- RISCV32 will only include support for 32 bit floating point registers
- RISCV64 will only include support for 64 bit floating point registers
- RISCV 32/64 context will include a "version" field to account for
future extensions
Fixed: 1447862
Tested: `make check` on x86 host
Tested: `minidump_stackwalk` for RISCV64 minidump on x86 host
Change-Id: I605d5b2c35e627a5dc986aaf818a9c9898f6ae0b
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4553281
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- Replace DISALLOW_COPY_AND_ASSIGN with =delete.
- Replace some NULLs with nullptrs;
- Use the override keyword when appropriate.
- Use =default when appropriate.
Change-Id: I99e1d7f349dd4c32aa5d05e2ebdce7a86e47f551
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4527718
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This adds a new flag `enable_objdump_for_exploitability_` to the
MinidumpProcessor, which allows enabling objdump separately for crash
address fixups and for exploitability analysis, as the performance cost
of the exploitability analysis is significantly higher.
Change-Id: I667ffdce7cc0a970793f91413c3d2e3af93f4247
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4507067
Reviewed-by: Ivan Penkov <ivanpe@google.com>
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This is a speculative fix for a memory bug where our symbol files are
looking like they've grown enough that serializing them will outgrow
UINT_MAX. Before this change a size_t is implicitly cast to a size_t in
unsigned int, allocate a buffer of that size and then continue to write
module data out of bounds.
I have not been able to reproduce the OOB write locally as the original
uploaded symbol data is gone, but I have been able to reproduce builds
where, if we enable inline frames and CFI dumping, the size grows to
3.6GB when serializing it, which is close enough to 4.2GB that the
wrapping theory seems reasonable on another board or build.
No effort is made here to prevent wrapping behavior on 32-bit systems.
Bug: b/237242489, chromium:1410232
Change-Id: I3d7ec03c51c298f10df3d5b1e5306433875c7919
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4477821
Reviewed-by: Leonard Grey <lgrey@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Printing the register values as part of the stack trace relies on the
CPU architecture being "riscv" or "riscv64" rather than the numeric
identifiers (0x8005 and 0x8006, respectively).
Fixed: 1432306
Test: Run `minidump_stackwalk` on a RISC-V minidump
Change-Id: I0009da687438d51047e2ee39ffa1c50d78798caa
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4416399
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Breakpad skips the xstate area in x64 contexts but allowed this area
to be of unconstrained size. This hits problems if the size is greater
than Chrome's maximum allocation size, so we change to skipping a
maximum size. The maximum is chosen to allow the full set of states
today, plus some slack for the future:
Based on Intel x64 manual 13.5 XSAVE-MANAGED STATE
* => further bytes might be reserved
| Size | Region |
| 576 | Legacy + header |
| 384 | AVX State |
| 80 | MPX State |
| 1600 | AVX-512 State |
| 72*| PT State |
| 8 | pkru state |
| 8 | pasid state |
| 16 | CET state |
| 8 | HDC State |
| 96?| uintr state |
| 808*| lbr state |
| 8 | hwp state |
| 16 | amx state |
== 3680 so jump up a bit for the future to 2**12.
Bug:1425631
Change-Id: Ie08555651977cdbfa1c351c661118f13238213c4
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4379497
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
The added flag will print only one line per frame for the requesting
thread (This is mostly the crashing thread).
Refactor the code for printing the frame so it can be reused.
Bug: 1374075
Change-Id: I8a1c8b1a09740fcaa23c3cc642468622ee64ea73
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4339771
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Added
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
to the beginning of all source files that didn't have it.
This ensures that configuration options are respected in all source
files. In particular, it ensures that the defines needed to fix Large
File System issues are set before including system headers.
More generally, it ensures consistency between the source files, and
avoids the possibility of ODR violations between source files that were
including config.h and source files that were not.
Process:
Ran
find . \( -name third_party -prune \) -o \( -name '.git*' -prune \) -o \( \( -name '*.cc' -o -name '*.c' \) -exec sed -i '0,/^#include/ s/^#include/#ifdef HAVE_CONFIG_H\n#include <config.h> \/\/ Must come first\n#endif\n\n#include/' {} + \)
and then manually fixed up src/common/linux/guid_creator.cc,
src/tools/solaris/dump_syms/testdata/dump_syms_regtest.cc,
src/tools/windows/dump_syms/testdata/dump_syms_regtest.cc,
src/common/stabs_reader.h, and src/common/linux/breakpad_getcontext.h.
BUG=google-breakpad:877
Fixed: google-breakpad:877
TEST=./configure && make && make check
TEST=Did the find/sed in ChromeOS's copy, ensured emerge-hana google-breakpad
worked and had fewer LFS violations.
TEST=Did the find/sed in Chrome's copy, ensured compiling hana, windows, linux, and
eve still worked (since Chrome doesn't used config.h)
Change-Id: I16cededbba0ea0c28e919b13243e35300999e799
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4289676
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Changes a recent introduction of sprintf to snprintf since sprintf is
deprecated in Chromium.
Bug: crashpad:329
Change-Id: Icd346da4c86bd8e867266dfebaf617991dd90113
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4261633
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Updates minidump_dump to print out any Crashpad annotation objects that
are in a minidump. If an annotation contains a string value, it will be
printed out as such, otherwise it will be printed out as hex bytes.
Bug: crashpad:329
Change-Id: Ieecd6381c623f9011b16357742f7145a118dbc3c
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4261631
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This change removes ScopedTmpFile from DisassemblerObjdump, and
replaces it with the use of the implementation in linux/common.
It also switches to using ScopedPipe to read the output from objdump,
and directly execing objdump instead of using system.
Change-Id: I6d425190fb4a20d6b265c72aa7315026687cb86a
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3971919
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
At the moment, the Minidump class only supports reading simple and
list annotations from Crashpad minidumps. This change adds support
for reading annotation objects stored in Crashpad modules
(MDRawModuleCrashpadInfo) and exposes them via a new getter in
MinidumpCrashpadInfo.
Change-Id: I033fc4a4fdff5901babc2472e0150f79af56b830
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4195756
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Chromium moved to GN a long time ago, and CrOS has never used this.
Let's remove one of the build systems to make it easier on people.
Especially since the GYP tool is completely unmaintained now.
Change-Id: I0371ca1427811f307dc30f88ed6d1bf61d7fab89
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4054941
Reviewed-by: Mark Mentovai <mark@chromium.org>
Using `sizeof(raw_context)` generates the following warning (which is
an error in ChromeOS):
```
'memset' call operates on objects of type 'MDRawContextX86' while the size
is based on a different type 'MDRawContextX86 *'
```
This commit follows the implied advice of this warning and adjusts the
expression.
Bug: b:238678030, b:243982778
Test: Locally
Change-Id: I26111c6ff7a1223223e6096a75ad52c48d941e89
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3960915
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This uses DisassemblerObjdump to add a processing step in
MinidumpProcessor to compute the true faulting address from register
state and disassembly of the fault instruction when the fault address
is suspicious (-1).
Bug: 901847
Change-Id: Ia1f77d542c4055c82ce2504db8c84a9e52001866
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3932957
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This extracts the existing objdump-based disassembler engine used in
ExploitabilityLinux into a seperate reusable class, and adds support
for most common address operand formats.
This is a precursor to using DisassemblerObjdump to handle address
resolution for non-canonical address dereferences on amd64.
Bug: 901847
Change-Id: I1a06a86fc2e7c76b4d0e79eca5f8a6c501379f47
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3720740
Reviewed-by: Ivan Penkov <ivanpe@google.com>
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
Guard the Linux specific tests by checking for __linux__, as it does
not only not work on Windows but not on macOS either.
Change-Id: I0e710a6da8e6686f11bc8ea23e07ac19f3b4beb2
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3928026
Reviewed-by: Mike Frysinger <vapier@chromium.org>
sed -i '' -E -e 's/Copyright (\(c\) )?([0-9-]+),? (Google|The Chromium Authors).*(\r)?$/Copyright \2 Google LLC\4/' -e '/^((\/\/|#| \*) )?All rights reserved\.?\r?$/d' -e 's/name of Google Inc\. nor the/name of Google LLC nor the/' -e 's/POSSIBILITY OF SUCH DAMAGE$/POSSIBILITY OF SUCH DAMAGE./' $(git grep -El 'Copyright (\(c\) )?([0-9-]+),? (Google|The Chromium Authors).*$')
Plus manual fixes for src/processor/disassembler_x86.{cc,h}.
Plus some conversions from CRLF to LF line endings in .cc and .h files.
Bug: chromium:1098010
Change-Id: I8030e804eecd9f5a1ec9d66ae166efd8418c2a67
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3878302
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Previously these all resulted in EXCEPTION_STACK_BUFFER_OVERRUN
but this hides various specific fast fail crash types, which
are now provided based on the exception's subcode.
Tests: added to minidump_process_unittest.cc
Bug: 865632
Change-Id: Ic6693de247da55cf6d132d108c6e20c635f366b1
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3771437
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Explicitly call out where overflows are expected, and add appropriate
checking for them.
BUG=b:235999011
TEST=Unittests on CrOS and Linux
Change-Id: I999a6996183c2f4afc16a1c0188dee3bd64d7f09
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3759630
Reviewed-by: Mike Frysinger <vapier@chromium.org>
On ARM, this write fails to build:
comparison of integers of different signs: 'ssize_t' (aka 'int') and
'const unsigned int' [-Werror,-Wsign-compare]
Since we check that it's <= 15 above, we can simply cast it without
issue.
Bug: b:235999011
Change-Id: Id75fc0df74e88b347df615df06567e96c6b59a1d
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3758800
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This test's constructor fails to fully initialize this raw context. As a
result, we have at least one use of uninitialized memory in CFI.At4004.
This causes said test to fail under ASAN.
Bug: b:235999011
Change-Id: I3279da8ac3414eb8c90f3949a1db47a03e750a94
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3756749
Reviewed-by: Mike Frysinger <vapier@chromium.org>
exploitability_linux assumed a 15 byte buffer to always be passed in as
`raw_bytes` for `DisassembleBytes`. This test was passing in a 6 byte
buffer. Make `DisassembleBytes` accept a length.
Bug: b:235999011
Change-Id: I696c66357faa1c7d762c64009864123897f03488
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3756170
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Evaluating CFI rules may fail due to e.g. the unavailability of the
memory or some register values. Failures in recovering registers other
than CFA or return address can be ignored because they are optional.
Bug: fuchsia:102034
Change-Id: Ia1d8bdb12766e32b5445b49d353fc71c63ab73e7
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3701260
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Since the introduction of inlined frames, it is not sufficient to check
the stack trace length (== 1) in order to identify context frames.
Updating all location that were depending on this assumption to check
for frame trust level instead.
Change-Id: I98f966889367c2270c268b8e78b67418c89c50f1
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3499020
Reviewed-by: Mark Mentovai <mark@chromium.org>
for Windows x64 stacks.
According to https://reviews.llvm.org/D2474, LLVM does't generate unwind info for leaf function which doesn't touch any callee-saved
registers. According to MSDN, leaf functions can be unwound simply by
simulating a return.
Change-Id: Ic0503e2aca90b0ba5799133ea8439f1b5f2eefda
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3489332
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This is needed in order to properly detect and highlight frames that
correspond to multiple functions, for example as the result of identical
code folding by the linker.
Bug: google-breakpad:751
Change-Id: I2ee7c147fcff6493c2454383ad5422b38269759a
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3471034
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Inline frames are always of the base-class type (StackFrame). Treating them as derived-class and accessing members was causing heap buffer overflows.
Change-Id: Id4122ab6a31f016933038a1cb63d45d5c38481f5
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3425445
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- FastSourceLineResolver::Module::LoadMapFromMemory now rejects an older version of the serialization format.
- Cleaned up several unneeded usages of scoped_ptr::get.
- Fixed the serialization of bool. The serialization code was using 255 for 'true' while the deserialization code was expecting to see 1.
- Serialization for PublicSymbol.is_multiple was missing. Deserialization was expecting it
- Added some logging to processor/source_line_resolver_base.cc
Change-Id: Iadc7d8ee23bf3a07e4ea280d5d4c3f25f6278b69
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3324395
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- Ignore DW_TAG_inlined_subroutine with empty range.
- Don't stop parsing after parsing malformed INLINE/INLINE_ORIGIN
records, because reports can still be generated without them but won't
have inlined frames.
Bug: 1190878
Change-Id: I445105ad06b9146268f7d064e85b0d162c3f2a39
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3321166
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This adds a new mode in ContainedRangeMap which allows existance of
equal ranges. Among those equal ranges, the most recently added range is
the innermost range.
This also adds a function to ContainedRangeMap and
StaticContainedRangeMap to allow users get a vector of entries that
contains given address from innermost to outermost ranges.
Change-Id: I84c1f2e49ffcaf8238df60e41498730103d1ead6
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3291137
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
This is a more practical reserved capacity than
std::numeric_limits<int>::max() for the vector.
Change-Id: Ic8d4e812c3804e4f15cc51650f7a91bae7313415
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3301419
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
