2&) [with T1 = long unsigned int; T2 = int; bool lhs_is_null_literal = false]' .../exploitability_unittest.cc:241:289: required from here .../gtest.h:1448:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] if (expected == actual) { This is because we compare the register value (a uint64_t) directly to an integer constant, and those are signed by default. Stick a U suffix on them to fix things up. BUG=chromium:579384 TEST=`make check` passes R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1611763002 .
* Fix usage of snprintf for MSVCPavel Labath2016-01-196-17/+7
| | | | | | | | | | | | | | Older versions of MSVC don't have a snprintf functions. Some files were already working around that, but not all of them. Instead of copying the logic into every file, I centralize it into a new stdio.h wrapper file and make other files include that. BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1602563003 . Patch from Pavel Labath <labath@google.com>.
* breakpad: fix unittest failure when building with clang.Mike Frysinger2016-01-151-1/+1
| | | | | | | | | | | | | | | In C/C++, the result of signed integer overflow is undefined. The expression "base + size - 1" is parsed as "(base + size) - 1", and "base + size" can overflow even if "base + (size - 1)" <= INT_MAX. See http://g/c-compiler-chrome/461JohPKakE/JI3rEBg6FwAJ for more. BUG=None TEST='CC=clang CXX=clang++ ./configure && make check' R=vapier@chromium.org Review URL: https://codereview.chromium.org/1591793002 .
* disassembler_x86: Remove unused includePavel Labath2016-01-081-1/+0
| | | | | | | | | | | | | This file is not present on windows, and it's causing build errors there. As far as I can tell, nothing in this file actually uses that include, so I just remove it. BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1475353002 . Patch from Pavel Labath <labath@google.com>.
* Let breakpad build with -Wall on OS X and Linux.Lei Zhang2015-12-291-9/+0
| | | | | | | | | A=thakis@chromium.org Original Review: https://codereview.chromium.org/1550933002/ R=thakis@chromium.org Review URL: https://codereview.chromium.org/1554613002 .
* Fix ExploitabilityLinuxUtilsTest::DisassembleBytesTest to not fail when temp ↵Ted Mielczarek2015-11-301-1/+3
| | | | | | | | | file ends with 0 R=ivanpe@chromium.org BUG=https://bugs.chromium.org/p/google-breakpad/issues/detail?id=668 Review URL: https://codereview.chromium.org/1482363003 .
* Issue in StackwalkerAMD64::GetCallerByFramePointerRecovery.Ivan Penkov2015-10-153-9/+165
| | | | | | | | | | | | | | There is an issue in StackwalkerAMD64::GetCallerByFramePointerRecovery. Occasionally it produces invalid frames (instruction pointer == 0) which prevents the AMD64 stack walker from proceeding to do stack scanning and instead leads to premature termination of the stack walking process. For more details: http://crbug/537444 BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1408973002 .
* Fix MSVC build (including on 2015), drop some workarounds for MSVC older ↵Ted Mielczarek2015-10-063-10/+10
| | | | | | | | | | | | | | | | | | | than 2013. The Windows client gyp files were missing proc_maps_linux.cc for the unittest build. Adding that revealed some build errors due to it unconditionally including <inttypes.h>. Removing the workarounds in breakpad_types.h (and a few other places) made that build, which means that Visual C++ 2013 is now our minimum supported version of MSVC. Additionally I tried building with VC++ 2015 and fixed a few warnings (which were failing the build because we have /WX enabled) to ensure that that builds as well. BUG=https://code.google.com/p/google-breakpad/issues/detail?id=669 R=mark@chromium.org Review URL: https://codereview.chromium.org/1353893002 .
* Increasing the Breakpad stack walker max scan limit from 30 to 40.Ivan Penkov2015-10-054-6/+6
| | | | | | | | | | | | | | | | | | | | | Chrome started hitting some crashes in v8 jitted code which happens to be non ABI compliant and debuggers (including WinDBG) are unable to produce meaningful stack traces. The Breakpad stack walker has some builtin heuristics to deal with such cases. More specifically, when unable to find a good parent frame, it scans the raw stack to find a suitable parent frame. The max scan size was set at 30 pointers which was (apparently) not enough to recover in this case. I'm increasing it to 40 pointers. I confirmed that at 34 pointers it was able to recover however I'm setting it to 40 in order to it some slack. I needed to update two unittests which were expecting the previous scan limit. BUG= R=mark@chromium.org Review URL: https://codereview.chromium.org/1379433005 .
* The "CPU architecture" field is being filled from the wrong part ofmmandlis@chromium.org2015-08-266-25/+106
| | | | | | | | | | | | | | | | | | | the microdump. The microdump OS/arch line looks like: O A arm 04 armv7l 3.4.0-perf-g4d6e88e #1 SMP PREEMPT Mon Mar 30 19:09:30 2015 and currently the field that says "armv7l" or "aarch64" is being used to fill in the CPU arch field in crash. The problem is that on a 64-bit device this field *always* says "aarch64" even when running in a 32-bit process, and so currently the crash reports for aarch64 are a mix of 32-bit and 64-bit crashes. We should be using the first field instead, which just says "arm" or "arm64" and reflects the actual version of webview (32-bit or 64-bit) which is running. BUG= R=primiano@chromium.org Review URL: https://codereview.chromium.org/1306983003 . git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1498 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add check for Linux minidump ending on bad write for exploitability rating.Liu.andrew.x@gmail.com2015-08-2111-8/+569
| | | | | | | | | | | | | | | If a crash occurred as a result to a write to unwritable memory, it is reason to suggest exploitability. The processor checks for a bad write by disassembling the command that caused the crash by piping the raw bytes near the instruction pointer through objdump. This allows the processor to see if the instruction that caused the crash is a write to memory and where the target of the address is located. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1273823004 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1497 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Don't use strtok_s for mingw buildsted.mielczarek@gmail.com2015-08-203-2/+4
| | | | | | | R=ivanpe at https://codereview.chromium.org/1292503005/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1496 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix inttypes format macros in src/processor/proc_maps_linux.ccprimiano@chromium.org2015-08-191-1/+4
| | | | | | | | | | | | crrev.com/1298443002 has introduced a build failure by re-defining __STDC_FORMAT_MACROS. Fixing it. BUG= R=mark@chromium.org, ted.mielczarek@gmail.com Review URL: https://codereview.chromium.org/1303493003 . git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1493 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix proc_maps_linux compile for non-Linuxted.mielczarek@gmail.com2015-08-171-4/+2
| | | | | | | R=ivanpe at https://codereview.chromium.org/1298443002/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1491 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add check for executable stack/heap when rating Linux exploitability.Liu.andrew.x@gmail.com2015-08-155-3/+30
| | | | | | | | | | | This CL also consequentially adds a public method to get the number of mappings in a Linux minidump. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1291603002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1488 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add check to see if stack pointer is off the stack according to the memoryLiu.andrew.x@gmail.com2015-08-155-1/+33
| | | | | | | | | | mappings when rating Linux exploitability. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1286033002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1487 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix format specifier in proc maps to support 32-bit architectures.Liu.andrew.x@gmail.com2015-08-131-4/+4
| | | | | | | | R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1288323003 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1486 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Actually remove removed filested.mielczarek@gmail.com2015-08-133-0/+0
| | | | git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1485 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Remove some old unused code, add a missing includeted.mielczarek@gmail.com2015-08-133-648/+0
| | | | | | | | R=lei at https://codereview.chromium.org/1211963002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1484 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix format specifier in proc maps to support 32-bit architectures.Liu.andrew.x@gmail.com2015-08-121-1/+1
| | | | | | | | R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1280853003 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1483 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Allow Print() to be called by const instances of MinidumpLinuxMaps andLiu.andrew.x@gmail.com2015-08-121-2/+2
| | | | | | | | | | MinidumpLinuxMapsList. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1287803002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1482 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Change Print method of MinidumpLinuxMaps and MinidumpLinuxMapsList to printLiu.andrew.x@gmail.com2015-08-112-1/+2
| | | | | | | | contents of /proc/<pid>/maps instead of just the files mapped to memory. Review URL: https://codereview.chromium.org/1273123002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1481 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Workaround for range map overlaps caused by Android package relocation.ivanpe@chromium.org2015-08-101-6/+25
| | | | | | | | | | | | | | If there is a range overlap, the cause may be the client correction applied for Android packed relocations. If this is the case, back out the client correction and retry. Patch from Simon Baldwin <simonb@chromium.org>. https://code.google.com/p/chromium/issues/detail?id=509110 R=simonb@chromium.org Review URL: https://codereview.chromium.org/1275173005 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1480 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix potential null pointer dereference.Liu.andrew.x@gmail.com2015-07-311-8/+15
| | | | | | | | | | | | If a MinidumpLinuxMapsList was created and destroyed without its Read method, the program would have a segmentation fault because the destructor did not check for a null maps_ field. Additional changes include additional supplementary null checks, a potential memory leak fix, and some comment removal. Review URL: https://codereview.chromium.org/1271543002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1478 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Remove unnecessary dependencies.Liu.andrew.x@gmail.com2015-07-291-2/+0
| | | | | | Review URL: https://codereview.chromium.org/1266493002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1477 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add support for Linux memory mapping stream and remove ELF header usageLiu.andrew.x@gmail.com2015-07-288-205/+506
| | | | | | | | | | | | | | | | | | | | | | | | | | | when checking exploitability rating. Linux minidumps do not support MD_MEMORY_INFO_LIST_STREAM, meaning the processor cannot retrieve its memory mappings. However, it has its own stream, MD_LINUX_MAPS, which contains memory mappings specific to Linux (it contains the contents of /proc/self/maps). This CL allows the minidump to gather information from the memory mappings for Linux minidumps. In addition, exploitability rating for Linux dumps now use memory mappings instead of checking the ELF headers of binaries. The basis for the change is that checking the ELF headers requires the minidumps to store the memory from the ELF headers, while the memory mapping data is already present, meaning the size of a minidump will be unchanged. As a result, of removing ELF header analysis, two unit tests have been removed. Arguably, the cases that those unit tests check do not merit a high exploitability rating and do not warrant a solid conclusion that was given earlier. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1251593007 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1476 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add ELF header analysis when checking for instruction pointer in code.Liu.andrew.x@gmail.com2015-07-169-10/+207
| | | | | | | | | | | | | | If the minidump module containing the instruction pointer has memory containing the ELF header and program header table, when checking the exploitability rating, the processor will use the ELF header data to determine if the instruction pointer lies in an executable region of the module, rather than just checking if it lies in a module. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1233973002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1472 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Set exception whitelist check as earlier check instead of last check.Liu.andrew.x@gmail.com2015-07-071-15/+15
| | | | | | | | | | | | | | | When I first added the exception whitelist, I meant to put the check before checking the location of the instruction pointer. (I didn't notice that it was after the other check until now.) The whitelist check is to quickly rule out minidumps, and if checking the instruction pointer provided any useful information, it would be pretty indicative that the exception causing the dump is interesting. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1211253009 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1469 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Use general instruction/stack pointer convenience method instead of manuallyLiu.andrew.x@gmail.com2015-06-303-33/+55
| | | | | | | | | | | | | | finding the instruction/stack pointer for exploitability rating. There was already a method that found the instruction pointer, so the files for exploitability ratings had repeated code. Also a method for finding the stack pointer is implemented in this CL. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1210943005 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1468 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Checking for benign exceptions that trigger a minidump.Liu.andrew.x@gmail.com2015-06-303-3/+62
| | | | | | | | | | | | | If the exception reponsible for the crash is benign, such as a floating point exception, we can rule out the possibility that the code is exploitable. This CL checks for such exceptions and marks the dump as not exploitable if such an exception is found. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1212383004 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1467 4c0a9323-5329-0410-9bdc-e9ce6186880e
* This CL adds support for ARM and ARM64 architectures when calculatingLiu.andrew.x@gmail.com2015-06-301-1/+8
| | | | | | | | | | | | | | exploitability ratings. The stackwalker will now grab the instruction pointers for ARM and ARM64 architectures, so checking exploitability on ARM and ARM64 will no longer return EXPLOITABILITY_ERR_PROCESSING. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1216063004 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1466 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Checking location of the instruction pointer to see if it isLiu.andrew.x@gmail.com2015-06-256-0/+71
| | | | | | | | | | | | | | | | in valid code for Linux exploitability rating. This CL adds to the Linux exploitability checker by verifying that the instruction pointer is in valid code. Verification is done by obtaining a memory mapping of the crash and checking if the instruction pointer lies in an executable region. If there is no memory mapping, the instruction pointer is checked to determine if it lies within a known module. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1210493003 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1464 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Fix signal propagation logic for Linux/Android exception handler.primiano@chromium.org2015-06-221-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current code is relying on info->si_pid to figure out whether the exception handler was triggered by a signal coming from the kernel (that will re-trigger until the cause that triggered the signal has been cleared) or from user-space e.g., kill -SIGNAL pid, which will NOT automatically re-trigger in the next signal handler in the chain. While the intentions are good (manually re-triggering user-space signals), the current implementation mistakenly looks at the si_pid field in siginfo_t, assuming that it is coming from the kernel if si_pid == 0. This is wrong. siginfo_t, in fact, is a union and si_pid is meaningful only for userspace signals. For signals originated by the kernel, instead, si_pid overlaps with si_addr (the faulting address). As a matter of facts, the current implementation is mistakenly re-triggering the signal using tgkill for most of the kernel-space signals (unless the fault address is exactly 0x0). This is not completelly correct for the case of SIGSEGV/SIGBUS. The next handler in the chain will stil see the signal, but the |siginfo| and the |context| arguments of the handler will be meaningless (retriggering a signal with tgkill doesn't preserve them). Therefore, if the next handler in the chain expects those arguments to be set, it will fail. Concretelly, this is causing problems to WebView. In some rare circumstances, the next handler in the chain is a user-space runtime which does SIGSEGV handling to implement speculative null pointer managed exceptions (see as an example http://www.mono-project.com/docs/advanced/runtime/docs/exception-handling/) The fix herein proposed consists in using the si_code (see SI_FROMUSER macros) to determine whether a signal is coming form the kernel (and therefore just re-establish the next signal handler) or from userspace (and use the tgkill logic). Repro case: This issue is visible in Chrome for Android with this simple repro case: - Add a non-null pointer dereference in the codebase: *((volatile int*)0xbeef) = 42 Without this change: the next handler (the libc trap) prints: F/libc ( 595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x487 where 0x487 is actually the PID of the process (which is wrong). With this change: the next handler prints: F/libc ( 595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbeef which is the correct answer. BUG=chromium:481937 R=mark@chromium.org Review URL: https://breakpad.appspot.com/6844002. git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1461 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Microdump processor: be more tolerant for different logcat formatsprimiano@chromium.org2015-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | The current processor implementation is grepping for /google-breakpad( in the logcat lines, to filter out microdump lines, which by default look like this: W/google-breakpad( 3728): -----BEGIN BREAKPAD MICRODUMP----- Turns out that logcat format can vary, when passing optional arguments, and produce something like the following: 04-13 12:30:35.563 6531 6531 W google-breakpad: -----BEGIN ... In the latter case, the "/google-breakpad(" filter is too aggressive. This change is relaxing it, so it is compatible also with non-default logcat arguments. BUG=640 R=mmandlis@chromium.org Review URL: https://breakpad.appspot.com/2864002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1442 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add address and reason for IN_PAGE_ERROR.mark@chromium.org2015-04-104-3/+6516
| | | | | | | | | | | | | | ACCESS_VIOLATION and IN_PAGE_ERROR both specify read/write/dep flags and address. ACCESS_VIOLATION currently reports these, but IN_PAGE_ERROR does not. This change makes IN_PAGE_ERROR report this information as well, and also the additional NTSTATUS value for the underlying cause. Patch by bungeman@chromium.org Review URL: https://breakpad.appspot.com/1794002/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1441 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Formatting tweak for https://breakpad.appspot.com/9774002, add more newlinested.mielczarek@gmail.com2015-02-271-4/+5
| | | | git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1430 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Add stack contents output functionality to minidump_stackwalkhashimoto@chromium.org2015-02-274-14/+185
| | | | | | | | | | | | | | | | | This feature is enabled only when "-s" is provided as a commandline option. minidump_stackwalk.cc: - Add a new commandline option "-s" to output stack contents. - Instantiate Minidump object in PrintMinidumpProcess() to keep it alive longer so that accessing process_state.thread_memory_regions() in stackwalk_common.cc doesn't result in use-after-free. stackwalk_common.cc: - Add a new function PrintStackContents() to output stack contents. R=mark@chromium.org Review URL: https://breakpad.appspot.com/9774002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1429 4c0a9323-5329-0410-9bdc-e9ce6186880e
* Remove unneeded definitions of O_BINARYvapier@chromium.org2015-01-282-2/+0
| | | | | | | Review URL: https://breakpad.appspot.com/6684002/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1418 4c0a9323-5329-0410-9bdc-e9ce6186880e