From 9f90ceb904b776d194863af218e8bce26d95ce8f Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Fri, 26 Apr 2019 12:28:57 -0400 Subject: Linux MinidumpWriter: fix stack-use-after-scope violation One form of google_breakpad::WriteMinidump() passed MappingList and AppMemoryList objects by reference to a MinidumpWriter object, instantiating them directly as constructor parameters. The MinidumpWriter stored these objects internally as references, and the underlying objects went out of scope after MinidumpWriter construction. The MinidumpWriter outlived them, causing a violation on any attempt to access them following construction. This bug was detected by AddressSanitizer at https://logs.chromium.org/logs/chromium/buildbucket/cr-buildbucket.appspot.com/8915150848087289472/+/steps/breakpad_unittests__with_patch_/0/stdout Bug: chromium:949098 Change-Id: I072ea9f1b64e1eae3e89d4a2b158764ff7970db5 Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/1585946 Reviewed-by: Robert Sesek --- src/client/linux/minidump_writer/minidump_writer.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/client/linux') diff --git a/src/client/linux/minidump_writer/minidump_writer.cc b/src/client/linux/minidump_writer/minidump_writer.cc index e436bf07..f8cdf2a1 100644 --- a/src/client/linux/minidump_writer/minidump_writer.cc +++ b/src/client/linux/minidump_writer/minidump_writer.cc @@ -1424,8 +1424,10 @@ bool WriteMinidump(const char* minidump_path, pid_t process, // MinidumpWriter will set crash address dumper.set_crash_signal(MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED); dumper.set_crash_thread(process_blamed_thread); - MinidumpWriter writer(minidump_path, -1, NULL, MappingList(), - AppMemoryList(), false, 0, false, &dumper); + MappingList mapping_list; + AppMemoryList app_memory_list; + MinidumpWriter writer(minidump_path, -1, NULL, mapping_list, + app_memory_list, false, 0, false, &dumper); if (!writer.Init()) return false; return writer.Dump(); -- cgit v1.2.1