mirror of
https://github.com/yuzu-emu/breakpad.git
synced 2025-01-25 18:21:12 +00:00
Updating ExploitabilityLinux to check memory mapping names against a prefix
instead of a specific name. This will prevent false positives on systems which use a format such as “[stack:69616]” for stack memory mapping names. Change-Id: I51aeda2fe856c1f37f0d18ac06cce69fec2fffa2 Reviewed-on: https://chromium-review.googlesource.com/377086 Reviewed-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
parent
a2196179cc
commit
968c388922
|
@ -54,14 +54,18 @@
|
|||
|
||||
namespace {
|
||||
|
||||
// Prefixes for memory mapping names.
|
||||
constexpr char kHeapPrefix[] = "[heap";
|
||||
constexpr char kStackPrefix[] = "[stack";
|
||||
|
||||
// This function in libc is called if the program was compiled with
|
||||
// -fstack-protector and a function's stack canary changes.
|
||||
const char kStackCheckFailureFunction[] = "__stack_chk_fail";
|
||||
constexpr char kStackCheckFailureFunction[] = "__stack_chk_fail";
|
||||
|
||||
// This function in libc is called if the program was compiled with
|
||||
// -D_FORTIFY_SOURCE=2, a function like strcpy() is called, and the runtime
|
||||
// can determine that the call would overflow the target buffer.
|
||||
const char kBoundsCheckFailureFunction[] = "__chk_fail";
|
||||
constexpr char kBoundsCheckFailureFunction[] = "__chk_fail";
|
||||
|
||||
#ifndef _WIN32
|
||||
const unsigned int MAX_INSTRUCTION_LEN = 15;
|
||||
|
@ -539,9 +543,9 @@ bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) {
|
|||
// Checks if the stack pointer maps to a valid mapping and if the mapping
|
||||
// is not the stack. If the mapping has no name, it is inconclusive whether
|
||||
// it is off the stack.
|
||||
return !linux_maps ||
|
||||
(linux_maps->GetPathname().compare("") &&
|
||||
linux_maps->GetPathname().compare("[stack]"));
|
||||
return !linux_maps || (linux_maps->GetPathname().compare("") &&
|
||||
linux_maps->GetPathname().compare(
|
||||
0, strlen(kStackPrefix), kStackPrefix));
|
||||
}
|
||||
|
||||
bool ExploitabilityLinux::ExecutableStackOrHeap() {
|
||||
|
@ -551,9 +555,10 @@ bool ExploitabilityLinux::ExecutableStackOrHeap() {
|
|||
const MinidumpLinuxMaps *linux_maps =
|
||||
linux_maps_list->GetLinuxMapsAtIndex(i);
|
||||
// Check for executable stack or heap for each mapping.
|
||||
if (linux_maps &&
|
||||
(!linux_maps->GetPathname().compare("[stack]") ||
|
||||
!linux_maps->GetPathname().compare("[heap]")) &&
|
||||
if (linux_maps && (!linux_maps->GetPathname().compare(
|
||||
0, strlen(kStackPrefix), kStackPrefix) ||
|
||||
!linux_maps->GetPathname().compare(
|
||||
0, strlen(kHeapPrefix), kHeapPrefix)) &&
|
||||
linux_maps->IsExecutable()) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -161,6 +161,8 @@ TEST(ExploitabilityTest, TestLinuxEngine) {
|
|||
ExploitabilityFor("linux_inside_module_exe_region2.dmp"));
|
||||
ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
|
||||
ExploitabilityFor("linux_stack_pointer_in_stack.dmp"));
|
||||
ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
|
||||
ExploitabilityFor("linux_stack_pointer_in_stack_alt_name.dmp"));
|
||||
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
||||
ExploitabilityFor("linux_stack_pointer_in_module.dmp"));
|
||||
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
||||
|
|
BIN
src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp
vendored
Normal file
BIN
src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue