From 48781dc182c24b3b41b0c9a16209663786855a1f Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Tue, 14 Mar 2017 21:25:50 -0400 Subject: [PATCH] linux: Fix process start time computation The process start time in ticks was being converted to an integer from a temporary string that had gone out of scope by the time the conversion was performed. It was possible for a format error in /proc/pid/stat to go undetected and result in a buffer overflow. Bug: crashpad:30 Change-Id: I03566dda797bc1f23543bfffcfdb2c5ffe1eca66 Reviewed-on: https://chromium-review.googlesource.com/455378 Reviewed-by: Joshua Peraza Commit-Queue: Mark Mentovai --- util/posix/process_info_linux.cc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/util/posix/process_info_linux.cc b/util/posix/process_info_linux.cc index 861c8031..6389e765 100644 --- a/util/posix/process_info_linux.cc +++ b/util/posix/process_info_linux.cc @@ -247,14 +247,19 @@ bool ProcessInfo::Initialize(pid_t pid) { return false; } - for (int index = 1; - index < 21 && stat_pos < stat_contents.size(); - ++index) { - stat_pos = stat_contents.find(" ", stat_pos); + for (int index = 1; index < 21; ++index) { + stat_pos = stat_contents.find(' ', stat_pos); + if (stat_pos == std::string::npos) { + break; + } ++stat_pos; } + if (stat_pos >= stat_contents.size()) { + LOG(ERROR) << "format error"; + return false; + } - const char* ticks_ptr = stat_contents.substr(stat_pos).c_str(); + const char* ticks_ptr = &stat_contents[stat_pos]; // start time is in jiffies instead of clock ticks pre 2.6. uint64_t ticks_after_boot;