From e74922936da1b5f14fe5f520952646a907dc1478 Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Thu, 13 Aug 2015 12:55:41 -0400 Subject: [PATCH] Check the size of of the dyld_all_image_infos structure before using it After 6083a2706d55, it is possible to determine the expected size of a versioned structure such as dyld_all_image_infos. The expected size is compared against the actual size of the structure as returned by task_info() (TASK_DYLD_INFO). TEST=crashpad_snapshot_test R=rsesek@chromium.org Review URL: https://codereview.chromium.org/1272283004 . --- snapshot/mac/process_reader.cc | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/snapshot/mac/process_reader.cc b/snapshot/mac/process_reader.cc index 76636758..c7f674bb 100644 --- a/snapshot/mac/process_reader.cc +++ b/snapshot/mac/process_reader.cc @@ -374,7 +374,21 @@ void ProcessReader::InitializeModules() { return; } - DCHECK_GE(all_image_infos.version, 1u); + if (all_image_infos.version < 1) { + LOG(WARNING) << "unexpected dyld_all_image_infos version " + << all_image_infos.version; + return; + } + + size_t expected_size = + process_types::dyld_all_image_infos::ExpectedSizeForVersion( + this, all_image_infos.version); + if (dyld_info.all_image_info_size < expected_size) { + LOG(WARNING) << "small dyld_all_image_infos size " + << dyld_info.all_image_info_size << " < " << expected_size + << " for version " << all_image_infos.version; + return; + } // Note that all_image_infos.infoArrayCount may be 0 if a crash occurred while // dyld was loading the executable. This can happen if a required dynamic