From 0453ea168685ca0272dde3bd5117956d0b7a97f3 Mon Sep 17 00:00:00 2001 From: Justin Cohen Date: Mon, 29 Nov 2021 15:01:00 -0500 Subject: [PATCH] ios: Handle empty stack in GenerateStackMemoryFromFrames. This fixes a _LIBCPP_ASSERT vector[] index out of bounds error, caught by fuzzer. Bug: 1274178 Change-Id: I95f3fbe450209a24ccc0229741ea752990e18ed6 Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3307697 Commit-Queue: Justin Cohen Reviewed-by: Mark Mentovai --- snapshot/BUILD.gn | 5 ++++- ...ocess_snapshot_ios_intermediate_dump_test.cc | 8 ++++++++ snapshot/ios/testdata/crash-5726011582644224 | Bin 0 -> 71017 bytes .../thread_snapshot_ios_intermediate_dump.cc | 9 +++++---- 4 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 snapshot/ios/testdata/crash-5726011582644224 diff --git a/snapshot/BUILD.gn b/snapshot/BUILD.gn index 225d3446..e3ad7f67 100644 --- a/snapshot/BUILD.gn +++ b/snapshot/BUILD.gn @@ -493,7 +493,10 @@ source_set("snapshot_test") { bundle_data("snapshot_test_ios_data") { testonly = true - sources = [ "ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa" ] + sources = [ + "ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa", + "ios/testdata/crash-5726011582644224", + ] outputs = [ "{{bundle_resources_dir}}/crashpad_test_data/" + "{{source_root_relative_dir}}/{{source_file_part}}" ] diff --git a/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc b/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc index 84f6a7b0..5f56082e 100644 --- a/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc +++ b/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc @@ -664,6 +664,14 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FuzzTestCases) { auto map = process_snapshot.AnnotationsSimpleMap(); ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end()); EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes"); + + fuzz_path = TestPaths::TestDataRoot().Append( + FILE_PATH_LITERAL("snapshot/ios/testdata/crash-5726011582644224")); + crashpad::internal::ProcessSnapshotIOSIntermediateDump process_snapshot2; + EXPECT_TRUE(process_snapshot2.InitializeWithFilePath(fuzz_path, {})); + map = process_snapshot2.AnnotationsSimpleMap(); + ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end()); + EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes"); } } // namespace diff --git a/snapshot/ios/testdata/crash-5726011582644224 b/snapshot/ios/testdata/crash-5726011582644224 new file mode 100644 index 0000000000000000000000000000000000000000..c2ebe211bf3d13ec9a6dcdf610300cb497113d65 GIT binary patch literal 71017 zcmeHQ30zdw_rC*-8zLyVq=jSd3oSEGYe2M$I)BG_BM! zGBrypvRrXNb1SW|#9uBcm1UYKYKx}H|GsVJy!$Rcs-M4d=0ETAfp_2C-ka|^_uO;u zJ?GvAav72#?vlw$1Ldm%gZM{_YPy;UCQe4ks3}g8uMG6#lYX2aL-JRhk0*5a@ik{b zGheXH+{SEv+3G;~+Q3G9S>YysT@vLZTSMjy+uQ&VIomJwK|VgRS;6uJ!EO24^l2H2 z41J;9pthMTif;OJoyn*TkLVTIUA`z-`07BMS^k{!ktr%K5kD>rZotUTE-}me7W&#+%-7sn zCZE(=K!bU;+$MgU+*){Rz$1OxpCm7KMpY-*1Tb-OYwNZAceh6z^9a9VR)}WTuTLY? zjZa7Ixo080nok$<`8E_Xa(DAR+`WO1_*p0~)F+hM_V|qnwfKEPexf=d8She8LZ{#TS!S@pv9WISAEsf-Ngz3LHY^l!u>`5_X^KFpW@o9@GQJfcs5_1 z!^w^ZG`m>Yz{?L+K#v))k*4?Ien%pIFNx%yw}0=dpOHht??o*T((x}5WX_~!T!irL zLboS;%U`_<67;W>7leUVI56n_v%-P-0)dte=7G6lr?c${7Y`78PSAFk%|BR*cp{{Ua4AOAiD|18AU@a1#%_GjNGloRgNd^>-t zoJ;46J8w<+&|A2}6!_nnhy(Y-2OK8bsqE7QK8!p;{N35#ll67taB<+Q%q6_50=I9b zeG2sm@j`uxLm~}KekK3=r}SLH{?5vKlq}wp*MzcnK`)pVah8>H_gt9D=2P*%|6=I9 z?DH4fIeEs&L*`B?|8Ub8@4_j|9+grU8RnnHaH)! zyyffL`b1MUe+6G&$WGobZsO#q5brMp@SVXXrz?log8Kv5`nvPDlXMb_btbwx$K}U3 zz7;b3P4}{wg4pjRUw7+viIW$YG;W-Lknp>!dAxR9NMhUBbppSGojE*E4Of4T@XY7` zg705(I`?Wb-(&Ilk?_plyYcY~oLkP8@I$b_5#HDBC+>Zf#QVyG=Q`deq~8ii=Hv$V zRj5rD?sq7J?-K5OeD)dc_XpK-@6`$Uxw~vA|IAm1HuHQU#0&QlKHrNC`1fCF^{ARD zB;W2Y$T)=hv(?BB`1{Cr_zPV;LW3L1EBuAtF(mxJOPZ>ILDQcM&AV~=aF%>0r~sEA z+z`pPISVs`DIb}<-2W_FH9}!=X0t)BQQPz;qcv=d#+0Y+tu~v(5=?j;Wwcqt617EI zgUPJ5gr(!LT)xRtXbs~=b7>j9&3sf?sy^4EwiJWh2_}oyIRFexx0v$v2CX%0q}^!K z7vcaOAojNE3oYEU>wP1&R+HVLab+E8GTFj1imf(nq4PD#7ImR^lF2f`iVIq_Lo8~u zPOq`{&KKfE(ekY>NOH=$F?=N7<&4T|Ek#~cNJHLN*0cdYK6}v(#id#O+fT__|Mjl# z#)pfLSE^7`JW!?}f69}P&(uz~5vVg!5b>ZJti%C`|3cyQn)_H-M0}3tFkF28>GZk! zD<>n)E?fO%eo5!A{w+cqRiHgSo{e^fR%5s5ZN&g>Aqt|6T6G}!TS4J(M@tfIS<~My z0JPuU7k~WhFa4&K?7H=;rG?!gLOTfg{(gaqcDZ};w%uw8Gw5@fzsGxr_s%QE0SIRL z7h?!8kG7Nw3niy40oL{R5wY&Q4dYYtE2H`^K6&Do=9fc)MPOpYhGTg|5fnSz7EDdg zo-{bCyO5ILI0eoeuD=IxBHuDUz?%&w9$z%A|DX+T{(8FIxHex76T?}7%KWHsR=6#k zT<6z2Udo_~r%48_q9Cf^emO)GwU+}#U%qdFI`7kgPcImI?w%>j4)hQsig0EsqC4Fd zQOuy~T)h-eWhatD4^i;U;Tk-tmx;Nwq4L0pw;i#0i$1))I8U?ov>4Mmxs;A61GF%- z5~gaML%csVrF++Ect94Lav#(5j+0WSrZq{OBNXZ=IG{w_eimvH^YV-lA%~R#>o1&d z5H)AxVlib9O7`WreLTzFPL27BdvQCVF{fMfMQWQCD9(u{jlB@7_`}skb%E9b^a>&c z_K0QkdlNmPKSjN$ppf8ONP=mP4VbznZoul*&*g;FBpmsGB*C}z9`WuQv>@bNA>rG_ z-EzBgD5{PkGsOk8gJF5{uVaHF4BLm<7PNh%+d)xdRj5!A&P`EYaT{hY_ncvn%FC>jVR{=g z+W;h`GY-P8itI$dzK%BF9m{GFpqrZDdng#dzC5Kz;IY*M_B}s4eT-?|hE^ij%l4x~ z!A{r-j*)(Qs&=woV={s-=VQQkJ3G2_cY<&Ti6(~-a@@oNQ+|#Jp&~7(<@2xd-n&o(7^&OO1P(>Wk1_D7rt%gv!40v^9Ib!kxnPhCp?=UW z-}NY0zIy+0UzCIE;qwd6B8y-%l9hkX<*(t(v-$D+nf$)vaKOyH4~PEaW#)fZ@|C0P z_Y0XTn0V%@p457#JHkKk!sgw;)SUd2^rUDb43KKhol!7FjKxZ*eTRWpGAtNxt{`M-dS7 z2hZeyKfLXnZ*6yZI~U{$BPWHN#UK@0VTY+$E5N-p)_ku8X z1$CBf2g2CW(;1KL<(*+hLlWMr0O1ZGjQuT~c{+k{ClKxo!d*bPD+pub8D~A+LAVD9 z_XOcyARG$9y+K$B!r>qs0m6|W90kICKzINM4+P;sAUqg^lRDro@ko8#$K$ z@GPs=VhwxDZnf!+8k0_I3}fu+!!#DPRcBV`xdJA;4V(4n+6zMUX2yvdBg=brvsk2z z$VeKQnax$6l9b^lkc0``f=zyhtM$fAokgq8OVDXG6R>RsYYEJumOL_Uc+%*!k;CpB zZa!d@|LEd9FPyT*3@Zs~H&*$*?2KrYAG6{r-WZK*ip+=w3-EIP&$(w5CM9EPJ+2to zp+nEOS0pDV$M;K!=@Xie5FZ^Hl^C8B8lRXP6PnOh*)K7nPgGJ&OmbMB+NNfGGcZI9 zzr@>(c?K=y`mmVjguc;nQGG-E#YD%4Mn%MjhsG!Mi3$zJ32{*|$w`s%5n+0hHJfFv z?8zFt-i9q>tgM>}B_1~0pgru^3N+g}vD4MeZ-;&|6xwz3dLROv0V$)jKyx3cpz4*M^LbI(nn|&89z^CC+IpFK8qg#92H?42W ztqD)H*fiPKM({OL1{e)7B)~5!_y3Tu4070A?3Pr&5P{sBvxW5~2i#1vf3M*95f}zx zF#zqcnyxrKFW~aPs3rTC4{i7~>MMd)p$hJD3qtEO>pA9L&=NLHzzU8vx&o$5>@&n! zabFr?fHja}_ZGzA0dOV^unx*!?2+gj-hAPYBmK_4XV@#kS!{rXt8(I8?I}1Xo3OBF z9RmT_u1JWu*+g1qmr_jL(y>O3FVb#a?9b?v+ip-8pO`0wxVnigC~fqW67 zpk(oSll}=Gb)XD-y-ELDhkpR3*P9gYz3^Y|p8(+GR1dE=>77H=-MmS?KA`B2`haqy z3g_6)>jR1b@%n)N38kR!fgbeQ18NwIhN_s?neVToE_H}=I_?4FopBKMzu%b;w=k!? zIp@~18dBIZbZR`l(P_1C(;!zQ1l}=$^fdp3GNq*CW}m?%USrvZaFeE;84s^&aWJau z26>Al`Ss-SqUod(75b3ANz)G=27C%$zs%5D*p(l^@-P~LpPta4m_hxJ0=|P=E(PEt z^rH+c0$dzD*)*fPZ(`Xd^%0wG=$j(&F~Ya#p2H{H8hkKQol=N*R!B*MfO9brYsW5f z_RfzoTb&cbf+Cqa6|D?Zb$#xOW&5MGWxl^=sWN?iNW9lJqOJ^_cWb;UQpS{TOVt}E z=#2#c`V3brgukq70m14=DXcDCEI_CST$DNT^*amqjEYEEbp2;d%Y;vskkDhp60qLo z6!6t<4LxA>hwN&L?Qv%M3PA3Pgou~^i`;^54h8WtY@&lNlHu_pCJ->2Mz0)}_QN2} z`^T1AwkKWtRD^nv!)K3Z_1ua2Sx-Tooi3D$br=niFMF93HSrWtQ-ck+D9Fp~aD6u; z{+_t5!^7Lm-l$ic*%v)Wggh=ilfDU;$B6b3S{q|81DKtUfp|O8yAZNv6b0{eZbe_z zjf%KD?&O;lO<#-N{LYY@$EIF7bzFos-i)uT301c2V#(+>OJZP($~w`2ZA2oaJ3uMX z0|cP74f)dP42)8sZgOemFw;8JuiMnEvWp?QrV@djLf1|9xGkt=i*}-2%K$6I)%+}} z@6q->lWue+t%2l9$QEK4Ki%5a-{+7<+H$99L zco%0Q)~@4CYD*qvSV>EU#4x9IB#3dCLX1+$@G=DHq3vW*hj*)L28Yj@x_@TF=+c4! z5izP|I5V|hyzbV-06KS;QP1qhomp(wrsUzB{Pg*HY@-QO5_$$m36*?2L5a>34Mo9O z4vI9CeUK8hhDkjGy2UJ;I^;s`kSXoNdsSh$KcQ2?)26rZUg{Zkvl-h>0wTB~A@HSU zQj+Oyin6qqp0~9#UI0(J+=dOf|386sm!0tu(63H0RC}{t40cZO+i+p@V^UW`PtmJ7lHRViZH2U z;riEj(#`p?wV(&4~SWW9pTn37N+v));H)jPGf4 zm)v<5dH8@k?9gwwkPdFNWJnAoBj+yXQ`&`!qQ{GL%U92iX)$g?^q?8@1MXjZ^wC42 zc7Z9`gg$ZeGe=}Ml|s@v{dAKadumy-QYf>?k~ByLMF$PhCITsKqTbFRX|g4yp-qj*eYtyn_F#uf@ z4{>*N8b>gE3I%s12aky1H^HIQ<5@l8rk?9pIql~8wqpzKk;xx-ZV$;8-9(=``--dA zO>vhB{eR3X+ zI}qO3i8i|O7z?rC+C05F(_}K_nkEClVKhWt6-|z@UZ6L zN`M5&c`}B?YlBLGL&Nzs7$C-(m6)?8kPWH+h}#WuZ$v_ps!;vorgI+07@G~a`2iW#6tzd8EBlFn~$RE~SD z<(S)zhg!s5WlD$7a=MUlZ@CVHOiG$~4R#c^JHxY@*08uRHVH!R=t)}M45V;<1x1k$ zhW6S|D6e%MqUw{nYDwcMeOGr;h&UcYUfPh_m0ogdjt7u48$FINF*bf0cFGd6yCeeYjunf=R-ZdF;T*G2dv6>7tNg5=BavnK}|0$&z)JQs8!shkoMlU7o=^FFsQrrEt_jO+*R&VOIdG$0h#H%$E z>N0|oq(L%N+eqiL7b#?@VCKBA4Bz3;*&s6yqSi3x#Th@}e>Aqus-dsXTCw_)WG&@O zdTa1B8^CzARm+kAsP@h{2zyW_srr0PfxU$Dgp#N}m=Z2^vw8O7LgVWZjh`>tv%Tt? ze79H-ArwuYL_5RK5MQ1&sLe_NxHE&G5<1Nw z=kJ|z?@#tlvA-={b@j()#|xe#i7=l&ZSQIB-JH`E)7iqg91shkS1cu=r`dhy)Ti)w zcwQey{oJi-XtB5AiwKv(2DUBKYgx`+FbPg}aNA30&@( z8DgtdkKLK|wqmKRYh@3z8~upl$y`&P#fPD(@xwQo^}jvKI-!;I(mb;W)(RxE)7J%e zyDhAGja`HF^4@V$NX>)Dd9hOzNEO^RC{R%NB*G3dYf`ScrnB zPRzB;y_~;m*wZAcS@d4-klUkbDl9Y^6D-AMY@flNf&+zXr3Bm^6mTmj;D-DFM)1?N z+?!o?ZNLxZL0Q|Lm6f+A!43I=+P8h=0pObPb`h3r>>n(_wqzj5xEm?hI;7b8=0nD{ zwH&`_+@)CMypby!o}4(7SaGgE`Ek_n0MJ_XoPDX`)hzx&F6 zzVgP$QC;V+?eM@$?ee>kO#2=kST{Y;2FO|5eQD~D2SM$~{iJBnDkQqDUz6Q%FR6>~ z-qu|!AGB)5u{rIEn+@nBf>!15*-hWy#O--DPj5A=Z5o}FXKR8;U_YSnteG1;6Ek;y zO?ttV;#tq$6EpmWzQ4V+vOvAMPn>w>4uji^zEb>wy9)&7*gh$+C7nrNH&KAC;C?&- zEU^TTa=Z1zBQHgj&xrlB_phPj9}saZ&MQ8-jag7&Pq=b>#j6l2UKHIRX9U@QZKfcb z!yzkDyiP*@=HG9$>unGyZ+bPg0 zD9{dss=?Rkx03zZ_iyx0r|;J+C|V>LDd4k4X(I)SZ=W;@75{`U8{z5#XN^72H-HU%RxBC-aqh=5@mmUln=utaT< z_HPh1fZwGqFk#*e@lDKpjx`K#hiuaq;z0duuE(CyMlEg)W`o+sZ0;K-jFkRYBo%A` zxM4iAvdV?Bt@^@j;VZIrCM#vlN`VZ-(#kf<*q-J<_9GnIzttg8m6H~8b$Z^*C3CtT zZ9|THu~7?cHIO7Rye_ZFc3mh)}de!Ye^7W<6&%v|(2mF1&q_(VE zb2v44HlcHGt4|-tmV+;^uiQChp6Kg?P?P5Lsll#X-T&$9Z90oqOP|f-d~kk+=;KwW$+z^6_q3xjK2MpS<#d>wQce_xSti@J5adYI5-F0V~(V_2_XZ`MHy% ztayvw6S}E!3|1_7K(jUZI;{aON>HFxEhLqUBa}W-!L?Q(1qf&t9jLljR}_2itbp*m z+^SRle-K(XwLoN{EyRZ{Vs9FgQOd71(@0ROD4?bXu&9ba6$yZuFg1G zxU;$8H4@Y(>HNCeZAGivqS5J#w7nywkeYu^B18a988&k>P7qR`#!v*ze>$Mmwwck> zpWWOgZ0Cw^3Q0&cbVzr)Eu@nR4G}avRiBdE`+iDcQDrj;i#Emw(YiKjSan)CY<|P= z6FY7X3RoCec}0w;19kK?JPm4Nfu1rMS2i$$;Lp<(JQW-tLH@+!H-P8KL$~~%S)}}| zS3=92K zBe<-5IiY?be-59&T@aVwOgszkA@9!L!~f39wGG)ULcH)EvfLIvKTKELZjTgGhWj#j z3H1oiFdwXI44)sSv-R+q9F-rEg{WbL617FqG-*BVN44 zIureTV)yx}BTXh-7-4emb)EhD{LTpIfvvgAOBUEFx*}n__PWmg0iQzN{gB4+0Ch%& zQZ`zK(GdBvmsyoUzRT&z6;F|qP9YrHzytjVTdn@PCwIl#@ZPbP378DReXEJ?_Q8090(1uyf~^4AEL`Y6Hd9S`|g^7XC2> zRu* z>H@8W9Y44{3Mr|u>#MwyPMGr@q8u@xppZhe-`kE$)^8kdM9*3`ZKM3{O-0!vQeeF6 z*zfJ8hmiuyZKK{;P}gB@v}8yOa~kQXa+pGlQf}@5h#TTqy`m29R@Dp+pEY&=%!bjW z1py*rRLhW_e!kCjwyeSKzwq$)Jsj2(he_av(?|TC zbBr?{0I?gC0l=A#fsKQBmuw}wVw!VYWdzHSLWwr?k#@%n%vpG61t@TwaS(dt&s_-_6GD+Oj#ex>B32h! z((ivR;B5b9k&mxvKH4;6R2kttr)so&Gwm+8VnzcGR4*hE3)_YuP}8?@!-q-DBom((P6qagrey1F_Dj z<@OJ8&2!D8FuH?d$hsv?SnSMK^Ao{<|dB`Sjter%9YK37MH{OMw6f&&Q_WT3873O&(+&ZA%vydU(@jQ7!^JxEyHffS8KF@rJZq*pUr*A zeYwt2gh^$6crVC#Tfgx2*s9rM&t%J61nva2zYS z3Z@Ox%v$4+)T9i6w-5#4R&9$V*!wgE?g|oaOCkPJ94XS>v-W50nb;_%(UcJjSECHn SON4ol3(&exception_stack_memory_[0]), - exception_stack_memory_.size()); + vm_address_t stack_memory_addr = + !exception_stack_memory_.empty() + ? reinterpret_cast(&exception_stack_memory_[0]) + : 0; + stack_.Initialize(0, stack_memory_addr, exception_stack_memory_.size()); } else { stack_.Initialize(0, 0, 0); }