Fix overflow error in breakpad for linux
A computation in the stack unwind algorithm could cause an overflow if a base pointer read from crashed process is sufficiently close to top of address space. This causes a memory read that causes the dump thread to crash, resulting in a failure to generate crash dump. Check fixed to properly detect that this pointer is greater than actual memory range of current stack. Patch by Kyle Joswiak <kjoswiak@chromium.org> Review URL: https://breakpad.appspot.com/3754003/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1425 4c0a9323-5329-0410-9bdc-e9ce6186880e
This commit is contained in:
parent
5bf649f336
commit
19a35ba066
@ -44,8 +44,8 @@ void SeccompUnwinder::PopSeccompStackFrame(RawContextCPU* cpu,
|
||||
uint64_t top = thread.stack.start_of_memory_range;
|
||||
for (int i = 4; i--; ) {
|
||||
if (bp < top ||
|
||||
bp + sizeof(bp) > thread.stack.start_of_memory_range +
|
||||
thread.stack.memory.data_size ||
|
||||
bp > thread.stack.start_of_memory_range +
|
||||
thread.stack.memory.data_size - sizeof(bp) ||
|
||||
bp & 1) {
|
||||
break;
|
||||
}
|
||||
@ -107,8 +107,8 @@ void SeccompUnwinder::PopSeccompStackFrame(RawContextCPU* cpu,
|
||||
uint32_t top = thread.stack.start_of_memory_range;
|
||||
for (int i = 4; i--; ) {
|
||||
if (bp < top ||
|
||||
bp + sizeof(bp) > thread.stack.start_of_memory_range +
|
||||
thread.stack.memory.data_size ||
|
||||
bp > thread.stack.start_of_memory_range +
|
||||
thread.stack.memory.data_size - sizeof(bp) ||
|
||||
bp & 1) {
|
||||
break;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user