| Index: src/processor/exploitability_linux.cc
|
| ===================================================================
|
| --- src/processor/exploitability_linux.cc (revision 1466)
|
| +++ src/processor/exploitability_linux.cc (working copy)
|
| @@ -36,6 +36,7 @@
|
|
|
| #include "processor/exploitability_linux.h"
|
|
|
| +#include "google_breakpad/common/minidump_exception_linux.h"
|
| #include "google_breakpad/processor/process_state.h"
|
| #include "google_breakpad/processor/call_stack.h"
|
| #include "google_breakpad/processor/stack_frame.h"
|
| @@ -119,11 +120,23 @@
|
| return EXPLOITABILITY_ERR_PROCESSING;
|
| }
|
|
|
| + // Checking for the instruction pointer in a valid instruction region.
|
| if (!this->InstructionPointerInCode(instruction_ptr)) {
|
| return EXPLOITABILITY_HIGH;
|
| }
|
|
|
| - return EXPLOITABILITY_NONE;
|
| + const MDRawExceptionStream *raw_exception_stream = exception->exception();
|
| + if (raw_exception_stream == NULL) {
|
| + BPLOG(INFO) << "No raw exception stream.";
|
| + return EXPLOITABILITY_ERR_PROCESSING;
|
| + }
|
| +
|
| + // Checking for benign exceptions that caused the crash.
|
| + if (this->BenignCrashTrigger(raw_exception_stream)) {
|
| + return EXPLOITABILITY_NONE;
|
| + }
|
| +
|
| + return EXPLOITABILITY_INTERESTING;
|
| }
|
|
|
| bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
|
| @@ -149,4 +162,46 @@
|
| minidump_module_list->GetModuleForAddress(instruction_ptr);
|
| }
|
|
|
| +bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream
|
| + *raw_exception_stream) {
|
| + // Here we check the cause of crash.
|
| + // If the exception of the crash is a benign exception,
|
| + // it is probably not exploitable.
|
| + switch (raw_exception_stream->exception_record.exception_code) {
|
| + case MD_EXCEPTION_CODE_LIN_SIGHUP:
|
| + case MD_EXCEPTION_CODE_LIN_SIGINT:
|
| + case MD_EXCEPTION_CODE_LIN_SIGQUIT:
|
| + case MD_EXCEPTION_CODE_LIN_SIGTRAP:
|
| + case MD_EXCEPTION_CODE_LIN_SIGABRT:
|
| + case MD_EXCEPTION_CODE_LIN_SIGFPE:
|
| + case MD_EXCEPTION_CODE_LIN_SIGKILL:
|
| + case MD_EXCEPTION_CODE_LIN_SIGUSR1:
|
| + case MD_EXCEPTION_CODE_LIN_SIGUSR2:
|
| + case MD_EXCEPTION_CODE_LIN_SIGPIPE:
|
| + case MD_EXCEPTION_CODE_LIN_SIGALRM:
|
| + case MD_EXCEPTION_CODE_LIN_SIGTERM:
|
| + case MD_EXCEPTION_CODE_LIN_SIGCHLD:
|
| + case MD_EXCEPTION_CODE_LIN_SIGCONT:
|
| + case MD_EXCEPTION_CODE_LIN_SIGSTOP:
|
| + case MD_EXCEPTION_CODE_LIN_SIGTSTP:
|
| + case MD_EXCEPTION_CODE_LIN_SIGTTIN:
|
| + case MD_EXCEPTION_CODE_LIN_SIGTTOU:
|
| + case MD_EXCEPTION_CODE_LIN_SIGURG:
|
| + case MD_EXCEPTION_CODE_LIN_SIGXCPU:
|
| + case MD_EXCEPTION_CODE_LIN_SIGXFSZ:
|
| + case MD_EXCEPTION_CODE_LIN_SIGVTALRM:
|
| + case MD_EXCEPTION_CODE_LIN_SIGPROF:
|
| + case MD_EXCEPTION_CODE_LIN_SIGWINCH:
|
| + case MD_EXCEPTION_CODE_LIN_SIGIO:
|
| + case MD_EXCEPTION_CODE_LIN_SIGPWR:
|
| + case MD_EXCEPTION_CODE_LIN_SIGSYS:
|
| + case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
|
| + return true;
|
| + break;
|
| + default:
|
| + return false;
|
| + break;
|
| + }
|
| +}
|
| +
|
| } // namespace google_breakpad
|
|
|
Chromium Code Reviews
Issue 1212383004:
Checking for benign exceptions that trigger a minidump. (Closed)
Base URL: http://google-breakpad.googlecode.com/svn/trunk/