Issue 119249: Linux: Dumping a renderer can traverse an invalid pointer.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 119249: Linux: Dumping a renderer can traverse an invalid pointer. (Closed)

Created:
11 years, 6 months ago by agl

Modified:
9 years, 7 months ago

Reviewers:
Lei Zhang

CC:
chromium-reviews_googlegroups.com

Visibility:
Public.

Description

Linux: Dumping a renderer can traverse an invalid pointer. A ucontext isn't a POD datatype, so we can end up sending it to the browser and then walking an embedded pointer which is only valid in the renderer context. This fix sends the floating point registers (which were at the other end of said pointer) in the context and stops using the pointer in the ucontext. BUG=13465

Patch Set 1 #

Created: 11 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+10 lines, -5 lines)			Patch
M	breakpad/linux/exception_handler.h	View	1 chunk	+1 line, -0 lines	0 comments	Download
M	breakpad/linux/exception_handler.cc	View	1 chunk	+2 lines, -0 lines	0 comments	Download
M	breakpad/linux/minidump_writer.cc	View	5 chunks	+7 lines, -5 lines	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

LGTM

Expand Messages | Collapse Messages