Checking for benign exceptions that trigger a minidump.

src/processor/exploitability_linux.cc

Index: src/processor/exploitability_linux.cc
===================================================================
--- src/processor/exploitability_linux.cc	(revision 1464)
+++ src/processor/exploitability_linux.cc	(working copy)
@@ -36,6 +36,7 @@
 
 #include "processor/exploitability_linux.h"
 
+#include "google_breakpad/common/minidump_exception_linux.h"
 #include "google_breakpad/processor/process_state.h"
 #include "google_breakpad/processor/call_stack.h"
 #include "google_breakpad/processor/stack_frame.h"
@@ -96,6 +97,11 @@
     BPLOG(INFO) << "No exception context.";
     return EXPLOITABILITY_ERR_PROCESSING;
   }
+  const MDRawExceptionStream *raw_exception_stream = exception->exception();

[ivanpe, 2015/06/26 18:21:36]

Please, move this code new below the InstructionPointerInCode check.

[liuandrew, 2015/06/29 16:13:56]

Done.

+  if (raw_exception_stream == NULL) {
+    BPLOG(INFO) << "No raw exception stream.";
+    return EXPLOITABILITY_ERR_PROCESSING;
+  }
 
   // Getting instruction pointer based off architecture.
   uint32_t architecture = context->GetContextCPU();
@@ -116,6 +122,12 @@
     return EXPLOITABILITY_HIGH;
   }
 
+  // check for benign exceptions

[ivanpe, 2015/06/26 18:21:36]

Capitalize, punctuation, etc.

[liuandrew, 2015/06/29 16:13:56]

Done.

+  if (this->BenignCrashTrigger(raw_exception_stream)) {
+    return EXPLOITABILITY_NONE;
+  }
+
+  // TODO(liuandrew) change default exploitability rating

[ivanpe, 2015/06/26 18:21:36]

Should be // TODO(author): some text

[liuandrew, 2015/06/29 16:13:55]

Done.

   return EXPLOITABILITY_NONE;
 }
 
@@ -142,4 +154,40 @@
           minidump_module_list->GetModuleForAddress(instruction_ptr);
 }
 
+bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream
+                                                  *raw_exception_stream) {
+  // here we check the cause of crash

[ivanpe, 2015/06/26 18:21:36]

Capitalize, punctuation, etc.

[liuandrew, 2015/06/29 16:13:56]

Done.

+  // if the exception of the crash is a benign exception,
+  // it is probably not exploitable
+  switch (raw_exception_stream->exception_record.exception_code) {
+    case MD_EXCEPTION_CODE_LIN_SIGHUP:

[ivanpe, 2015/06/26 18:21:36]

What is the rationale for considering these benign?  If there a document that
describe these?  Can you add a link to it in a comment?

+    case MD_EXCEPTION_CODE_LIN_SIGABRT:
+    case MD_EXCEPTION_CODE_LIN_SIGFPE:
+    case MD_EXCEPTION_CODE_LIN_SIGUSR1:
+    case MD_EXCEPTION_CODE_LIN_SIGUSR2:
+    case MD_EXCEPTION_CODE_LIN_SIGPIPE:
+    case MD_EXCEPTION_CODE_LIN_SIGALRM:
+    case MD_EXCEPTION_CODE_LIN_SIGTERM:
+    case MD_EXCEPTION_CODE_LIN_SIGCONT:
+    case MD_EXCEPTION_CODE_LIN_SIGSTOP:
+    case MD_EXCEPTION_CODE_LIN_SIGTSTP:
+    case MD_EXCEPTION_CODE_LIN_SIGTTIN:
+    case MD_EXCEPTION_CODE_LIN_SIGTTOU:
+    case MD_EXCEPTION_CODE_LIN_SIGURG:
+    case MD_EXCEPTION_CODE_LIN_SIGXCPU:
+    case MD_EXCEPTION_CODE_LIN_SIGXFSZ:
+    case MD_EXCEPTION_CODE_LIN_SIGVTALRM:
+    case MD_EXCEPTION_CODE_LIN_SIGPROF:
+    case MD_EXCEPTION_CODE_LIN_SIGWINCH:
+    case MD_EXCEPTION_CODE_LIN_SIGIO:
+    case MD_EXCEPTION_CODE_LIN_SIGPWR:
+    case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
+      return true;
+      break;
+    default:
+      return false;
+      break;
+  }
+}
+
 }  // namespace google_breakpad