Chromium Code Reviews Chromium Code Reviews
Issue 2296893002:
Add minidump fuzzer for breakpad. (Closed)
| OLD | NEW |
|---|---|
| (Empty) | |
| 1 #include <stddef.h> | |
|
Lei Zhang
2016/08/30 21:00:33
Missing copyright ehader.
Will Harris
2016/08/31 17:48:09
Done.
| |
| 2 #include <stdint.h> | |
| 3 #include <string.h> | |
| 4 | |
| 5 #include <streambuf> | |
| 6 #include <istream> | |
| 7 #include <memory> | |
| 8 | |
| 9 #include "base/memory/free_deleter.h" | |
| 10 #include "google_breakpad/processor/basic_source_line_resolver.h" | |
| 11 #include "google_breakpad/processor/minidump.h" | |
| 12 #include "google_breakpad/processor/minidump_processor.h" | |
| 13 #include "google_breakpad/processor/process_state.h" | |
| 14 #include "processor/logging.h" | |
| 15 #include "processor/simple_symbol_supplier.h" | |
| 16 #include "processor/stackwalk_common.h" | |
| 17 | |
| 18 namespace { | |
| 19 | |
| 20 using google_breakpad::BasicSourceLineResolver; | |
| 21 using google_breakpad::Minidump; | |
| 22 using google_breakpad::MinidumpProcessor; | |
| 23 using google_breakpad::ProcessState; | |
| 24 using google_breakpad::SimpleSymbolSupplier; | |
| 25 | |
| 26 struct membuf : std::streambuf { | |
| 27 membuf(const uint8_t* base, size_t size) { | |
| 28 // This is probably a dodgy cast. | |
|
Lei Zhang
2016/08/30 21:00:33
Beh. I wish the Minidump ctor just took a buffer i
Will Harris
2016/08/31 17:48:09
Acknowledged.
| |
| 29 char* p(const_cast<char*>(reinterpret_cast<const char*>(base))); | |
| 30 this->setg(p, p, p + size); | |
| 31 } | |
| 32 }; | |
| 33 struct imemstream : virtual membuf, std::istream { | |
| 34 imemstream(const uint8_t* base, size_t size) | |
| 35 : membuf(base, size), std::istream(static_cast<std::streambuf*>(this)) {} | |
| 36 }; | |
| 37 | |
| 38 bool PrintMinidumpProcess(std::istream& input, | |
|
Lei Zhang
2016/08/30 21:00:33
pass by non-const ref
Will Harris
2016/08/31 17:48:09
Done.
| |
| 39 const std::vector<string>& symbol_paths, | |
| 40 bool machine_readable, | |
| 41 bool output_stack_contents) { | |
| 42 std::unique_ptr<SimpleSymbolSupplier> symbol_supplier; | |
| 43 | |
| 44 if (!symbol_paths.empty()) { | |
| 45 // TODO(mmentovai): check existence of symbol_path if specified? | |
| 46 symbol_supplier.reset(new SimpleSymbolSupplier(symbol_paths)); | |
| 47 } | |
| 48 | |
| 49 BasicSourceLineResolver resolver; | |
| 50 MinidumpProcessor minidump_processor(symbol_supplier.get(), &resolver); | |
| 51 | |
| 52 // Process the minidump. | |
| 53 Minidump dump(input); | |
| 54 if (!dump.Read()) { | |
| 55 BPLOG(ERROR) << "Minidump " << dump.path() << " could not be read"; | |
| 56 return false; | |
| 57 } | |
| 58 ProcessState process_state; | |
| 59 if (minidump_processor.Process(&dump, &process_state) != | |
| 60 google_breakpad::PROCESS_OK) { | |
| 61 BPLOG(ERROR) << "MinidumpProcessor::Process failed"; | |
| 62 return false; | |
| 63 } | |
| 64 | |
| 65 if (machine_readable) { | |
|
Lei Zhang
2016/08/30 21:00:33
But it's always false.
Will Harris
2016/08/31 17:48:09
Done.
| |
| 66 PrintProcessStateMachineReadable(process_state); | |
| 67 } else { | |
| 68 PrintProcessState(process_state, output_stack_contents, &resolver); | |
| 69 } | |
| 70 | |
| 71 return true; | |
| 72 } | |
| 73 | |
| 74 } // namespace | |
| 75 | |
| 76 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | |
| 77 // put your fuzzing code here and use data+size as input. | |
| 78 uint8_t* ptr = static_cast<uint8_t*>(malloc(size)); | |
| 79 if (!ptr) | |
| 80 return 0; | |
| 81 | |
| 82 std::unique_ptr<uint8_t, base::FreeDeleter> buffer(ptr); | |
| 83 memcpy(buffer.get(), data, size); | |
| 84 imemstream input(buffer.get(), size); | |
| 85 PrintMinidumpProcess(input, std::vector<string>(), false, false); | |
| 86 return 0; | |
| 87 } | |
| OLD | NEW |
