Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(98)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: snapshot/mac/process_reader.cc

Issue 1272283004: Check the size of of the dyld_all_image_infos structure before using it (Closed) Base URL: https://chromium.googlesource.com/crashpad/crashpad@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Crashpad Authors. All rights reserved. 1 // Copyright 2014 The Crashpad Authors. All rights reserved.
2 // 2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License. 4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at 5 // You may obtain a copy of the License at
6 // 6 //
7 // http://www.apache.org/licenses/LICENSE-2.0 7 // http://www.apache.org/licenses/LICENSE-2.0
8 // 8 //
9 // Unless required by applicable law or agreed to in writing, software 9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, 10 // distributed under the License is distributed on an "AS IS" BASIS,
(...skipping 356 matching lines...) Expand 10 before | Expand all | Expand 10 after
367 } 367 }
368 } 368 }
369 #endif 369 #endif
370 370
371 process_types::dyld_all_image_infos all_image_infos; 371 process_types::dyld_all_image_infos all_image_infos;
372 if (!all_image_infos.Read(this, dyld_info.all_image_info_addr)) { 372 if (!all_image_infos.Read(this, dyld_info.all_image_info_addr)) {
373 LOG(WARNING) << "could not read dyld_all_image_infos"; 373 LOG(WARNING) << "could not read dyld_all_image_infos";
374 return; 374 return;
375 } 375 }
376 376
377 DCHECK_GE(all_image_infos.version, 1u); 377 if (all_image_infos.version < 1) {
378 LOG(WARNING) << "unexpected dyld_all_image_infos version "
379 << all_image_infos.version;
380 return;
381 }
382
383 size_t expected_size =
384 process_types::dyld_all_image_infos::ExpectedSizeForVersion(
385 this, all_image_infos.version);
386 if (dyld_info.all_image_info_size < expected_size) {
387 LOG(WARNING) << "small dyld_all_image_infos size "
388 << dyld_info.all_image_info_size << " < " << expected_size
389 << " for version " << all_image_infos.version;
390 return;
391 }
378 392
379 // Note that all_image_infos.infoArrayCount may be 0 if a crash occurred while 393 // Note that all_image_infos.infoArrayCount may be 0 if a crash occurred while
380 // dyld was loading the executable. This can happen if a required dynamic 394 // dyld was loading the executable. This can happen if a required dynamic
381 // library was not found. Similarly, all_image_infos.infoArray may be nullptr 395 // library was not found. Similarly, all_image_infos.infoArray may be nullptr
382 // if a crash occurred while dyld was updating it. 396 // if a crash occurred while dyld was updating it.
383 // 397 //
384 // TODO(mark): It may be possible to recover from these situations by looking 398 // TODO(mark): It may be possible to recover from these situations by looking
385 // through memory mappings for Mach-O images. 399 // through memory mappings for Mach-O images.
386 // 400 //
387 // Continue along when this situation is detected, because even without any 401 // Continue along when this situation is detected, because even without any
(...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after
691 // The red zone would go lower into another region in memory, but no 705 // The red zone would go lower into another region in memory, but no
692 // region was found. Memory can only be captured to an address as low as 706 // region was found. Memory can only be captured to an address as low as
693 // the base address of the region already found. 707 // the base address of the region already found.
694 *start_address = *region_base; 708 *start_address = *region_base;
695 } 709 }
696 } 710 }
697 #endif 711 #endif
698 } 712 }
699 713
700 } // namespace crashpad 714 } // namespace crashpad
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698