OLD | NEW |
1 // Copyright (c) 2013 Google Inc. | 1 // Copyright (c) 2013 Google Inc. |
2 // All rights reserved. | 2 // All rights reserved. |
3 // | 3 // |
4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
6 // met: | 6 // met: |
7 // | 7 // |
8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 return EXPLOITABILITY_HIGH; | 75 return EXPLOITABILITY_HIGH; |
76 } | 76 } |
77 | 77 |
78 if (crashing_thread_frames[i]->function_name == | 78 if (crashing_thread_frames[i]->function_name == |
79 kBoundsCheckFailureFunction) { | 79 kBoundsCheckFailureFunction) { |
80 return EXPLOITABILITY_HIGH; | 80 return EXPLOITABILITY_HIGH; |
81 } | 81 } |
82 } | 82 } |
83 } | 83 } |
84 | 84 |
85 // Check if the instruction pointer is in a valid instruction region | |
86 // by finding if it maps to an executable part of memory. | |
87 uint64_t instruction_ptr = 0; | |
88 | |
89 // Getting exception data. (It should exist for all minidumps.) | 85 // Getting exception data. (It should exist for all minidumps.) |
90 MinidumpException *exception = dump_->GetException(); | 86 MinidumpException *exception = dump_->GetException(); |
91 if (exception == NULL) { | 87 if (exception == NULL) { |
92 BPLOG(INFO) << "No exception record."; | 88 BPLOG(INFO) << "No exception record."; |
93 return EXPLOITABILITY_ERR_PROCESSING; | 89 return EXPLOITABILITY_ERR_PROCESSING; |
94 } | 90 } |
| 91 const MDRawExceptionStream *raw_exception_stream = exception->exception(); |
| 92 if (raw_exception_stream == NULL) { |
| 93 BPLOG(INFO) << "No raw exception stream."; |
| 94 return EXPLOITABILITY_ERR_PROCESSING; |
| 95 } |
| 96 |
| 97 // Checking for benign exceptions that caused the crash. |
| 98 if (this->BenignCrashTrigger(raw_exception_stream)) { |
| 99 return EXPLOITABILITY_NONE; |
| 100 } |
| 101 |
| 102 // Check if the instruction pointer is in a valid instruction region |
| 103 // by finding if it maps to an executable part of memory. |
| 104 uint64_t instruction_ptr = 0; |
| 105 |
95 const MinidumpContext *context = exception->GetContext(); | 106 const MinidumpContext *context = exception->GetContext(); |
96 if (context == NULL) { | 107 if (context == NULL) { |
97 BPLOG(INFO) << "No exception context."; | 108 BPLOG(INFO) << "No exception context."; |
98 return EXPLOITABILITY_ERR_PROCESSING; | 109 return EXPLOITABILITY_ERR_PROCESSING; |
99 } | 110 } |
100 | 111 |
101 // Getting the instruction pointer. | 112 // Getting the instruction pointer. |
102 if (!context->GetInstructionPointer(&instruction_ptr)) { | 113 if (!context->GetInstructionPointer(&instruction_ptr)) { |
103 return EXPLOITABILITY_ERR_PROCESSING; | 114 return EXPLOITABILITY_ERR_PROCESSING; |
104 } | 115 } |
105 | 116 |
106 // Checking for the instruction pointer in a valid instruction region. | 117 // Checking for the instruction pointer in a valid instruction region. |
107 if (!this->InstructionPointerInCode(instruction_ptr)) { | 118 if (!this->InstructionPointerInCode(instruction_ptr)) { |
108 return EXPLOITABILITY_HIGH; | 119 return EXPLOITABILITY_HIGH; |
109 } | 120 } |
110 | 121 |
111 const MDRawExceptionStream *raw_exception_stream = exception->exception(); | |
112 if (raw_exception_stream == NULL) { | |
113 BPLOG(INFO) << "No raw exception stream."; | |
114 return EXPLOITABILITY_ERR_PROCESSING; | |
115 } | |
116 | |
117 // Checking for benign exceptions that caused the crash. | |
118 if (this->BenignCrashTrigger(raw_exception_stream)) { | |
119 return EXPLOITABILITY_NONE; | |
120 } | |
121 | |
122 return EXPLOITABILITY_INTERESTING; | 122 return EXPLOITABILITY_INTERESTING; |
123 } | 123 } |
124 | 124 |
125 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { | 125 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
126 // Here we get memory mapping. Most minidumps will not contain a memory | 126 // Here we get memory mapping. Most minidumps will not contain a memory |
127 // mapping, so we will commonly resort to checking modules. | 127 // mapping, so we will commonly resort to checking modules. |
128 MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList(); | 128 MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList(); |
129 const MinidumpMemoryInfo *mem_info = | 129 const MinidumpMemoryInfo *mem_info = |
130 mem_info_list ? | 130 mem_info_list ? |
131 mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL; | 131 mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL; |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: | 181 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: |
182 return true; | 182 return true; |
183 break; | 183 break; |
184 default: | 184 default: |
185 return false; | 185 return false; |
186 break; | 186 break; |
187 } | 187 } |
188 } | 188 } |
189 | 189 |
190 } // namespace google_breakpad | 190 } // namespace google_breakpad |
OLD | NEW |