Most significantly, this includes:
6a848b1a1643 Require a minimum of TLS 1.2 (#1889)
Although Crashpad only uses cpp-httplib in tests, there’s no reason to
taunt fate with this tempting juicy morsel. TLS 1.1 is deprecated
(https://datatracker.ietf.org/doc/html/rfc8996, 2021-03).
This includes a change to util/net/http_transport_test_server.cc to
ensure that the test server, which runs in a child process, continues to
return the full multipart request body as it had in the past. Since
cpp-httplib 7e420aeed361 introduced multipart handling, the raw
multipart wrapper no longer appears in Request::body, but is instead
made available at Request::files. With this change, the test server will
reconstitute the original request body to match the test’s expectations.
Note that this isn’t the only way to serialize the request to be
conveyed back to the test, but it’s the most expedient because it’s what
the test already expects, and because the existing framing already takes
the form of the raw HTTP request.
Change-Id: Ia4adaedff0873976f7cc5be138d78f931165fe4e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5753782
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Since the test is specifically trying to exercise UB by testing the
state of an object it is already destroyed, unpoison the memory to
suppress MSan errors.
Bug: 40222690
Change-Id: I840e944f5e8b39668ac05d8d641fdd5f2e3db5ac
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5716150
Reviewed-by: Mark Mentovai <mark@chromium.org>
This was generated by replacing " NOTREACHED()" with
" NOTREACHED_IN_MIGRATION()" and running git cl format.
This prepares for making NOTREACHED() [[noreturn]] alongside
NotReachedIsFatal migration of existing inventory.
Bug: chromium:40580068
Change-Id: Idb68e2fc8adba180350b0595fd494cf0f206bded
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5548246
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Previously, ScopedSpinGuard used std::atomic::compare_exchange_weak()
in a loop to implement a spinlock. After looping for the specified
number of nanoseconds, it would give up and return an error.
A few bugs have come in on ARM platforms (https://crbug.com/340980960,
http://b/296082201) which indicate that this can fail even in
single-threaded cases where nothing else has the spinlock.
From https://cbloomrants.blogspot.com/2011/07/07-14-11-compareexchangestrong-vs.html :
> compare_exchange_weak exists for LL-SC (load linked/store
> conditional) type architectures (Power, ARM, basically everything
> except x86), because on them compare_exchange_strong must be
> implemented as a loop, while compare_exchange_weak can be
> non-looping.
and:
https://en.cppreference.com/w/cpp/atomic/atomic/compare_exchange#Notes
> compare_exchange_weak is allowed to fail spuriously, that is, acts
> as if *this != expected even if they are equal. When a
> compare-and-exchange is in a loop, compare_exchange_weak will yield
> better performance on some platforms.
>
> When compare_exchange_weak would require a loop and
> compare_exchange_strong would not, compare_exchange_strong is
> preferable [...]
My conclusion is that this logic needs to use
`compare_exchange_strong` to avoid spurious failures on ARM in the
common case when there's no other thread holding the spinlock.
Change-Id: I2a08031db6b219d7d14a5cd02b3634985f81ab06
Bug: b:340980960
Change-Id: I2a08031db6b219d7d14a5cd02b3634985f81ab06
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5545257
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Bug: crashpad: 326459659,326458942,326459376,326459390,326459417,326458979,326459333,326459016,326458338,326458738,326459156,326459512,326458694
Change-Id: I04724530cbef50a8d3c18f306d16c0bbf3b0815b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5512394
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Arthur Wang <wuwang@chromium.org>
Some unique_ptr<T[]> are also changed to HeapArray in order to
facilitate the change.
Bug: chromuim: 40284755
Change-Id: I30b9d55ff81f23c63ad4958786740f67ee612024
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5512569
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: danakj <danakj@chromium.org>
This better ensures that using code like
`NTSTATUS_LOG(ERROR, status) << ::GetLastError()` would print the
intended value. This isn't done today by the code AFAICT, but
making this change primarily for consistency with the change to
Chromium logging in
https://chromium-review.googlesource.com/c/chromium/src/+/5443628
Bug: chromium:333445539
Change-Id: I49f16b9ed78d98a0b2f178f58465002aad757ae5
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5474027
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Andrew Williams <awillia@chromium.org>
Replacing std::is_pod usage as per the following compilation error:
```
../../util/misc/uuid.cc:44:20: error: 'is_pod<crashpad::UUID>' is deprecated: use 'is_standard_layout && is_trivial' instead [-Werror,-Wdeprecated-declarations]
static_assert(std::is_pod<UUID>::value, "UUID must be POD");
^
/usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/type_traits:818:5: note: 'is_pod<crashpad::UUID>' has been explicitly marked deprecated here
_GLIBCXX20_DEPRECATED_SUGGEST("is_standard_layout && is_trivial")
```
Bug: None
Change-Id: I1d61ee12261877f7f1f84f0ea15d262d22959766
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5472885
Commit-Queue: Andrew Williams <awillia@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
base/sys_byteorder.h is going away. Instead, use the byte conversions
in base::numerics to convert from a byte array in big endian to an
integer. This avoids putting big endian data into integer types at all.
mini_chromium was rolled and crashpad updated to work with newer
mac/windows toolchains in order to support C++20 in
f9cee5c147db30dc8fa1a048aabd165965b5cb60.
Bug: 40284755
Change-Id: If690847b7aa54b0216e73ec297eae3d0bca2fa57
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5402184
Commit-Queue: danakj <danakj@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Arm's Pointer Authentication uses two keys for signing pointers, A-key
and B-key. Although by default Clang uses the A-key if PAC support is
enabled at compile time, this behaviour might be overridden via compiler
command line.
This CL fixes the check for the B-key being enabled. The key that shall
be used for Pointer Authentication is denoted by bits 0 (A-key) or
1 (B-key) of __ARM_FEATURE_PAC_DEFAULT. Hence, the previous way of
checking by using bits 0 and 2 does not correctly identify the B-key.
Bug: 40608466
Change-Id: Ib2f226baa12a7145fa0b6e486e49d36e6b0a3cd7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5341090
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
This adds argv[0] for PLOG(FATAL) calls following a failed posix_spawn
or execve call to make logs more useful.
Bug: chromium:324982367
Change-Id: I179928ec9f791ce5b365b3444aa3bb667f4ec4b3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5315332
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
If building for chromium, honor the ios_is_app_extension gn variable
that is set per toolchain. When it is defined, the code is built for
an application extension (i.e. -fapplication-extension is passed to
the compiler).
Use CRASHPAD_IS_IOS_APP_EXTENSION build guard to not compile code
that use unavailable extension when ios_is_app_extension is set. If
the variable is not set, then check at runtime whether the API can
be used or not (if the crashpad client uses the same toolchain for
the main application and its application extensions).
This is required to pass -fapplication-extension to the compiler when
building application extensions (which allow catching API that is not
available to application extensions).
Bug: 40120082
Change-Id: I28d545fcfd0f8662430c40ff202b79b0c2b2ff8b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5286216
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Sylvain Defresne <sdefresne@chromium.org>
This assumption is non-portable and prevents Chromium from using
bounded iterators in libc++.
Bug: chromium: 1519908
Change-Id: Iafe6639ef3bc896d6fa4fb3ceb7ac0b546363017
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5237292
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: danakj <danakj@chromium.org>
This CL introduces a new crash key 'crashpad_uptime_ns' that records the
number of nanoseconds between when Crashpad was initialized and when a
snapshot is generated.
Crashpad minidumps record the MDRawMiscInfo process_create_time using a
sysctl(KERN_PROC).kp_proc.p_starttime. This time is used to display the
'uptime' of a process. However, iOS 15 and later has a feature that
'prewarms' the app to reduce the amount of time the user waits before
the app is usable. This mean crashes that may happen immediately on
startup would appear to happen minutes or hours after process creation
time.
While initial implementations of prewarming would include some parts of
main, since iOS16 prewarming is complete before main, and therefore
before Crashpad is typically initialized.
Bug: crashpad:472
Change-Id: Iff960e37ae40121bd5927d319a2767d1cafce846
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5171091
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
This will be used by base/logging.h in chromium to make sure that
LOG(FATAL) variants never return and are properly understood as
[[noreturn]] by the compiler.
Once that's landed in chromium it'll be up/downstreamed into
mini_chromium as well.
Bug: chromium:1409729
Change-Id: I75340643fe075475f997bbc45250fa10df63c9fa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5185996
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
The real Chromium base/bit_cast.h is in the base namespace.
mini_chromium's version was just changed to be in the base namespace
as well. Roll to the latest mini_chromium and scope all calls to
bit_cast.
Bug: chromium:1506769
Change-Id: I7b25ee512f67694ef6ed3d0250e4f6a6db151eb3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/5116880
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
These are slightly frustrating. First, when a struct is packed, some of
its fields may be underaligned. This is fine for direct access
(foo.bar), but if one takes the address if the field, this creates an
unaligned pointer. Dereferencing that pointer is then UB. (I'm not sure
if creating that pointer is UB.)
Crashpad seemingly doesn't do this, but it uses EXPECT_EQ from GTest.
EXPECT_EQ seems to internally take pointers to its arguments. I'm
guessing it binds them by const reference. This then trips UBSan. To
avoid this, we can copy the value into a temporary before passing to
EXPECT_EQ.
Second, the test to divide by 0 to trigger SIGFPE is undefined behavior.
The compiler is not actually obligated to trip SIGFPE. UBSan prints one
of its errors instead. Instead, since this file is only built on POSIX
anyway, use GCC inline assembly to do the division. That one is
well-defined.
Finally, casting a string to uint32_t* is undefined both by alignment
and by strict aliasing (although Chromium doesn't enable the latter).
Instead, type-punning should be done with memcpy.
Bug: chromium:1394755
Change-Id: I79108773a04ac26f5189e7b88a0acbf62eb4401d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4985905
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Fixes a pending issue when we eventually move to C++20.
Original author: Dean Sturtevant
Change-Id: I7bb0648c73df6b6a28a3a4debdb4524d3cd27b38
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4979733
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Eric Astor <epastor@google.com>
Include check_op.h directly, instead of relying on the transitive
include from logging.h. This transitive include does not exist in
Chromium's //base.
Change-Id: I15962a9cdc26ac206032157b8d2659cf263ad695
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4950200
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Some users of crashpad load and unload the dll that hosts
crashpad code. crashpad registers a vectored exception handler
to help collect heap corruption crashes. If the dll is
unloaded this handler might still be called.
This CL adds a scoped handler for such registrations and
uses it on Windows crashpad client. To allow this to
be stored, RegisterHandler() on the client needs to move
onto the client object from being a helper function.
Bug: crashpad:462
Change-Id: I5d77c056e2a9a61ddcfa9d0186ab4bfd85a19bff
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4898263
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
This rolls mini_chromium to the version that has more files in
base/apple, and adjusts the code to match.
Bug: chromium:1444927
Change-Id: I9642698c8c16151bd0aaca7b46745a59d6e5e6d3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4791121
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
This CL rolls mini_chromium to pick up the move of a bunch of files
to base/apple, and makes changes to adjust.
Bug: chromium:1444927
Change-Id: Ib692e2a1628e2c0c8228795eaecdb7f35b1c09fa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4786387
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
This reverts commit ca6d64d0ae4905ad7033adab0a28273a0741ee5c.
Reason for revert: The changes did not actually fix the problem once combined with the latest changes from mini_chromium.
Original change's description:
> [fuchsia][mac] Fix build errors
>
> A recent CL [1] broke Fuchsia's Crashpad roller due to duplicate build
> argument declarations. This CL ensures that sysroot.gni is only imported once.
>
> [1] https://chromium-review.googlesource.com/c/chromium/mini_chromium/+/4651973
>
> Fixed: fuchsia:131454
> Change-Id: Idcf6ac65cdffee2c9a9551559a8aab0063044428
> Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4743381
> Reviewed-by: Joshua Peraza <jperaza@chromium.org>
> Commit-Queue: Thomas Gales <tgales@google.com>
Change-Id: Id3dc42484fbd87e242756c8d2889d2e404370ac7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4753637
Commit-Queue: Thomas Gales <tgales@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
ARC is now enabled by default, so there’s no need to enforce it
against files being put into non-ARC targets.
Bug: chromium:1468376
Change-Id: I58bbb4d1736293a6e9977954ce932dcfe2bafa54
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4750419
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
CaptureContext isn't actually used on Fuchsia and there is a desire to
remove `ucontext_t` from Fuchsia as it isn't a real concept on Fuchsia
and was only added as a placeholder. Moreover, `ucontext_t` won't ever
be added to Fuchsia for RISC-V.
Bug: fuchsia:123052
Fixed: fuchsia:131112
Fixed: fuchsia:127655
Tested: `fx test crashpad` on core.x64 emulator
Tested: `fx test crashpad` on ARM64 device
Tested: `fx shell crasher` @ 16b19a9891978487 on ARM64 device, ran
through Breakpad stackwalker locally as well
Tested: `fx build crashpad_tests` for minimal.riscv64
Change-Id: I4695054426df78a9deff8c9ea9c478b5bf9701b1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4717085
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Thomas Gales <tgales@google.com>
Only RV64GC is supported.
RISC-V Fuchsia is not able to serve packages yet so unit testing is not
possible.
Bug: fuchsia:127655
Tested: `crasher` with crashpad added to crashsvc, ran minidump through
Breakpad stackwalker
Change-Id: I1b6d79128759281aee348e333ea15434ab397001
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4602412
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Only RV64GC is supported.
Bug: fuchsia:127655
Tested: `python build/run_tests.py` on RISC-V emulator
Tested: Created minidump via self-induced crash on RISC-V emulator,
ran through Breakpad stackwalker
Change-Id: I713797cd623b0a758269048e01696cbce502ca6c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4581050
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Mac OS X Server has been discontinued as a separate operating system
flavor since 10.6. Current minimal requirements for both Crashpad and
Chromium are above that.
Change-Id: Ia9063be2e55a48e45d9f9974ac2e51bac004f37d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4584570
Reviewed-by: Mark Mentovai <mark@chromium.org>
__has_feature is a clang extension. GCC errors out on the test.
Define a helper macro to make the code working with other compilers.
Bug: chromium:819294
Change-Id: I359150acd4700e65b4faf5f297b29664c18000d3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4418706
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Always reset the file descriptor to -1, even if FlushWriteBuffer or
RawLoggingCloseFile fails.
Bug: 1431760
Change-Id: I193f526d65f477bba002dd9faf68996020e48a3b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4406657
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Pointer Authentication works by adding a signature to the top bits of
an instruction or data pointer (only instruction pointers on the stack
are currently signed in Chromium). This can confuse range checks,
because they need to strip the top bits. Masking these bits during sanitization range checks prevents confusion.
Test: Testing was done manually on a device with pointer authentication enabled.
Bug: crashpad:364
Bug: 919548
Change-Id: I2e739cadb2844cfaf73a75596d664135aeb5faac
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4387271
Commit-Queue: Adam Walls <avvall@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Several tests in filesystem_test.cc create symbol links. The privilege
needed to do this is not enabled on all Windows systems so several of
the tests check for the privilege and are skipped if it is not
available.
However, two tests that created symbol links were not doing this check
and therefore failed on some Windows machines. This corrects those
failures by adding the checks.
Bug: chromium:1418165
Change-Id: I6621796b462b8db02271ad5a05e0c29ee047f648
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4348801
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Missed this the first time around because it was Windows-only.
Bug: chromium:691162
Change-Id: Ic98a5943957f77fbf17d92a93409eaa35910ae0e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4297482
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This also significantly simplifies the implementation, since we don't
really need the ThreadLogMessagesMaster class at all.
Bug: chromium:1416710
Change-Id: I85849230015f901dfbf084d140e639f14cb872a7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4313281
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
This is the only change needed to build crashpad against musl, yay! The
reason this change is needed is that user_vfp is bionic-specific, and
does not exist in glibc, dietlibc, uclibc, or musl.
I have not (yet) tried running the tests against another libc.
Bug: chromium:1380656
Change-Id: I2247352e1611a300dff995156d393508c8257039
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4255370
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Elly Fong-Jones <ellyjones@chromium.org>
This CL introduces a new class ScopedVMMap, a fork of ScopedVMRead
which maps the memory using vm_remap() instead of reading it.
This is useful for Annotations which use ScopedSpinGuard to
protect reads from simultaneous writes; the in-process intermediate
dump handler can try to take the spin guard when reading such
an Annotation and skip reading it if it the spin guard could not
be obtained.
Change-Id: I60d7a48d1ba4e5d2dfdb44307b78b4d9ffb73560
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4114550
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>