The “and not memory after range” follow-up to the “extra memory range
captured” test is very flaky in debug builds
(https://ci.chromium.org/p/crashpad/builders/ci/crashpad_win_dbg/388),
and occasionally flaky in release builds too
(https://ci.chromium.org/p/crashpad/builders/ci/crashpad_win_rel/363).
As with the already-disabled “extra memory removal” test, it’s likely
that Crashpad is discovering a pointer that references the memory
immediately beyond the intended range, and capturing that too. Unless
the environment is very tightly controlled, it’s difficult to prevent
valid memory from being pointed to, and thus to guarantee that Crashpad
won’t capture a particular block of memory.
These are probably never going to be fixed. The flaky tests are removed.
Bug: crashpad:101
Change-Id: I629ed8ce3c901507689218baaa102d8737db3f5b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2150055
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
This updates the comment from d3859d91fde0, which referred to 10.14.4 as
the OS version where kern.nx stoppoed working. Testing indicates that
kern.nx works in 10.13.6 17G12034 and 10.14.4 18E226. It does not work
in 10.14.5 18F132 or 10.15.4 19E266.
Bug: crashpad:295
Change-Id: Id2f222700fb626de707d60980fedbd79e62990e6
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2127566
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Gather most of the necessary information for the exceptions snapshot.
Note that:
- The 'capture' portion of this CL will be moved out of the snapshot
interface and into a separate in-process dump to disk location.
- All of the pointer dereferences need to be wrapped in vm_read.
- The read-fast-and-dump logic in thread_snapshot may end up in a
different file completely, but until we pick a
serialization/deserialization method, keep it as-is.
Bug: crashpad:31
Change-Id: Iae4af436cddabd2302689b76c8a4574eb8e48c0e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2098744
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Gather most of the necessary information for the system snapshot.
Note that:
- The 'capture' portion of this CL will be moved out of the snapshot
interface and into a separate in-process dump to disk location.
- All of the pointer dereferences need to be wrapped in vm_read.
- The read-fast-and-dump logic in thread_snapshot may end up in a
different file completely, but until we pick a
serialization/deserialization method, keep it as-is.
Bug: crashpad:31
Change-Id: Iac82491fdb4a823163f02149f52a1e18e26fa9de
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2090173
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Gather most of the necessary information for the thread snapshot.
Note that:
- The 'capture' portion of this CL will be moved out of the snapshot
interface and into a separate in-process dump to disk location.
- All of the pointer dereferences need to be wrapped in vm_read.
- The read-fast-and-dump logic in thread_snapshot may end up in a
different file completely, but until we pick a
serialization/deserialization method, keep it as-is.
Change-Id: I80ba323cb6a59ac0dd1bba9150d047ba83cc4dad
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2085572
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Justin Cohen <justincohen@chromium.org>
Gather most of the necessary information for the module snapshot.
Note that:
- The 'capture' portion of this CL will be moved out of the snapshot
interface and into a separate in-process dump to disk location.
- All of the pointer dereferences need to be wrapped in vm_read.
- The read-fast-and-dump logic in module_snapshot may end up in a
different file completely, but until we pick a
serialization/deserialization method, keep it in module_snapshot_ios.
Change-Id: Ie80c739c167634520d13ec920a29a80116aa3bfe
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2079196
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Justin Cohen <justincohen@chromium.org>
UBSan was reporting reference binding to a misaligned address in Fuchsia.
Disable UBSan for this target for now just to silence the runtime
warnings, then come back and fix them.
Bug: fuchsia:46805
Change-Id: Ic5d9b35161b6d998f1ff50eb8e978c44aff9b4ef
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2068051
Reviewed-by: Scott Graham <scottmg@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
The new API replaces zx_system_get_version and is simpler.
Bug: fuchsia:45640
Change-Id: Ibc47703aba0e87e55265608b517e5953eada182f
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2063908
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Scott Graham <scottmg@chromium.org>
Removes a failing DCHECK in process_reader_win.cc caused by a race
condition with a thread being injected into a process whose existing
threads are already suspended.
Bug: chromium:1007013
Change-Id: Ifa569220b28e8e2e5dfa6c32b2be4c57f61076b3
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2047803
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Brian Sheedy <bsheedy@chromium.org>
Fix a -Wextra-semi warning in Clang when building crashpad for MIPS.
Change-Id: I53893c815de74d2503acdce24708e29096f4b0aa
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1997103
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Tomasz Śniatowski <tsniatowski@vewd.com>
MemorySnapshotGeneric is now used on all platforms as it uses
ProcessMemory instead of templating to use a platform-specific
ProcessReader* class.
Change-Id: Ib0b6db0fac184c558f1c76a584db92e4804dfe99
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1977640
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
This should prevent accidental "\r\n" line endings from being introduced
again, as happened in 359fc4a1336d, fixed by 31470459b624.
Also includes:
Update mini_chromium to 0512d42698bfb47f2016ac627177c22d22b983d4
0512d42698bf Add .gitattributes, setting “text eol=lf” for all files
Change-Id: Id84c014914fec66632006ed364e2b14b4f1c175c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1953807
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
I was editing the patch in gerrit and looks like it undone !defined
change and I landed wrong version.
Bug: chromium:1030261
Change-Id: Ib645839bac5450fe55ecd9f3a38155022b7f6c13
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1951624
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
"init_stack_vars = true" inserts additional instructions which
usually removed by optimization if code does not rely on undefined
behaviour of uninitialized variables.
However in non-optimized build these instructions may still be present.
Bug: chromium:1030261
Change-Id: I85d1d0a240dcd1c29c6ff148e88d572b5dcc81d1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1949846
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
In a stack overflow test from the Fuchsia tree, an intentional crash was
being induced that at the point it was reported to Crashpad resulted in
a stack pointer outside of the stack. This caused two problems:
- Crashpad attempted to capture that whole "thing" which could have been
anything, and in the failing test was a 1G guard region
- The whole wrong thing could be very large, resulting in OOM when
trying to write the minidump, which was the symptom of the bug.
Don't attempt to continue of SP isn't at least in a mapping, and don't
capture too-large regions for the stack as nothing useful can come of
that anyway.
New test added: ProcessSnapshotFuchsiaTest.InvalidStackPointer.
Bug: fuchsia:41212
Change-Id: Ifb48fd8b4b5b2f0cf10ab97e01dbd8b842368775
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1912942
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Francois Rousseau <frousseau@google.com>
The current 10.14 SDK is numbered 101404, which is greater than
MAC_OS_X_VERSION_10_14 (101400). That was causing the test to
unintentionally fall into the “unlisted SDK” branch of the #if cascade
due to testing SDK <= MAC_OS_X_VERSION_10_14. This is corrected by
testing SDK < MAC_OS_X_VERSION_10_15 instead.
Bug: chromium:1016314, crashpad:310
Change-Id: If062e8fca92ae105924addf10c3e2fde162448cf
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1872636
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Since gtest 00938b2b228f, gtest has built-in first-class support for
skipping tests, which is functionally identical (at least in Crashpad’s
usage) to the home-grown support for run-time dynamically disabled tests
introduced in Crashpad 5e9ed4cb9f69.
Use the new standard pattern, and remove all vestiges of the custom
local one.
This was done previously in 79f4a3970a64, but was reverted in
bba9d0819c12 because Chromium’s test launcher did not support
GTEST_SKIP() at the time. The deficiency is on file as
https://crbug.com/912138.
While that bug was never specifically marked as “fixed” and I haven’t
found what changed in Chromium, I do now see some use of GTEST_SKIP() in
Chromium. I also prototyped this change in Chromium at
https://chromium-review.googlesource.com/c/1854691/ and found that
GTEST_SKIP() does indeed now appear to work.
Change-Id: I13fef8fe8bfd9854a40dfa5910a3282d1a85bc45
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1855380
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
macOS 10.15 (“Catalina”) introduces a single new field to its
dyld_all_image_infos structure, and uses structure version 16.
macOS 10.13 and 10.14 were documented in <mach-o/dyld_images.h> as using
structure version 16, but they actually use version 15. They should have
used version 16, as they do use a structure expanded from macOS 10.12,
which also uses version 15. Previously, process_types was true to the
documentation, but now that this is known to be incorrect, it’s been
revised to reflect reality. Because two variants of the version 15
structure exist, run-time OS version detection is used to disambiguate.
Bug: crashpad:310
Test: crashpad_snapshot_test ProcessTypes.DyldImagesSelf (10.15 SDK)
Change-Id: Ibc82b6a73809949f4bbf416ece7aa955b627c573
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1852109
Commit-Queue: Mark Mentovai <mark@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
This allows partial reading of the current process (e.g. modules or
CrashpadInfo), even though the memory map read (and so thread retrieval)
will fail if ProcessSnapshotFuchsia is used on the current process.
This is a follow up to
db6f51d3fc
which broke the CrashpadInfoClientOptions.* tests.
Bug: fuchsia:34598
Change-Id: Ifa17b4dbefcd198ff67ecea91f946cfa2439ca4c
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1776936
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
From looking at some syzkaller logs, the earliest error seems to be
[...ERROR memory_map_fuchsia.cc:47] zx_object_get_info ZX_INFO_PROCESS_MAPS: ZX_ERR_BAD_STATE (-20)
which might be caused by a failure to suspend. That error causes
ProcessReaderFuchsia's memory_map_ Initialize() to fail, but that was
mistakenly being ignored. Later calls then fail as well.
While we're here, also check a couple other Initialize()s that were
sometimes triggering later on.
Bug: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=34598
Change-Id: I9f9d7315f504e6ec69308add20e2737ce5c5f644
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1763028
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
When a crash dump request is received over a socket, the message
includes a stack address of the thread requesting the dump. This can
be used to override the ExceptionInfo's thread ID which may be
incorrect in the handler's PID namespace.
Bug: crashpad:286
Change-Id: I053cf709c5eeefb73b31328f16a806510e1bd35d
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1759280
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Joshua Peraza <jperaza@chromium.org>
Stack mappings can be enormous for some processes dwarfing all other
data and making the .dmp useless. It isn't useful to capture beyond the
stack pointer, so grab only from the stack base to the stack pointer.
In the default config (safestack enabled), this isn't a major problem.
However, Chromium has safestack disabled, along with a large stack size,
so dumps with many threads become very large.
Bug: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=6425
Bug: chromium:821951
Change-Id: Iebefc5fe43e3d1bc4d8b66c107d3ab8ae5b3f68b
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1758702
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Francois Rousseau <frousseau@google.com>
A previous change added a ProcessMemorySanitized class, in this change
plumb support for ProcessMemorySanitized into ProcessSnapshotSanitized.
This involves reading whitelisted regions using the a new field in the
SanitizationInformation struct and returning an initialized
ProcessMemorySanitized object from ProcessSnapshotSanitized::Memory().
Bug: crashpad:263, chromium:973167
Change-Id: I121c5a584a1704ad043757c113099978a9ec2f4e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1754737
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
This test will break if there is an unusual character in the vendor
string. Moreover, std::regex is banned in Chromium so the test is
blocking the roll.
Probably all that can meaningfully be tested here is that the vendor
string is non-empty, so do that instead.
Change-Id: I60ea52e1b52c4d8e467518d03088815dcb5e3fce
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1756327
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
In preparation for an upcoming change that will introduce a second
whitelist (for memory ranges), rename variables/functions to explicitly
reference the annotations whitelist.
Bug: chromium:973167
Change-Id: I1bf232e370990571230a247f9d9022d56ba4fedf
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1752361
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This is very similar to the windows implementation in
module_snapshot_win.cc.
Bug: crashpad:95
Change-Id: I3858e8bb0009c95395bfb7ca3855c3d937fd49d5
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1641588
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Also remove MemorySnapshotWin since the code is identical to
MemorySnapshotGeneric now.
Bug: crashpad:95
Change-Id: I9a631f8eb206dd72a69158021db87e8db41c5913
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1642148
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
This unit test is related to X86 CPU Family, it could be disabled on ARM64.
Bug: None
Test: Run crashpad_tests, it's disabled on ARM64
Change-Id: I7ebe5dd7d8964e8efd0ebcd96944e5981f8b7606
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1634772
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Recent changes to GN mean that non-source files in final targets are an
error. Since they were ignored previously, this should be an NFC.
See crbug.com/gn/77 for details.
Change-Id: Ifc845a3b3b044e71ab4086ab19748adb7b4d4d08
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1632676
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Overflows before and after padding could cause the max note size check
to be evaded.
Bug: chromium:967228, chromium: 967257, chromium:967223
Change-Id: I499a273e76e78529fc59ddcb74055be6d01fa2cb
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1631635
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
This fixes a fuzzer-only bug, and modifies the note API so that it can
no longer request infinitely sized notes.
Bug: chromium:966303
Change-Id: I97b9ca6774d3101560caddf2f9b0a8d7ecf7c2e2
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1628675
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This code was previously not enabled, but was turned on recently.
However, there's no CQ check for 32 bit code.
Bug: chromium:966292
Change-Id: I4a3205d8517575e25d3e525f247ad45a906c3e25
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/1627679
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Commit-Queue: Scott Graham <scottmg@chromium.org>
