Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(30)

Issue 1273823004: Add check for Linux minidump ending on bad write for exploitability rating. (Closed)

Created:
5 years, 4 months ago by liuandrew
Modified:
5 years, 4 months ago
CC:
google-breakpad-dev_googlegroups.com
Visibility:
Public.

Description

Add check for Linux minidump ending on bad write for exploitability rating. If a crash occurred as a result to a write to unwritable memory, it is reason to suggest exploitability. The processor checks for a bad write by disassembling the command that caused the crash by piping the raw bytes near the instruction pointer through objdump. This allows the processor to see if the instruction that caused the crash is a write to memory and where the target of the address is located. R=ivanpe@chromium.org Committed: https://code.google.com/p/google-breakpad/source/detail?r=1497

Patch Set 1 #

Patch Set 2 : Add check for Linux minidump ending on bad write for exploitability rating. #

Total comments: 14

Patch Set 3 : #

Total comments: 18

Patch Set 4 : #

Total comments: 4

Patch Set 5 : #

Patch Set 6 : #

Total comments: 16

Patch Set 7 : #

Patch Set 8 : #

Total comments: 4

Patch Set 9 : #

Patch Set 10 : #

Total comments: 4

Patch Set 11 : #

Patch Set 12 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+584 lines, -8 lines) Patch
M src/google_breakpad/processor/exploitability.h View 1 2 3 4 5 6 7 8 9 10 11 1 chunk +9 lines, -0 lines 0 comments Download
M src/google_breakpad/processor/minidump_processor.h View 1 2 3 4 5 6 7 8 2 chunks +6 lines, -0 lines 0 comments Download
M src/processor/exploitability.cc View 1 2 3 4 5 6 7 8 2 chunks +10 lines, -1 line 0 comments Download
M src/processor/exploitability_linux.h View 1 2 3 4 5 6 7 8 9 10 4 chunks +50 lines, -1 line 0 comments Download
M src/processor/exploitability_linux.cc View 1 2 3 4 5 6 7 8 9 10 5 chunks +380 lines, -2 lines 0 comments Download
M src/processor/exploitability_unittest.cc View 1 2 3 4 5 6 7 8 3 chunks +120 lines, -0 lines 0 comments Download
M src/processor/minidump_processor.cc View 1 2 3 4 5 6 7 8 4 chunks +9 lines, -4 lines 0 comments Download
A src/processor/testdata/linux_jmp_to_module_not_exe_region.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_jmp_to_module_not_exe_region.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download
A src/processor/testdata/linux_write_to_nonwritable_module.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_write_to_nonwritable_module.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download
A src/processor/testdata/linux_write_to_nonwritable_region_math.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_write_to_nonwritable_region_math.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download
A src/processor/testdata/linux_write_to_outside_module.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_write_to_outside_module.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download
A src/processor/testdata/linux_write_to_outside_module_via_math.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_write_to_outside_module_via_math.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download
A src/processor/testdata/linux_write_to_under_4k.dmp View Binary file 0 comments Download
A src/processor/testdata/linux_write_to_under_4k.dmp View 1 2 3 4 5 6 7 8 9 10 11 Binary file 0 comments Download

Messages

Total messages: 24 (2 generated)
liuandrew
5 years, 4 months ago (2015-08-06 21:05:03 UTC) #2
liuandrew
Add check for Linux minidump ending on bad write for exploitability rating. If a crash ...
5 years, 4 months ago (2015-08-10 18:13:13 UTC) #3
liuandrew
Uploaded patch set 2. Changes include: - writing up to one instruction to objdump instead ...
5 years, 4 months ago (2015-08-10 18:15:45 UTC) #4
ivanpe
https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc File src/processor/exploitability_linux.cc (right): https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc#newcode162 src/processor/exploitability_linux.cc:162: return 0; The return value type is bool https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc#newcode190 ...
5 years, 4 months ago (2015-08-10 19:58:05 UTC) #5
liuandrew
Uploaded patch set 3. Changes include: - minor return and overflow issues - some error ...
5 years, 4 months ago (2015-08-10 22:00:40 UTC) #6
ahonig
https://codereview.chromium.org/1273823004/diff/40001/src/processor/exploitability_linux.cc File src/processor/exploitability_linux.cc (right): https://codereview.chromium.org/1273823004/diff/40001/src/processor/exploitability_linux.cc#newcode144 src/processor/exploitability_linux.cc:144: bool ExploitabilityLinux::EndedOnIllegalWrite(uint64_t instruction_ptr) { This is a really long ...
5 years, 4 months ago (2015-08-10 22:53:11 UTC) #7
ivanpe
https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc File src/processor/exploitability_linux.cc (right): https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc#newcode240 src/processor/exploitability_linux.cc:240: execlp("objdump", "objdump", "-D", "-b", "binary", "-M", "intel", On 2015/08/10 ...
5 years, 4 months ago (2015-08-10 23:27:59 UTC) #8
liuandrew
Uploaded patch set 4. Changes include: - continuing objdump discussion - error checks/fixes - miscellaneous ...
5 years, 4 months ago (2015-08-11 22:55:39 UTC) #9
ivanpe
https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc File src/processor/exploitability_linux.cc (right): https://codereview.chromium.org/1273823004/diff/20001/src/processor/exploitability_linux.cc#newcode240 src/processor/exploitability_linux.cc:240: execlp("objdump", "objdump", "-D", "-b", "binary", "-M", "intel", On 2015/08/11 ...
5 years, 4 months ago (2015-08-11 23:29:43 UTC) #10
liuandrew
+ted.mielczarek@gmail.com Uploaded patch set 5. Changes include: - breaking the write method into smaller methods ...
5 years, 4 months ago (2015-08-17 21:37:37 UTC) #12
Ted Mielczarek
I'm not wild about the idea of shelling out to objdump here. I understand there ...
5 years, 4 months ago (2015-08-18 12:59:12 UTC) #13
Ted Mielczarek
Just FYI, I've also experimented with shelling out to objdump to disassemble instructions from a ...
5 years, 4 months ago (2015-08-18 13:01:02 UTC) #14
liuandrew
On 2015/08/18 12:59:12, Ted Mielczarek wrote: > I'm not wild about the idea of shelling ...
5 years, 4 months ago (2015-08-18 17:50:33 UTC) #15
liuandrew
Uploaded patch set 6. Changes include: - proprocessor directives to prevent portability issues - miscellanous ...
5 years, 4 months ago (2015-08-18 17:51:52 UTC) #16
liuandrew
Uploaded patch set 7. I tried using popen on MinGW and as far as I ...
5 years, 4 months ago (2015-08-18 21:21:43 UTC) #17
liuandrew
Uploaded patch set 8. Changes include: - usage of preprocessor directives (again) - blocking out ...
5 years, 4 months ago (2015-08-18 23:24:38 UTC) #18
ivanpe
https://codereview.chromium.org/1273823004/diff/100001/src/processor/exploitability_linux.cc File src/processor/exploitability_linux.cc (right): https://codereview.chromium.org/1273823004/diff/100001/src/processor/exploitability_linux.cc#newcode164 src/processor/exploitability_linux.cc:164: bool ExploitabilityLinux::EndedOnIllegalWrite(uint64_t instruction_ptr) { I think that this functionality ...
5 years, 4 months ago (2015-08-20 05:37:44 UTC) #19
liuandrew
Uploaded patch set 9. Changes include: - miscellaneous changes - making the illegal write check ...
5 years, 4 months ago (2015-08-20 17:11:51 UTC) #20
ivanpe
This is better. A few more nits. https://codereview.chromium.org/1273823004/diff/180001/src/google_breakpad/processor/exploitability.h File src/google_breakpad/processor/exploitability.h (right): https://codereview.chromium.org/1273823004/diff/180001/src/google_breakpad/processor/exploitability.h#newcode56 src/google_breakpad/processor/exploitability.h:56: static Exploitability ...
5 years, 4 months ago (2015-08-20 21:17:51 UTC) #21
liuandrew
Uploaded patch set 11. Changes include: - addressing/resolving all nits https://codereview.chromium.org/1273823004/diff/180001/src/google_breakpad/processor/exploitability.h File src/google_breakpad/processor/exploitability.h (right): https://codereview.chromium.org/1273823004/diff/180001/src/google_breakpad/processor/exploitability.h#newcode56 ...
5 years, 4 months ago (2015-08-20 21:59:57 UTC) #22
ivanpe
For some reason I don't see your latest patch. I'll approve, assuming you'll fix the ...
5 years, 4 months ago (2015-08-21 00:01:02 UTC) #23
liuandrew
5 years, 4 months ago (2015-08-21 16:22:32 UTC) #24
Message was sent while issue was closed.
Committed patchset #12 (id:220001) manually as r1497 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698