Add check to see if stack pointer is off the stack according to the memory

src/processor/exploitability_linux.cc

 // Copyright (c) 2013 Google Inc.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
@@ skipping 84 matching lines @@
   }
 
   // Checking for benign exceptions that caused the crash.
   if (this->BenignCrashTrigger(raw_exception_stream)) {
     return EXPLOITABILITY_NONE;
   }
 
   // Check if the instruction pointer is in a valid instruction region
   // by finding if it maps to an executable part of memory.
   uint64_t instruction_ptr = 0;
+  uint64_t stack_ptr = 0;
 
   const MinidumpContext *context = exception->GetContext();
   if (context == NULL) {
     BPLOG(INFO) << "No exception context.";
     return EXPLOITABILITY_ERR_PROCESSING;
   }
 
   // Getting the instruction pointer.
   if (!context->GetInstructionPointer(&instruction_ptr)) {
     BPLOG(INFO) << "Failed to retrieve instruction pointer.";
     return EXPLOITABILITY_ERR_PROCESSING;
   }
 
+  // Getting the stack pointer.
+  if (!context->GetStackPointer(&stack_ptr)) {
+    BPLOG(INFO) << "Failed to retrieve stack pointer.";
+    return EXPLOITABILITY_ERR_PROCESSING;
+  }
+
   // Checking for the instruction pointer in a valid instruction region.
-  if (!this->InstructionPointerInCode(instruction_ptr)) {
+  if (!this->InstructionPointerInCode(instruction_ptr) ||
+       this->StackPointerOffStack(stack_ptr)) {
     return EXPLOITABILITY_HIGH;
   }
 
   // There was no strong evidence suggesting exploitability, but the minidump
   // does not appear totally benign either.
   return EXPLOITABILITY_INTERESTING;
 }
 
+bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) {
+  MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
+  // Inconclusive if there are no mappings available.
+  if (!linux_maps_list) {
+    return false;
+  }
+  const MinidumpLinuxMaps *linux_maps =
+      linux_maps_list->GetLinuxMapsForAddress(stack_ptr);
+  // Checks if the stack pointer maps to a valid mapping and if the mapping
+  // is not the stack. If the mapping has no name, it is inconclusive whether
+  // it is off the stack.
+  return !linux_maps ||
+         (linux_maps->GetPathname().compare("") &&
+          linux_maps->GetPathname().compare("[stack]"));
+}
+
 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
   // Get Linux memory mapping from /proc/self/maps. Checking whether the
   // region the instruction pointer is in has executable permission can tell
   // whether it is in a valid code region. If there is no mapping for the
   // instruction pointer, it is indicative that the instruction pointer is
   // not within a module, which implies that it is outside a valid area.
   MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
   const MinidumpLinuxMaps *linux_maps =
       linux_maps_list ?
       linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL;
@@ skipping 36 matching lines @@
     case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
       return true;
       break;
     default:
       return false;
       break;
   }
 }
 
 }  // namespace google_breakpad