mirror of
https://github.com/chromium/crashpad.git
synced 2024-12-29 00:32:35 +08:00
34aef02cc7
Calling std::vector<>::operator[]() with an out-of-range index argument is undefined behavior. In two cases, Crashpad used &v[0] in situations where it was known that the address would not be used. These calls were wrapped in conditions guarding against vector emptiness. While s[0] is valid on an empty string, in two cases, Crashpad used &s[0] as an argument to a system call that would be a no-op. These calls were wrapped in similar conditions to avoid the system call. The two uses of vector with undefined behavior were caught by the following tests in crashpad_snapshot_test with UndefinedBehaviorSanitizer: [ RUN ] CrashpadInfoClientOptions.OneModule /Users/mark/compilatorium/llvm.build/bin/../include/c++/v1/vector:1493:12: runtime error: reference binding to null pointer of type 'crashpad::process_types::section' [ OK ] CrashpadInfoClientOptions.OneModule (72 ms) [ RUN ] ProcessSnapshotMinidump.Empty /Users/mark/compilatorium/llvm.build/bin/../include/c++/v1/vector:1493:12: runtime error: reference binding to null pointer of type 'MINIDUMP_DIRECTORY' [ OK ] ProcessSnapshotMinidump.Empty (1 ms) The Crashpad codebase was audited by searching for resize() calls and analyzing how resized strings and vectors are used. TEST=* BUG= R=rsesek@chromium.org Review URL: https://codereview.chromium.org/1283243004 .