Chromium Code Reviews Chromium Code Reviews
Issue 1251593007:
Add support for Linux memory mapping stream and remove ELF header usage (Closed)
Base URL: http://google-breakpad.googlecode.com/svn/trunk/| Index: src/processor/exploitability_linux.cc |
| =================================================================== |
| --- src/processor/exploitability_linux.cc (revision 1474) |
| +++ src/processor/exploitability_linux.cc (working copy) |
| @@ -36,8 +36,6 @@ |
| #include "processor/exploitability_linux.h" |
| -#include <elf.h> |
| - |
| #include "google_breakpad/common/minidump_exception_linux.h" |
| #include "google_breakpad/processor/call_stack.h" |
| #include "google_breakpad/processor/process_state.h" |
| @@ -161,121 +159,16 @@ |
| } |
| bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
| - // Get memory mapping. Most minidumps will not contain a memory |
| - // mapping, so processing will commonly resort to checking modules. |
| - MinidumpMemoryInfoList *mem_info_list = dump_->GetMemoryInfoList(); |
| - const MinidumpMemoryInfo *mem_info = |
| - mem_info_list ? |
| - mem_info_list->GetMemoryInfoForAddress(instruction_ptr) : NULL; |
| - |
| - // Check if the memory mapping at the instruction pointer is executable. |
| - // If there is no memory mapping, processing will use modules as reference. |
| - if (mem_info != NULL) { |
| - return mem_info->IsExecutable(); |
| - } |
| - |
| - // If the memory mapping retrieval fails, check the modules |
| - // to see if the instruction pointer is inside a module. |
| - MinidumpModuleList *minidump_module_list = dump_->GetModuleList(); |
| - const MinidumpModule *minidump_module = |
| - minidump_module_list ? |
| - minidump_module_list->GetModuleForAddress(instruction_ptr) : NULL; |
| - |
| - // If the instruction pointer isn't in a module, return false. |
| - if (minidump_module == NULL) { |
| - return false; |
| - } |
| - |
| - // Get ELF header data from the instruction pointer's module. |
| - const uint64_t base_address = minidump_module->base_address(); |
| - MinidumpMemoryList *memory_list = dump_->GetMemoryList(); |
| - MinidumpMemoryRegion *memory_region = |
| - memory_list ? |
| - memory_list->GetMemoryRegionForAddress(base_address) : NULL; |
| - |
| - // The minidump does not have the correct memory region. |
| - // This returns true because even though there is no memory data available, |
| - // the evidence so far suggests that the instruction pointer is not at a |
| - // bad location. |
| - if (memory_region == NULL) { |
| - return true; |
| - } |
| - |
| - // Examine ELF headers. Depending on the architecture, the size of the |
| - // ELF headers can differ. |
| - LinuxArchitectureType architecture = this->ArchitectureType(); |
| - if (architecture == LINUX_32_BIT) { |
| - // Check if the ELF header is within the memory region and if the |
| - // instruction pointer lies within the ELF header. |
| - if (memory_region->GetSize() < sizeof(Elf32_Ehdr) || |
| - instruction_ptr < base_address + sizeof(Elf32_Ehdr)) { |
| - return false; |
| - } |
| - // Load 32-bit ELF header. |
| - Elf32_Ehdr header; |
| - this->LoadElfHeader(memory_region, base_address, &header); |
| - // Check if the program header table is within the memory region, and |
| - // validate that the program header entry size is correct. |
| - if (header.e_phentsize != sizeof(Elf32_Phdr) || |
| - memory_region->GetSize() < |
| - header.e_phoff + |
| - ((uint64_t) header.e_phentsize * (uint64_t) header.e_phnum)) { |
| - return false; |
| - } |
| - // Load 32-bit Program Header Table. |
| - scoped_array<Elf32_Phdr> program_headers(new Elf32_Phdr[header.e_phnum]); |
| - this->LoadElfHeaderTable(memory_region, |
| - base_address + header.e_phoff, |
| - header.e_phnum, |
| - program_headers.get()); |
| - // Find correct program header that corresponds to the instruction pointer. |
| - for (int i = 0; i < header.e_phnum; i++) { |
| - const Elf32_Phdr& program_header = program_headers[i]; |
| - // Check if instruction pointer lies within this program header's region. |
| - if (instruction_ptr >= program_header.p_vaddr && |
| - instruction_ptr < program_header.p_vaddr + program_header.p_memsz) { |
| - // Return whether this program header region is executable. |
| - return program_header.p_flags & PF_X; |
| - } |
| - } |
| - } else if (architecture == LINUX_64_BIT) { |
| - // Check if the ELF header is within the memory region and if the |
| - // instruction pointer lies within the ELF header. |
| - if (memory_region->GetSize() < sizeof(Elf64_Ehdr) || |
| - instruction_ptr < base_address + sizeof(Elf64_Ehdr)) { |
| - return false; |
| - } |
| - // Load 64-bit ELF header. |
| - Elf64_Ehdr header; |
| - this->LoadElfHeader(memory_region, base_address, &header); |
|
ivanpe
2015/07/23 01:17:12
Please, make sure to cleanup all functions that ar
liuandrew
2015/07/24 23:25:36
Done.
|
| - // Check if the program header table is within the memory region, and |
| - // validate that the program header entry size is correct. |
| - if (header.e_phentsize != sizeof(Elf64_Phdr) || |
| - memory_region->GetSize() < |
| - header.e_phoff + |
| - ((uint64_t) header.e_phentsize * (uint64_t) header.e_phnum)) { |
| - return false; |
| - } |
| - // Load 64-bit Program Header Table. |
| - scoped_array<Elf64_Phdr> program_headers(new Elf64_Phdr[header.e_phnum]); |
| - this->LoadElfHeaderTable(memory_region, |
| - base_address + header.e_phoff, |
| - header.e_phnum, |
| - program_headers.get()); |
| - // Find correct program header that corresponds to the instruction pointer. |
| - for (int i = 0; i < header.e_phnum; i++) { |
| - const Elf64_Phdr& program_header = program_headers[i]; |
| - // Check if instruction pointer lies within this program header's region. |
| - if (instruction_ptr >= program_header.p_vaddr && |
| - instruction_ptr < program_header.p_vaddr + program_header.p_memsz) { |
| - // Return whether this program header region is executable. |
| - return program_header.p_flags & PF_X; |
| - } |
| - } |
| - } |
| - |
| - // The instruction pointer was not in an area identified by the ELF headers. |
| - return false; |
| + // Get Linux memory mapping from /proc/self/maps. Checking whether the |
| + // region the instruction pointer is in has executable permission can tell |
| + // whether it is in a valid code region. If there is no mapping for the |
| + // instruction pointer, it is indicative that the instruction pointer is |
| + // not within a module, which implies that it is outside a valid area. |
| + MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
| + const MinidumpLinuxMaps *linux_maps = |
| + linux_maps_list ? |
| + linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; |
| + return linux_maps ? linux_maps->IsExecutable() : false; |
| } |
| bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream |
