3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2025-03-09 22:26:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

ios: Limit depth of intermediate dump parser.

Browse Source 
Limit the parser stack to 10 to prevent malformed intermediate dumps
from causing a stack overflow.

Bug: 1321382
Change-Id: I880e80de585b0fb18f0c383102b9227d6ffbfa76
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3637719
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This commit is contained in:
Justin Cohen 2022-05-10 12:34:01 -04:00 committed by Crashpad LUCI CQ
parent 94242690d5
commit 4581a355b1
4 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
snapshot/BUILD.gn
View File

@ -492,6 +492,7 @@ bundle_data("snapshot_test_ios_data") {
sources = [ sources = [
"ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa", "ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa",
"ios/testdata/crash-5726011582644224", "ios/testdata/crash-5726011582644224",
"ios/testdata/crash-6605504629637120",
] ]
outputs = [ "{{bundle_resources_dir}}/crashpad_test_data/" + outputs = [ "{{bundle_resources_dir}}/crashpad_test_data/" +

5
snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc
View File

@ -679,6 +679,11 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FuzzTestCases) {
map = process_snapshot2.AnnotationsSimpleMap(); map = process_snapshot2.AnnotationsSimpleMap();
ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end()); ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end());
EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes"); EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes");
fuzz_path = TestPaths::TestDataRoot().Append(
FILE_PATH_LITERAL("snapshot/ios/testdata/crash-6605504629637120"));
crashpad::internal::ProcessSnapshotIOSIntermediateDump process_snapshot3;
EXPECT_FALSE(process_snapshot3.InitializeWithFilePath(fuzz_path, {}));
} }
} // namespace } // namespace

BIN
snapshot/ios/testdata/crash-6605504629637120 vendored Normal file
View File

Binary file not shown.

6
util/ios/ios_intermediate_dump_reader.cc
View File

@ -70,6 +70,12 @@ bool IOSIntermediateDumpReader::Parse(FileReaderInterface* reader,
} }
while (reader->ReadExactly(&command, sizeof(Command))) { while (reader->ReadExactly(&command, sizeof(Command))) {
constexpr int kMaxStackDepth = 10;
if (stack.size() > kMaxStackDepth) {
LOG(ERROR) << "Unexpected depth of intermediate dump data.";
return false;
}
IOSIntermediateDumpObject* parent = stack.top(); IOSIntermediateDumpObject* parent = stack.top();
switch (command) { switch (command) {
case Command::kMapStart: { case Command::kMapStart: {