From 647aa17a7aa8ec0b99ffd005908b8a4ab1995a30 Mon Sep 17 00:00:00 2001
From: Zequan Wu <zequanwu@google.com>
Date: Tue, 7 Dec 2021 12:37:07 -0800
Subject: [PATCH] Fix corrupted symbol file due to malformed
 INLINE/INLINE_ORIGIN records

- Ignore DW_TAG_inlined_subroutine with empty range.
- Don't stop parsing after parsing malformed INLINE/INLINE_ORIGIN
records, because reports can still be generated without them but won't
have inlined frames.

Bug: 1190878
Change-Id: I445105ad06b9146268f7d064e85b0d162c3f2a39
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3321166
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
---
 src/common/dwarf_cu_to_module.cc            | 5 +++++
 src/processor/basic_source_line_resolver.cc | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/common/dwarf_cu_to_module.cc b/src/common/dwarf_cu_to_module.cc
index 04d19479..4bd71564 100644
--- a/src/common/dwarf_cu_to_module.cc
+++ b/src/common/dwarf_cu_to_module.cc
@@ -652,6 +652,11 @@ void DwarfCUToModule::InlineHandler::Finish() {
     }
   }
 
+  // Ignore DW_TAG_inlined_subroutine with empty range.
+  if (ranges.empty()) {
+    return;
+  }
+
   // Every DW_TAG_inlined_subroutine should have a DW_AT_abstract_origin.
   assert(specification_offset_ != 0);
 
diff --git a/src/processor/basic_source_line_resolver.cc b/src/processor/basic_source_line_resolver.cc
index 4a565f11..dccbd74b 100644
--- a/src/processor/basic_source_line_resolver.cc
+++ b/src/processor/basic_source_line_resolver.cc
@@ -128,6 +128,7 @@ bool BasicSourceLineResolver::Module::LoadMapFromMemory(
   linked_ptr<Function> cur_func;
   int line_number = 0;
   int num_errors = 0;
+  int inline_num_errors = 0;
   char* save_ptr;
 
   // If the length is 0, we can still pretend we have a symbol file. This is
@@ -208,12 +209,13 @@ bool BasicSourceLineResolver::Module::LoadMapFromMemory(
     } else if (strncmp(buffer, "INLINE ", 7) == 0) {
       linked_ptr<Inline> in = ParseInline(buffer);
       if (!in.get())
-        LogParseError("ParseInline failed", line_number, &num_errors);
+        LogParseError("ParseInline failed", line_number, &inline_num_errors);
       else
         cur_func->AppendInline(in);
     } else if (strncmp(buffer, "INLINE_ORIGIN ", 14) == 0) {
       if (!ParseInlineOrigin(buffer)) {
-        LogParseError("ParseInlineOrigin failed", line_number, &num_errors);
+        LogParseError("ParseInlineOrigin failed", line_number,
+                      &inline_num_errors);
       }
     } else {
       if (!cur_func.get()) {