Chromium Code Reviews Chromium Code Reviews
Issue 1210493003:
Checking location of the instruction pointer to see if it is (Closed)
Base URL: http://google-breakpad.googlecode.com/svn/trunk/| Index: src/processor/exploitability_linux.cc |
| =================================================================== |
| --- src/processor/exploitability_linux.cc (revision 1462) |
| +++ src/processor/exploitability_linux.cc (working copy) |
| @@ -39,6 +39,7 @@ |
| #include "google_breakpad/processor/process_state.h" |
| #include "google_breakpad/processor/call_stack.h" |
| #include "google_breakpad/processor/stack_frame.h" |
| +#include "processor/logging.h" |
| namespace { |
| @@ -80,7 +81,67 @@ |
| } |
| } |
| + // Check if the instruction pointer is in a valid instruction region |
| + // by finding if it maps to an executable part of memory |
| + uint64_t instruction_ptr = 0; |
| + |
| + // get exception data (should exist for all minidumps) |
| + MinidumpException *exception = dump_->GetException(); |
| + if (exception == NULL) { |
| + BPLOG(INFO) << "No exception record."; |
| + return EXPLOITABILITY_ERR_PROCESSING; |
| + } |
| + const MinidumpContext *context = exception->GetContext(); |
| + if (context == NULL) { |
| + BPLOG(INFO) << "No exception context."; |
| + return EXPLOITABILITY_ERR_PROCESSING; |
| + } |
| + |
| + // get instruction pointer based off architecture |
| + uint32_t architecture = context->GetContextCPU(); |
| + switch (architecture) { |
| + case MD_CONTEXT_X86: |
| + instruction_ptr = context->GetContextX86()->eip; |
| + break; |
| + case MD_CONTEXT_AMD64: |
| + instruction_ptr = context->GetContextAMD64()->rip; |
| + break; |
| + default: |
| + // TODO(liuandrew) support ARM and arm64 architectures |
|
ivanpe
2015/06/25 20:58:39
The style should be:
// TODO(liuandrew): Add supp
|
| + BPLOG(INFO) << "Unsupported architecture."; |
| + return EXPLOITABILITY_ERR_PROCESSING; |
| + } |
| + |
| + if (!this->InstructionPointerInCode(instruction_ptr)) { |
| + return EXPLOITABILITY_HIGH; |
| + } |
| + |
| return EXPLOITABILITY_NONE; |
| } |
| +bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
| + // get memory mapping |
|
ivanpe
2015/06/25 20:58:38
same
|
| + // most minidumps will not contain a memory mapping, so we will commonly |
| + // resort to stack pointer approximation and checking modules |
| + MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList(); |
| + const MinidumpMemoryInfo *mem_info = |
| + mem_info_list ? |
| + mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL; |
| + |
| + // check if the memory mapping at the instruction pointer is executable |
|
ivanpe
2015/06/25 20:58:38
same
|
| + // if there is no memory mapping, we will use stack pointer approximation |
| + // and the modules as reference |
| + if (mem_info != NULL) { |
| + return mem_info->IsExecutable(); |
| + } |
| + |
| + // if the memory mapping retrieval fails, we will approximate check |
|
ivanpe
2015/06/25 20:58:39
same
|
| + // modules to see if the instruction pointer is inside a module |
| + // TODO(liuandrew) the entirety of a module is not necessarily executable |
|
ivanpe
2015/06/25 20:58:39
same:
TODO(liuandrew):
|
| + // check if the instruction pointer lies in an executable region |
| + MinidumpModuleList *minidump_module_list = dump_->GetModuleList(); |
| + return !minidump_module_list || |
| + minidump_module_list->GetModuleForAddress(instruction_ptr); |
| +} |
| + |
| } // namespace google_breakpad |
