3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-03-09 22:26:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

ios: Handle empty stack in GenerateStackMemoryFromFrames.

Browse Source 
This fixes a _LIBCPP_ASSERT vector[] index out of bounds error, caught
by fuzzer.

Bug: 1274178
Change-Id: I95f3fbe450209a24ccc0229741ea752990e18ed6
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3307697
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This commit is contained in:
Justin Cohen 2021-11-29 15:01:00 -05:00 committed by Crashpad LUCI CQ
parent 281ba70a13
commit 0453ea1686
4 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
snapshot/BUILD.gn
View File

@ -493,7 +493,10 @@ source_set("snapshot_test") {
bundle_data("snapshot_test_ios_data") {
testonly = true
sources = [ "ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa" ]
sources = [
"ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa",
"ios/testdata/crash-5726011582644224",
]
outputs = [ "{{bundle_resources_dir}}/crashpad_test_data/" +
"{{source_root_relative_dir}}/{{source_file_part}}" ]

8
snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc
View File

@ -664,6 +664,14 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FuzzTestCases) {
auto map = process_snapshot.AnnotationsSimpleMap();
ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end());
EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes");
fuzz_path = TestPaths::TestDataRoot().Append(
FILE_PATH_LITERAL("snapshot/ios/testdata/crash-5726011582644224"));
crashpad::internal::ProcessSnapshotIOSIntermediateDump process_snapshot2;
EXPECT_TRUE(process_snapshot2.InitializeWithFilePath(fuzz_path, {}));
map = process_snapshot2.AnnotationsSimpleMap();
ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end());
EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes");
}
} // namespace

BIN
snapshot/ios/testdata/crash-5726011582644224 vendored Normal file
View File

Binary file not shown.

9
snapshot/ios/thread_snapshot_ios_intermediate_dump.cc
View File

@ -135,10 +135,11 @@ bool ThreadSnapshotIOSIntermediateDump::Initialize(
size_t frame_count = bytes.size() / sizeof(uint64_t);
exception_stack_memory_ =
GenerateStackMemoryFromFrames(frames, frame_count);
stack_.Initialize(
0,
reinterpret_cast<vm_address_t>(&exception_stack_memory_[0]),
exception_stack_memory_.size());
vm_address_t stack_memory_addr =
!exception_stack_memory_.empty()
? reinterpret_cast<vm_address_t>(&exception_stack_memory_[0])
: 0;
stack_.Initialize(0, stack_memory_addr, exception_stack_memory_.size());
} else {
stack_.Initialize(0, 0, 0);
}