Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2894223002:
Bounds-check rbp when unwinding a stack frame that uses rbp as a frame pointer. (Closed)
|
Created:
3 years, 7 months ago by Avi (use Gerrit) Modified:
3 years, 7 months ago CC:
chromium-reviews, danakj+watch_chromium.org, mac-reviews_chromium.org, vmpstr+watch_chromium.org Target Ref:
refs/heads/master Project:
chromium Visibility:
Public. |
DescriptionBounds-check rbp when unwinding a stack frame that uses rbp as a frame pointer.
BUG=531673
Review-Url: https://codereview.chromium.org/2894223002
Cr-Commit-Position: refs/heads/master@{#473689}
Committed: https://chromium.googlesource.com/chromium/src/+/de8adfb9a185c752df2f7e464e77620badd313e0
Patch Set 1 #
Total comments: 5
Messages
Total messages: 20 (9 generated)
The CQ bit was checked by avi@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
avi@chromium.org changed reviewers: + wittman@chromium.org
lgtm, but I'd feel a lot more comfortable having Mark take a look as well https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... File base/profiler/native_stack_sampler_mac.cc (right): https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... base/profiler/native_stack_sampler_mac.cc:131: // If this stack frame has a frame pointer, stepping the cursor will involve nit: this could be extracted to a separate function
avi@chromium.org changed reviewers: + mark@chromium.org
Mark, ptal as well.
I'm already gone for the day. Probably not until Monday.
On 2017/05/19 22:19:54, Mark Mentovai wrote: > I'm already gone for the day. Probably not until Monday. No rush; I'm heading home too for the day.
https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... File base/profiler/native_stack_sampler_mac.cc (right): https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... base/profiler/native_stack_sampler_mac.cc:131: // If this stack frame has a frame pointer, stepping the cursor will involve On 2017/05/19 21:21:21, Mike Wittman wrote: > nit: this could be extracted to a separate function It could be, but it's short enough and is only used here, so I'm not sure I see a reason to extract it.
https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... File base/profiler/native_stack_sampler_mac.cc (right): https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... base/profiler/native_stack_sampler_mac.cc:131: // If this stack frame has a frame pointer, stepping the cursor will involve On 2017/05/22 19:03:37, Avi (ping after 24h) wrote: > On 2017/05/19 21:21:21, Mike Wittman wrote: > > nit: this could be extracted to a separate function > > It could be, but it's short enough and is only used here, so I'm not sure I see > a reason to extract it. I was thinking it would make this function a little easier to read, but the effect is relatively marginal so feel free to leave as is.
LGTM https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... File base/profiler/native_stack_sampler_mac.cc (right): https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... base/profiler/native_stack_sampler_mac.cc:132: // indexing memory access off of that pointer. In that case, sanity-check Does unw_init_remote() work instead of unw_init_local()? (Even though you’re dealing with the same process.) Probably not, it looks like it’s not fully/properly implemented. If it worked, it’d get you something that accessed memory via mach_vm_read() or similar, which will just fail when asked to read something unmapped or protected. Compare this to the raw pointer dereference, which crashes under those circumstances.
https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... File base/profiler/native_stack_sampler_mac.cc (right): https://codereview.chromium.org/2894223002/diff/1/base/profiler/native_stack_... base/profiler/native_stack_sampler_mac.cc:132: // indexing memory access off of that pointer. In that case, sanity-check On 2017/05/22 20:29:44, Mark Mentovai wrote: > Does unw_init_remote() work instead of unw_init_local()? (Even though you’re > dealing with the same process.) > > Probably not, it looks like it’s not fully/properly implemented. I saw that when looking at the source. Dunno why they'd spec out an API and then neglect to actually implement it.
The CQ bit was checked by avi@chromium.org
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 1, "attempt_start_ts": 1495485171046950, "parent_rev":
"1ae492e092717e3c75e770fd74ab9c8379b5784f", "commit_rev":
"de8adfb9a185c752df2f7e464e77620badd313e0"}
Message was sent while issue was closed.
Description was changed from ========== Bounds-check rbp when unwinding a stack frame that uses rbp as a frame pointer. BUG=531673 ========== to ========== Bounds-check rbp when unwinding a stack frame that uses rbp as a frame pointer. BUG=531673 Review-Url: https://codereview.chromium.org/2894223002 Cr-Commit-Position: refs/heads/master@{#473689} Committed: https://chromium.googlesource.com/chromium/src/+/de8adfb9a185c752df2f7e464e77... ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1) as https://chromium.googlesource.com/chromium/src/+/de8adfb9a185c752df2f7e464e77... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
