Windows claims that heap corruption crashes are passed
to Windows Error Reporting but they are not, they are
swallowed and the process is simply terminated. WerFault.exe
does not run.
We can however intercept these crashes using a vectored
exception handler which forwards STATUS_HEAP_CORRUPTION
to the normal crash handler.
Adds an end-to-end test.
Bug: 2515
Change-Id: I2e1361dacef6fd03ea0f00327fee0b05a0c4899e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4637533
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Some versions of python call SetErrorMode which disables
WerFault handling for the fastfail test programs. We can
set this to a useful value, allowing these tests to run
again locally.
This does not enable the tests on the bots as they continue
to fail.
Bug: crashpad:458
Change-Id: Ibdd2f92ed872bd76490db32dccb2257dd91f8280
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4641231
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Something in how python is launching these tests changed and
means that although fastfails in fastfail_test_program launch
WerFault it is not looking for or finding the registered
module, so crashpad_wer.dll isn't being loaded, so no
crashes are there to be analyzed.
Run individually the test programs do produce a crash,
and Chrome continues to catch fast fails.
Bug: crashpad:458
Change-Id: I52a6aa7aefb02d393c93c2c43ec67fc92b2bd0b0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4637536
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Fuchsia devices are failing to read floating point context for ARM
because floating point registers are in the vector context for ARM.
This CL prevents warning logs from being emitted in this situation.
Fixed: fuchsia:129171
Tested: `fx shell crasher` @ 659207de7293cb30
Change-Id: I1d8d928da122aeb1bc4ac66b789cb638969d0fdf
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4617960
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Fuchsia migrated issue tracking to fxbug.dev. It appears that DX-1193
did not get migrated.
Fixed: 121707
Change-Id: I4a7fdf00aed223fedd8b66df87647a29139782a1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4616910
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Fuchsia does its own storage and upload now, so crashpad_database_util
is no longer relevant to Fuchsia.
Tested: Compiled for and in Fuchsia. Verified crashpad_database_util
artifacts no longer produced.
Change-Id: Ie20bb9b308b77bdd39924f5fe70f182c5c2a0782
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4610969
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Only RV64GC is supported.
RISC-V Fuchsia is not able to serve packages yet so unit testing is not
possible.
Bug: fuchsia:127655
Tested: `crasher` with crashpad added to crashsvc, ran minidump through
Breakpad stackwalker
Change-Id: I1b6d79128759281aee348e333ea15434ab397001
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4602412
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Only RV64GC is supported.
Bug: fuchsia:127655
Tested: `python build/run_tests.py` on RISC-V emulator
Tested: Created minidump via self-induced crash on RISC-V emulator,
ran through Breakpad stackwalker
Change-Id: I713797cd623b0a758269048e01696cbce502ca6c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4581050
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
UBSan is detecting a function type mismatch in this test. This is
because TestModule_GetCrashpadInfo returns a TestCrashpadInfo* but the
function expectes to return a CrashpadInfo*. Structurally, the
TestCrashpadInfo struct is meant to replicate a CrashpadInfo
byte-for-byte, but there's no relationship between the types.
Bug: fxbug.dev/128274
Change-Id: I7b02ca802e55274116d46513b3aa6dc998f6d292
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4599482
Reviewed-by: Mark Mentovai <mark@chromium.org>
This lays groundwork for floating point registers to also be included in
RISC-V CPU context.
Bug: fuchsia:5496
Tested: `fx test crashpad`
Change-Id: I6230f146f955ac27f053f670f7f45dfff3560d02
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4594586
Reviewed-by: Mark Mentovai <mark@chromium.org>
Mac OS X Server has been discontinued as a separate operating system
flavor since 10.6. Current minimal requirements for both Crashpad and
Chromium are above that.
Change-Id: Ia9063be2e55a48e45d9f9974ac2e51bac004f37d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4584570
Reviewed-by: Mark Mentovai <mark@chromium.org>
- Stop overloading introspect (or implement this in the future)
- Store each overridden allocation zone and correctly direct calls to
the requested zone.
Change-Id: I7294e476bb683149acc61419b095ec0e1098781b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4574037
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Update to a version of mini_chromium that supports RISCV64.
Bug: fuchsia:127655
Tested: `python build/run_tests.py` for Linux target
Change-Id: I872e5e79933eb8f9b9fe7f4ae243ee9bb04c14b0
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4563254
Reviewed-by: Mark Mentovai <mark@chromium.org>
This test only change should improve flake on iOS XCUITests. try_free_default can receive a pointer which doesn't belong to the
allocator and claimed_address may not be implemented in specified zone.
Add fallbacks for both.
This logic is identical to the Chromium equivalent shim in
base/allocator/partition_allocator/shim/allocator_shim_default_dispatch_to_mac_zoned_malloc.cc
Bug:b/270620301
Change-Id: I4a788d4fbc7b324caff18e41618a5f999b4b8d4e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4549684
Reviewed-by: Mark Mentovai <mark@chromium.org>
Fuchsia AddressSanitizer tests were failing because of unaligned memory
access in several unit tests.
Fixed: fuchsia:125877
Change-Id: If577ea9b7be24ef40865a637d8f6b6d94daaeb67
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4510016
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Remove the reference to `base/cxx17_backports.h` from the code.
Bug: chromium:1373621
Change-Id: I84dd5fc1b069b168e4558316344c1f1c5377a68b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4471860
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
In the recent llvm upstream change, https://reviews.llvm.org/D148269,
clang becomes smarter and will remove the infinite recursion function.
Use the clang attribute __attribute__((optnone)) to disable optimization
for it.
Bug: chromium:1435016
Change-Id: I74e823bf64d0b03d81c0bda7a8338e2fa67033aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4456156
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Zequan Wu <zequanwu@google.com>
__has_feature is a clang extension. GCC errors out on the test.
Define a helper macro to make the code working with other compilers.
Bug: chromium:819294
Change-Id: I359150acd4700e65b4faf5f297b29664c18000d3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4418706
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Always reset the file descriptor to -1, even if FlushWriteBuffer or
RawLoggingCloseFile fails.
Bug: 1431760
Change-Id: I193f526d65f477bba002dd9faf68996020e48a3b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4406657
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Pointer Authentication works by adding a signature to the top bits of
an instruction or data pointer (only instruction pointers on the stack
are currently signed in Chromium). This can confuse range checks,
because they need to strip the top bits. Masking these bits during sanitization range checks prevents confusion.
Test: Testing was done manually on a device with pointer authentication enabled.
Bug: crashpad:364
Bug: 919548
Change-Id: I2e739cadb2844cfaf73a75596d664135aeb5faac
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4387271
Commit-Queue: Adam Walls <avvall@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Several tests in filesystem_test.cc create symbol links. The privilege
needed to do this is not enabled on all Windows systems so several of
the tests check for the privilege and are skipped if it is not
available.
However, two tests that created symbol links were not doing this check
and therefore failed on some Windows machines. This corrects those
failures by adding the checks.
Bug: chromium:1418165
Change-Id: I6621796b462b8db02271ad5a05e0c29ee047f648
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4348801
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
The extra_memory cap in ProcessSnapshotTest.CrashpadInfoChild is not
high enough to avoid test failures on all machines. The actual amount
recorded has been seen to vary between 726,556 and 1,152,803. This
change rases the limit from 1,000,000 to 1,200,000 to avoid the
failures.
The highest amount was seen on a 64-GB gWindows ThinkPad laptop.
Instrumentation shows that the low and high cases both have 104 threads.
The low case has 304 ExtraMemory() blocks, whereas the high case has
409. In both cases the sizes range from 384 to 6,024.
Change-Id: I8873921fa913c31445384db34d4aa90200401a4a
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4348802
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Missed this the first time around because it was Windows-only.
Bug: chromium:691162
Change-Id: Ic98a5943957f77fbf17d92a93409eaa35910ae0e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4297482
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
ObjcExceptionPreprocessor is a 'reasonable effort' attempt to catch an
NSException minidump at time the exception is thrown as opposed to when the application terminates due to the exception. If multiple
exceptions are thrown at the same time, Crashpad should correctly
report the final uncaught exception, but the minidump may not
represent the full `caught-at-thrown` minidump.
- Don't assume ObjcExceptionPreprocessor throws an NSException.
- Don't retain/release the exception. Instead of calling isEqual,
just use a simple pointer comparison.
- Make last_exception atomic.
Bug: crashpad: 445, 446
Change-Id: I9f2f2041e96aa9818c63937025e507487ae9d03d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4317110
Reviewed-by: Ben Hamilton <benhamilton@google.com>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This also significantly simplifies the implementation, since we don't
really need the ThreadLogMessagesMaster class at all.
Bug: chromium:1416710
Change-Id: I85849230015f901dfbf084d140e639f14cb872a7
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4313281
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
The windows property of UIApplication is unavailable in iOS15.
Bug: 1406561 crashpad:
Change-Id: I19642067a13801142cd3f24586bab6958a81635d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4304398
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Joemer Ramos <joemerramos@chromium.org>
Lacros can be up to 2 milestones ahead of ash (and consequently the
platform code), so until the crash_reporter change has been in for 2
milestones, we need to manually check version compatibility.
BUG=chromium:1420445
TEST=Build, deploy, check that flag is set only on right version
Change-Id: Ic99d5ac58840814f7eeecd47c628ea0e8107f675
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4308129
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
StringToInt(string_piece) works because base::StringPiece is in
namespace base, but when it is switched to std::string_view, this won't
work anymore. Use the idiomatic spelling.
Bug: chromium:691162
Change-Id: Ic45e0d2729fa5fc7c3e7a56fe159957b1bdcdf94
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4298113
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
It's not required that LC_SOURCE_VERSION be present in every module, and
common for it to be missing. Suppress recording its absence.
Fixed: crashpad:443
Change-Id: Iae10c38c78514e78af6c3176cc809d95a3ae3811
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4294861
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
In order to determine in crash_reporter whether a crash was fatal, we
need the exception number (-1 is not an actual crash).
BUG=b:269159625
TEST=deploy to DUT; chrome://crashdump; verify metadata present.
Change-Id: I83d3c9cc839a685af2f50d143d627cf9fcfaf3ac
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4265253
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Miriam Zimmerman <mutexlox@chromium.org>
Adds the dump_minidump_annotations tool (modified from jperaza's WIP
code). This works similarly to Breakpad's minidump_dump tool, but:
1. Is available on Windows
2. Only dumps simple/vectored annotations and annotation objects instead
of the entire minidump contents.
Current use case for this is to be able to get a minidump's process
type on Windows without having to go through symbolization, but there
may be other use cases in the future.
Bug: chromium:1006331
Change-Id: I392024e230c10ea18673b3cf0d0ad4793d21f5eb
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4287994
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Brian Sheedy <bsheedy@chromium.org>
The EXCEPTION_RECORD contains a NumberParameters field, which could
store a value that exceeds the amount of space allocated for the
ExceptionInformation array.
Bug: chromium:1412658
Change-Id: Ibfed8eb6317e28d3addf9215cda7fffc32e1030d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4284559
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
This is the only change needed to build crashpad against musl, yay! The
reason this change is needed is that user_vfp is bionic-specific, and
does not exist in glibc, dietlibc, uclibc, or musl.
I have not (yet) tried running the tests against another libc.
Bug: chromium:1380656
Change-Id: I2247352e1611a300dff995156d393508c8257039
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4255370
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Elly Fong-Jones <ellyjones@chromium.org>
The test BaseAnnotationShouldNotSupportSpinGuard assumed NDEBUG builds
always disabled DCHECK()s, but DCHECK_ALWAYS_ON overrides this.
This CL fixes the test for NDEDBUG + DCHECK_ALWAYS_ON builds by using
the DCHECK_IS_ON() macro to skip the test when DCHECKs are enabled.
Change-Id: I7b64729568c5d3139ca777e27462d81eba931834
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4255429
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Since iOS reads Annotations in-process, this CL updates the iOS
intermediate dump handler to check each Annotation to see if it supports
guarding concurrent reads and writes using ScopedSpinGuard.
For any such Annotation, the in-process dump handler now tries (without
spinning) to obtain the ScopedSpinGuard for the Annotation before
reading its memory.
If the ScopedSpinGuard cannot immediately be obtained, the in-process
dump handler just skips writing the memory of the Annotation to the
intermediate dump. (I'd like to follow up and thread down a Params
object so we can experiment with adding an optional timeout to make
this more reliable.)
Change-Id: Ie6c9849fac94ab89b36364b07aea62326cabe552
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4031730
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This CL integrates the new ScopedSpinGuard with the new
LengthDelimitedRingBuffer into a new class, RingBufferAnnotation.
RingBufferAnnotation is thread-safe both for reading and writing, and is
suitable for streaming logs, trace events, and other high-throughput
data streams.
I included a load test (ring_buffer_annotation_load_test) which launches
two threads which simultaneously write to and read from the
RingBufferAnnotation.
By default, reads and writes are serialized using ScopedSpinGuard, but
passing the flag "--disable_spin_guard" to the test disables the spin
guard on the reading side (which is expected to make the test fail).
Change-Id: Ic8e28866d085d57e778c4f86bcb7492ef0638ab9
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4023619
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
This CL optionally integrates ScopedSpinGuard (an atomic boolean) with
crashpad::Annotation.
Subclasses of Annotation can choose to integrate ScopedSpinGuard into
their Set(...) methods to ensure reads and writes are serialized.
I didn't integrate this into StringAnnotation in this CL, but it'd be
pretty trivial to do in a follow-up.
Change-Id: I1c5b8982576b03f9780a57acb7627c9194f8f0ff
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4022484
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
from documentation of `ProcessException` in `crashpad_wer.h`:
```
//! \param[in] handled_exceptions is an array of exception codes that the helper
//! should pass on to crashpad handler (if possible). Pass nullptr and set
//! num_handled_exceptions to 0 to pass every exception on to the crashpad
//! handler.
```
fix the check to handle `num_handled_exceptions == 0` case to not filter
out any exceptions.
Bug: crashpad:439
Change-Id: Ic4559a730a26e37c7a8f13e6bcae7595d743924a
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4206503
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
This CL introduces a new class ScopedVMMap, a fork of ScopedVMRead
which maps the memory using vm_remap() instead of reading it.
This is useful for Annotations which use ScopedSpinGuard to
protect reads from simultaneous writes; the in-process intermediate
dump handler can try to take the spin guard when reading such
an Annotation and skip reading it if it the spin guard could not
be obtained.
Change-Id: I60d7a48d1ba4e5d2dfdb44307b78b4d9ffb73560
Bug: crashpad:437
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4114550
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Ben Hamilton <benhamilton@google.com>
This CL cleans up types and code style comments from post-submit code
review comments on https://crrev.com/c/4023618 .
I also added fixes for potential overflows in varint length decoding
and included new tests.
Bug: crashpad:437
Change-Id: I0a3585036028d81f42d0d36e87cce4264f4ed9ad
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4199705
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
ARM64 supports storing pointer authentication codes in the upper bits of
a pointer. This mask can be used by LLDB to mimic ptrauth_strip and
strip the pointer authentication codes. To recover an address from
pointer with an authentication code, `AND` this mask with the pointer.
If the platform does not support pointer authentication, or the range of
valid addressees for a pointer was unaccessible, this field will be 0
and should be ignored.
Change-Id: Ie5cef90802dd1e892d456195ab8874223eac6a1b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2773358
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
It looks like macOS 13 only *sometimes* puts __crash_info in
__DATA_DIRTY. Instead of splitting by version check, let's just look
in __DATA_DIRTY if we can't find it in __DATA.
Bug: chromium:1372165
Change-Id: I99d2e759c66841d982039449e83f8658259d7ed1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4197706
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Leonard Grey <lgrey@chromium.org>
Much of crashpad's unittests propagate tagged pointers to fuchsia
syscalls which do not accept tagged values. Rather than fixing them all
right now, just ensure that the tests do not build with the hwasan
variant if enabled.
Bug: fxbug.dev/108368
Change-Id: Ib32eb95ba671a6b55694075b68c7fbbb733cf501
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4175438
Reviewed-by: Francois Rousseau <frousseau@google.com>
Commit-Queue: Francois Rousseau <frousseau@google.com>