3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2024-12-28 15:50:26 +08:00
Code Issues Projects Releases Wiki Activity
crashpad/handler/mac/file_limit_annotation.cc
Mark Mentovai 1abaf22e28 Use readdir() instead of readdir_r() on all (POSIX) platforms 
readdir_r() is a thread-safe version of readdir(), although readdir() is
not particularly thread-unsafe with most usage. The dirent* returned by
readdir() can only be invalidated by a subsequent readdir() or
closedir() on the same DIR*. In typical usage, where a returned dirent*
is used exclusively within a loop around readdir() and is not expected
to outlive that loop, there are no lifetime or thread-safety issues with
the use of readdir().

readdir_r() may be harmful in certain situations because its buffer is
not explicitly sized, and attempts to provide a suitably sized buffer
dynamically (which, incidentally, our code did not do) are subject to a
race condition.

https://elliotth.blogspot.com/2012/10/how-not-to-use-readdirr3.html
https://womble.decadent.org.uk/readdir_r-advisory.html

glibc has already deprecated readdir_r(), and all Linux (including
Android) code was already using readdir(). This change eliminates
variant codepaths. It delegates buffer sizing (which we weren’t doing
correctly) to the C library, which also has more options at its disposal
to avoid races in sizing that buffer.

Change-Id: I4fca8948454116360180ad0017f226d06727ef81
Reviewed-on: https://chromium-review.googlesource.com/705756
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
2017-10-06 21:08:50 +00:00

133 lines
4.2 KiB
C++
Raw Blame History

// Copyright 2017 The Crashpad Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "handler/mac/file_limit_annotation.h"
#include <dirent.h>
#include <errno.h>
#include <string.h>
#include <sys/resource.h>
#include <sys/sysctl.h>
#include <sys/types.h>
#include <string>
#include "base/format_macros.h"
#include "base/macros.h"
#include "base/strings/stringprintf.h"
#include "client/crashpad_info.h"
#include "client/simple_string_dictionary.h"
#include "util/posix/scoped_dir.h"
namespace crashpad {
namespace {
// rv is the return value from sysctl() or sysctlbyname(), and value and size
// are the pointers passed as oldp and oldlenp. If sysctl() failed, the returned
// string will be "E" followed by the error number. If there was a size
// mismatch, the returned string will be "Z" followed by the size indicated by
// sysctl(). Normally, a string representation of *value will be returned.
std::string FormatFromSysctl(int rv, const int* value, const size_t* size) {
if (rv != 0) {
return base::StringPrintf("E%d", errno);
}
if (*size != sizeof(*value)) {
return base::StringPrintf("Z%zu", *size);
}
return base::StringPrintf("%d", *value);
}
// Counts the number of open file descriptors in the process and returns it as a
// string. This /dev/fd and the value returned will include the open file
// descriptor for that directory. If opendir() fails, the returned string will
// be "E" followed by the error number. If readdir() fails, it will be "R"
// followed by the error number.
std::string CountOpenFileDescriptors() {
DIR* dir = opendir("/dev/fd");
if (!dir) {
return base::StringPrintf("E%d", errno);
}
ScopedDIR dir_owner(dir);
dirent* entry;
int count = 0;
while ((errno = 0, entry = readdir(dir)) != nullptr) {
const char* entry_name = entry->d_name;
if (strcmp(entry_name, ".") == 0 || strcmp(entry_name, "..") == 0) {
continue;
}
++count;
}
if (errno != 0) {
return base::StringPrintf("R%d", errno);
}
return base::StringPrintf("%d", count);
}
// Returns a string for |limit|, or "inf" if |limit| is RLIM_INFINITY.
std::string StringForRLim(rlim_t limit) {
if (limit == RLIM_INFINITY) {
return std::string("inf");
}
return base::StringPrintf("%" PRIu64, limit);
}
} // namespace
void RecordFileLimitAnnotation() {
CrashpadInfo* crashpad_info = CrashpadInfo::GetCrashpadInfo();
SimpleStringDictionary* simple_annotations =
crashpad_info->simple_annotations();
if (!simple_annotations) {
simple_annotations = new SimpleStringDictionary();
crashpad_info->set_simple_annotations(simple_annotations);
}
int value;
size_t size = sizeof(value);
std::string num_files = FormatFromSysctl(
sysctlbyname("kern.num_files", &value, &size, nullptr, 0), &value, &size);
int mib[] = {CTL_KERN, KERN_MAXFILES};
size = sizeof(value);
std::string max_files = FormatFromSysctl(
sysctl(mib, arraysize(mib), &value, &size, nullptr, 0), &value, &size);
std::string open_files = CountOpenFileDescriptors();
rlimit limit;
std::string nofile;
if (getrlimit(RLIMIT_NOFILE, &limit) != 0) {
nofile = base::StringPrintf("E%d,E%d", errno, errno);
} else {
nofile =
StringForRLim(limit.rlim_cur) + "," + StringForRLim(limit.rlim_max);
}
std::string annotation = base::StringPrintf("%s,%s,%s,%s",
num_files.c_str(),
max_files.c_str(),
open_files.c_str(),
nofile.c_str());
simple_annotations->SetKeyValue("file-limits", annotation.c_str());
}
} // namespace crashpad
Reference in New Issue View Git Blame Copy Permalink