Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Side by Side Diff: src/processor/exploitability_linux.cc

Issue 1211253009: Set exception whitelist check as earlier check instead of last check. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 Google Inc. 1 // Copyright (c) 2013 Google Inc.
2 // All rights reserved. 2 // All rights reserved.
3 // 3 //
4 // Redistribution and use in source and binary forms, with or without 4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are 5 // modification, are permitted provided that the following conditions are
6 // met: 6 // met:
7 // 7 //
8 // * Redistributions of source code must retain the above copyright 8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer. 9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above 10 // * Redistributions in binary form must reproduce the above
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
75 return EXPLOITABILITY_HIGH; 75 return EXPLOITABILITY_HIGH;
76 } 76 }
77 77
78 if (crashing_thread_frames[i]->function_name == 78 if (crashing_thread_frames[i]->function_name ==
79 kBoundsCheckFailureFunction) { 79 kBoundsCheckFailureFunction) {
80 return EXPLOITABILITY_HIGH; 80 return EXPLOITABILITY_HIGH;
81 } 81 }
82 } 82 }
83 } 83 }
84 84
85 // Check if the instruction pointer is in a valid instruction region
86 // by finding if it maps to an executable part of memory.
87 uint64_t instruction_ptr = 0;
88
89 // Getting exception data. (It should exist for all minidumps.) 85 // Getting exception data. (It should exist for all minidumps.)
90 MinidumpException *exception = dump_->GetException(); 86 MinidumpException *exception = dump_->GetException();
91 if (exception == NULL) { 87 if (exception == NULL) {
92 BPLOG(INFO) << "No exception record."; 88 BPLOG(INFO) << "No exception record.";
93 return EXPLOITABILITY_ERR_PROCESSING; 89 return EXPLOITABILITY_ERR_PROCESSING;
94 } 90 }
91 const MDRawExceptionStream *raw_exception_stream = exception->exception();
92 if (raw_exception_stream == NULL) {
93 BPLOG(INFO) << "No raw exception stream.";
94 return EXPLOITABILITY_ERR_PROCESSING;
95 }
96
97 // Checking for benign exceptions that caused the crash.
98 if (this->BenignCrashTrigger(raw_exception_stream)) {
99 return EXPLOITABILITY_NONE;
100 }
101
102 // Check if the instruction pointer is in a valid instruction region
103 // by finding if it maps to an executable part of memory.
104 uint64_t instruction_ptr = 0;
105
95 const MinidumpContext *context = exception->GetContext(); 106 const MinidumpContext *context = exception->GetContext();
96 if (context == NULL) { 107 if (context == NULL) {
97 BPLOG(INFO) << "No exception context."; 108 BPLOG(INFO) << "No exception context.";
98 return EXPLOITABILITY_ERR_PROCESSING; 109 return EXPLOITABILITY_ERR_PROCESSING;
99 } 110 }
100 111
101 // Getting the instruction pointer. 112 // Getting the instruction pointer.
102 if (!context->GetInstructionPointer(&instruction_ptr)) { 113 if (!context->GetInstructionPointer(&instruction_ptr)) {
103 return EXPLOITABILITY_ERR_PROCESSING; 114 return EXPLOITABILITY_ERR_PROCESSING;
104 } 115 }
105 116
106 // Checking for the instruction pointer in a valid instruction region. 117 // Checking for the instruction pointer in a valid instruction region.
107 if (!this->InstructionPointerInCode(instruction_ptr)) { 118 if (!this->InstructionPointerInCode(instruction_ptr)) {
108 return EXPLOITABILITY_HIGH; 119 return EXPLOITABILITY_HIGH;
109 } 120 }
110 121
111 const MDRawExceptionStream *raw_exception_stream = exception->exception();
112 if (raw_exception_stream == NULL) {
113 BPLOG(INFO) << "No raw exception stream.";
114 return EXPLOITABILITY_ERR_PROCESSING;
115 }
116
117 // Checking for benign exceptions that caused the crash.
118 if (this->BenignCrashTrigger(raw_exception_stream)) {
119 return EXPLOITABILITY_NONE;
120 }
121
122 return EXPLOITABILITY_INTERESTING; 122 return EXPLOITABILITY_INTERESTING;
123 } 123 }
124 124
125 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { 125 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
126 // Here we get memory mapping. Most minidumps will not contain a memory 126 // Here we get memory mapping. Most minidumps will not contain a memory
127 // mapping, so we will commonly resort to checking modules. 127 // mapping, so we will commonly resort to checking modules.
128 MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList(); 128 MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList();
129 const MinidumpMemoryInfo *mem_info = 129 const MinidumpMemoryInfo *mem_info =
130 mem_info_list ? 130 mem_info_list ?
131 mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL; 131 mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL;
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: 181 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
182 return true; 182 return true;
183 break; 183 break;
184 default: 184 default:
185 return false; 185 return false;
186 break; 186 break;
187 } 187 }
188 } 188 }
189 189
190 } // namespace google_breakpad 190 } // namespace google_breakpad
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698