src/processor/exploitability_linux.h - Issue 1273823004: Add check for Linux minidump ending on bad write for exploitability rating.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/processor/exploitability_linux.h

Issue 1273823004: Add check for Linux minidump ending on bad write for exploitability rating. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/processor/exploitability_linux.h

===================================================================

--- src/processor/exploitability_linux.h (revision 1491)

+++ src/processor/exploitability_linux.h (working copy)

@@ -51,6 +51,8 @@

virtual ExploitabilityRating CheckPlatformExploitability();

private:

+ friend class ExploitabilityLinuxTest;

// Takes the address of the instruction pointer and returns

// whether the instruction pointer lies in a valid instruction region.

bool InstructionPointerInCode(uint64_t instruction_ptr);

@@ -59,6 +61,40 @@

// minidump and reports whether the exception suggests no exploitability.

bool BenignCrashTrigger(const MDRawExceptionStream *raw_exception_stream);

+ // This method checks if the crash occurred during a write to read-only or

+ // invalid memory. It does so by checking if the instruction at the

+ // instruction pointer is a write instruction, and if the target of the

+ // instruction is at a spot in memory that prohibits writes.

+ bool EndedOnIllegalWrite(uint64_t instruction_ptr);

+#ifndef _WIN32

+ // Disassembles raw bytes via objdump and pipes the output into the provided

+ // buffer, given the desired architecture, the file from which objdump will

+ // read, and the buffer length. The method returns whether the disassembly

+ // was a success, and the caller owns all pointers.

+ static bool DisassembleBytes(const string &architecture,

+ const uint8_t *raw_bytes,

+ const unsigned int MAX_OBJDUMP_BUFFER_LEN,

+ char *objdump_output_buffer);

+ // Tokenizes out the operation and operands from a line of instruction

+ // disassembled by objdump. This method modifies the pointers to match the

+ // tokens of the instruction, and returns if the tokenizing was a success.

+ // The caller owns all pointers.

+ static bool TokenizeObjdumpInstruction(const string &line,

+ string *operation,

+ string *dest,

+ string *src);

+ // Calculates the effective address of an expression in the form reg+a or

+ // reg-a, where 'reg' is a register and 'a' is a constant, and writes the

+ // result in the pointer. The method returns whether the calculation was

+ // a success. The caller owns the pointer.

+ static bool CalculateAddress(const string &address_expression,

+ const DumpContext &context,

+ uint64_t *write_address);

+#endif // _WIN32

// Checks if the stack pointer points to a memory mapping that is not

// labelled as the stack.

bool StackPointerOffStack(uint64_t stack_ptr);

« no previous file with comments | « no previous file | src/processor/exploitability_linux.cc » ('j') | src/processor/exploitability_linux.cc » ('J')