diff options
Diffstat (limited to 'chromium/third_party/crashpad')
5 files changed, 48 insertions, 18 deletions
diff --git a/chromium/third_party/crashpad/README.chromium b/chromium/third_party/crashpad/README.chromium index f220d2d01a8..911f692bdc3 100644 --- a/chromium/third_party/crashpad/README.chromium +++ b/chromium/third_party/crashpad/README.chromium @@ -46,3 +46,7 @@ Local Modifications: - CloseMultipleNowOrOnExec has been updated to invoke the new base::subtle::ResetFDOwnership() API - FALLTHROUGH macro has been replaced with C++17 attribute [[fallthrough]] + - M102 CP 4581a355b1 + 94242690d57b ios: Check dyld_image_info->imageFilePath for nullptr + 4581a355b17e ios: Limit depth of intermediate dump parser + diff --git a/chromium/third_party/crashpad/crashpad/client/ios_handler/in_process_intermediate_dump_handler.cc b/chromium/third_party/crashpad/crashpad/client/ios_handler/in_process_intermediate_dump_handler.cc index 88d5eb0a6e5..2869c2174f4 100644 --- a/chromium/third_party/crashpad/crashpad/client/ios_handler/in_process_intermediate_dump_handler.cc +++ b/chromium/third_party/crashpad/crashpad/client/ios_handler/in_process_intermediate_dump_handler.cc @@ -963,10 +963,12 @@ void InProcessIntermediateDumpHandler::WriteModuleInfo( return; } - WriteProperty(writer, - IntermediateDumpKey::kName, - image->imageFilePath, - strlen(image->imageFilePath)); + if (image->imageFilePath) { + WriteProperty(writer, + IntermediateDumpKey::kName, + image->imageFilePath, + strlen(image->imageFilePath)); + } uint64_t address = FromPointerCast<uint64_t>(image->imageLoadAddress); WriteProperty(writer, IntermediateDumpKey::kAddress, &address); WriteProperty( @@ -976,7 +978,12 @@ void InProcessIntermediateDumpHandler::WriteModuleInfo( { IOSIntermediateDumpWriter::ScopedArrayMap modules(writer); - WriteProperty(writer, IntermediateDumpKey::kName, image_infos->dyldPath); + if (image_infos->dyldPath) { + WriteProperty(writer, + IntermediateDumpKey::kName, + image_infos->dyldPath, + strlen(image_infos->dyldPath)); + } uint64_t address = FromPointerCast<uint64_t>(image_infos->dyldImageLoadAddress); WriteProperty(writer, IntermediateDumpKey::kAddress, &address); diff --git a/chromium/third_party/crashpad/crashpad/snapshot/BUILD.gn b/chromium/third_party/crashpad/crashpad/snapshot/BUILD.gn index ea2412a0bf6..b331598283b 100644 --- a/chromium/third_party/crashpad/crashpad/snapshot/BUILD.gn +++ b/chromium/third_party/crashpad/crashpad/snapshot/BUILD.gn @@ -492,6 +492,7 @@ bundle_data("snapshot_test_ios_data") { sources = [ "ios/testdata/crash-1fa088dda0adb41459d063078a0f384a0bb8eefa", "ios/testdata/crash-5726011582644224", + "ios/testdata/crash-6605504629637120", ] outputs = [ "{{bundle_resources_dir}}/crashpad_test_data/" + diff --git a/chromium/third_party/crashpad/crashpad/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc b/chromium/third_party/crashpad/crashpad/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc index 5f56082eb14..1a994bdb834 100644 --- a/chromium/third_party/crashpad/crashpad/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc +++ b/chromium/third_party/crashpad/crashpad/snapshot/ios/process_snapshot_ios_intermediate_dump_test.cc @@ -198,14 +198,16 @@ class ProcessSnapshotIOSIntermediateDumpTest : public testing::Test { } } - void WriteModules(IOSIntermediateDumpWriter* writer) { + void WriteModules(IOSIntermediateDumpWriter* writer, bool has_module_path) { IOSIntermediateDumpWriter::ScopedArray moduleArray(writer, Key::kModules); for (uint32_t image_index = 0; image_index < 2; ++image_index) { IOSIntermediateDumpWriter::ScopedArrayMap modules(writer); - constexpr char image_file[] = "/path/to/module"; - EXPECT_TRUE( - writer->AddProperty(Key::kName, image_file, strlen(image_file))); + if (has_module_path) { + constexpr char image_file[] = "/path/to/module"; + EXPECT_TRUE( + writer->AddProperty(Key::kName, image_file, strlen(image_file))); + } uint64_t address = 0; uint64_t vmsize = 1; @@ -241,12 +243,16 @@ class ProcessSnapshotIOSIntermediateDumpTest : public testing::Test { } } - void ExpectModules(const std::vector<const ModuleSnapshot*>& modules) { + void ExpectModules(const std::vector<const ModuleSnapshot*>& modules, + bool expect_module_path) { for (auto module : modules) { EXPECT_EQ(module->GetModuleType(), ModuleSnapshot::kModuleTypeSharedLibrary); - EXPECT_STREQ(module->Name().c_str(), "/path/to/module"); - EXPECT_STREQ(module->DebugFileName().c_str(), "module"); + + if (expect_module_path) { + EXPECT_STREQ(module->Name().c_str(), "/path/to/module"); + EXPECT_STREQ(module->DebugFileName().c_str(), "module"); + } UUID uuid; uint32_t age; module->UUIDAndAge(&uuid, &age); @@ -424,7 +430,8 @@ class ProcessSnapshotIOSIntermediateDumpTest : public testing::Test { EXPECT_STREQ(daylight_name.c_str(), "Daylight"); } - void ExpectSnapshot(const ProcessSnapshot& snapshot) { + void ExpectSnapshot(const ProcessSnapshot& snapshot, + bool expect_module_path) { EXPECT_EQ(snapshot.ProcessID(), 2); EXPECT_EQ(snapshot.ParentProcessID(), 1); @@ -447,7 +454,7 @@ class ProcessSnapshotIOSIntermediateDumpTest : public testing::Test { ExpectSystem(*snapshot.System()); ExpectThreads(snapshot.Threads()); - ExpectModules(snapshot.Modules()); + ExpectModules(snapshot.Modules(), expect_module_path); ExpectMachException(*snapshot.Exception()); } @@ -626,14 +633,14 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, ShortContext) { WriteSystemInfo(writer()); WriteProcessInfo(writer()); WriteThreads(writer()); - WriteModules(writer()); + WriteModules(writer(), /*has_module_path=*/false); WriteMachException(writer(), true /* short_context=true*/); } ProcessSnapshotIOSIntermediateDump process_snapshot; ASSERT_TRUE(process_snapshot.InitializeWithFilePath(path(), annotations())); EXPECT_FALSE(IsRegularFile(path())); EXPECT_TRUE(DumpSnapshot(process_snapshot)); - ExpectSnapshot(process_snapshot); + ExpectSnapshot(process_snapshot, /*expect_module_path=*/false); } TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FullReport) { @@ -644,14 +651,14 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FullReport) { WriteSystemInfo(writer()); WriteProcessInfo(writer()); WriteThreads(writer()); - WriteModules(writer()); + WriteModules(writer(), /*has_module_path=*/true); WriteMachException(writer()); } ProcessSnapshotIOSIntermediateDump process_snapshot; ASSERT_TRUE(process_snapshot.InitializeWithFilePath(path(), annotations())); EXPECT_FALSE(IsRegularFile(path())); EXPECT_TRUE(DumpSnapshot(process_snapshot)); - ExpectSnapshot(process_snapshot); + ExpectSnapshot(process_snapshot, /*expect_module_path=*/true); } TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FuzzTestCases) { @@ -672,6 +679,11 @@ TEST_F(ProcessSnapshotIOSIntermediateDumpTest, FuzzTestCases) { map = process_snapshot2.AnnotationsSimpleMap(); ASSERT_TRUE(map.find("crashpad_intermediate_dump_incomplete") != map.end()); EXPECT_EQ(map["crashpad_intermediate_dump_incomplete"], "yes"); + + fuzz_path = TestPaths::TestDataRoot().Append( + FILE_PATH_LITERAL("snapshot/ios/testdata/crash-6605504629637120")); + crashpad::internal::ProcessSnapshotIOSIntermediateDump process_snapshot3; + EXPECT_FALSE(process_snapshot3.InitializeWithFilePath(fuzz_path, {})); } } // namespace diff --git a/chromium/third_party/crashpad/crashpad/util/ios/ios_intermediate_dump_reader.cc b/chromium/third_party/crashpad/crashpad/util/ios/ios_intermediate_dump_reader.cc index 022133bce75..d9610f656fc 100644 --- a/chromium/third_party/crashpad/crashpad/util/ios/ios_intermediate_dump_reader.cc +++ b/chromium/third_party/crashpad/crashpad/util/ios/ios_intermediate_dump_reader.cc @@ -70,6 +70,12 @@ bool IOSIntermediateDumpReader::Parse(FileReaderInterface* reader, } while (reader->ReadExactly(&command, sizeof(Command))) { + constexpr int kMaxStackDepth = 10; + if (stack.size() > kMaxStackDepth) { + LOG(ERROR) << "Unexpected depth of intermediate dump data."; + return false; + } + IOSIntermediateDumpObject* parent = stack.top(); switch (command) { case Command::kMapStart: { |