mirror of
https://github.com/yuzu-emu/breakpad.git
synced 2024-12-24 03:15:30 +00:00
Fix overflow error in breakpad for linux
A computation in the stack unwind algorithm could cause an overflow if a base pointer read from crashed process is sufficiently close to top of address space. This causes a memory read that causes the dump thread to crash, resulting in a failure to generate crash dump. Check fixed to properly detect that this pointer is greater than actual memory range of current stack. Patch by Kyle Joswiak <kjoswiak@chromium.org> Review URL: https://breakpad.appspot.com/3754003/ git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1425 4c0a9323-5329-0410-9bdc-e9ce6186880e
This commit is contained in:
parent
c63cf36a13
commit
3b7262b0ee
|
@ -44,8 +44,8 @@ void SeccompUnwinder::PopSeccompStackFrame(RawContextCPU* cpu,
|
||||||
uint64_t top = thread.stack.start_of_memory_range;
|
uint64_t top = thread.stack.start_of_memory_range;
|
||||||
for (int i = 4; i--; ) {
|
for (int i = 4; i--; ) {
|
||||||
if (bp < top ||
|
if (bp < top ||
|
||||||
bp + sizeof(bp) > thread.stack.start_of_memory_range +
|
bp > thread.stack.start_of_memory_range +
|
||||||
thread.stack.memory.data_size ||
|
thread.stack.memory.data_size - sizeof(bp) ||
|
||||||
bp & 1) {
|
bp & 1) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -107,8 +107,8 @@ void SeccompUnwinder::PopSeccompStackFrame(RawContextCPU* cpu,
|
||||||
uint32_t top = thread.stack.start_of_memory_range;
|
uint32_t top = thread.stack.start_of_memory_range;
|
||||||
for (int i = 4; i--; ) {
|
for (int i = 4; i--; ) {
|
||||||
if (bp < top ||
|
if (bp < top ||
|
||||||
bp + sizeof(bp) > thread.stack.start_of_memory_range +
|
bp > thread.stack.start_of_memory_range +
|
||||||
thread.stack.memory.data_size ||
|
thread.stack.memory.data_size - sizeof(bp) ||
|
||||||
bp & 1) {
|
bp & 1) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue