mirror of https://github.com/chromium/crashpad.git synced 2025-03-09 14:06:33 +00:00

Go to file

Mark Mentovai e04194afd9 win: Wrap TerminateProcess() to accept cdecl patches on x86

TerminateProcess(), like most of the Windows API, is declared WINAPI,
which is __stdcall on 32-bit x86. That means that the callee,
TerminateProcess() itself, is responsible for cleaning up parameters on
the stack on return. In https://crashpad.chromium.org/bug/179, crashes
in ExceptionHandlerServer::OnNonCrashDumpEvent() were observed in ways
that make it evident that TerminateProcess() has been patched with a
__cdecl routine. The crucial difference between __stdcall and __cdecl is
that the caller is responsible for stack parameter cleanup in __cdecl.
The mismatch means that nobody cleans parameters from the stack, and the
stack pointer has an unexpected value, which in the case of the Crashpad
handler crash, results in TerminateProcess()’s second argument
erroneously being used as the lock address in the call to
ReleaseSRWLockExclusive() or LeaveCriticalSection().

As a workaround, on 32-bit x86, call through SafeTerminateProcess(), a
custom assembly routine that’s compatible with either __stdcall or
__cdecl implementations of TerminateProcess() by not trusting the value
of the stack pointer on return from that function. Instead, the stack
pointer is restored directly from the frame pointer.

Bug: crashpad:179
Test: crashpad_util_test SafeTerminateProcess.*, others
Change-Id: If9508f4eb7631020ea69ddbbe4a22eb335cdb325
Reviewed-on: https://chromium-review.googlesource.com/481180
Reviewed-by: Scott Graham <scottmg@chromium.org>

2017-04-19 17:45:32 +00:00

build

handler: Add user extensibility stream call-out.

2017-04-11 19:06:00 +00:00

client

win: Wrap TerminateProcess() to accept cdecl patches on x86

2017-04-19 17:45:32 +00:00

compat

linux: Fix crashpad_util_test ScopedPtraceAttach.* with the Yama LSM

2017-04-07 21:28:59 +00:00

doc

designdoc: Add description of user data sources.