diff --git a/src/google_breakpad/common/minidump_exception_win32.h b/src/google_breakpad/common/minidump_exception_win32.h index 4b5d57c8..9f734d5b 100644 --- a/src/google_breakpad/common/minidump_exception_win32.h +++ b/src/google_breakpad/common/minidump_exception_win32.h @@ -2266,4 +2266,77 @@ typedef enum { MD_IN_PAGE_ERROR_WIN_EXEC = 8 } MDInPageErrorTypeWin; +// These constants are defined in winnt.h and are used with the +// STATUS_STACK_BUFFER_OVERRUN exception as exception subcodes. +typedef enum { + MD_FAST_FAIL_LEGACY_GS_VIOLATION = 0, + MD_FAST_FAIL_VTGUARD_CHECK_FAILURE = 1, + MD_FAST_FAIL_STACK_COOKIE_CHECK_FAILURE = 2, + MD_FAST_FAIL_CORRUPT_LIST_ENTRY = 3, + MD_FAST_FAIL_INCORRECT_STACK = 4, + MD_FAST_FAIL_INVALID_ARG = 5, + MD_FAST_FAIL_GS_COOKIE_INIT = 6, + MD_FAST_FAIL_FATAL_APP_EXIT = 7, + MD_FAST_FAIL_RANGE_CHECK_FAILURE = 8, + MD_FAST_FAIL_UNSAFE_REGISTRY_ACCESS = 9, + MD_FAST_FAIL_GUARD_ICALL_CHECK_FAILURE = 10, + MD_FAST_FAIL_GUARD_WRITE_CHECK_FAILURE = 11, + MD_FAST_FAIL_INVALID_FIBER_SWITCH = 12, + MD_FAST_FAIL_INVALID_SET_OF_CONTEXT = 13, + MD_FAST_FAIL_INVALID_REFERENCE_COUNT = 14, + MD_FAST_FAIL_INVALID_JUMP_BUFFER = 18, + MD_FAST_FAIL_MRDATA_MODIFIED = 19, + MD_FAST_FAIL_CERTIFICATION_FAILURE = 20, + MD_FAST_FAIL_INVALID_EXCEPTION_CHAIN = 21, + MD_FAST_FAIL_CRYPTO_LIBRARY = 22, + MD_FAST_FAIL_INVALID_CALL_IN_DLL_CALLOUT = 23, + MD_FAST_FAIL_INVALID_IMAGE_BASE = 24, + MD_FAST_FAIL_DLOAD_PROTECTION_FAILURE = 25, + MD_FAST_FAIL_UNSAFE_EXTENSION_CALL = 26, + MD_FAST_FAIL_DEPRECATED_SERVICE_INVOKED = 27, + MD_FAST_FAIL_INVALID_BUFFER_ACCESS = 28, + MD_FAST_FAIL_INVALID_BALANCED_TREE = 29, + MD_FAST_FAIL_INVALID_NEXT_THREAD = 30, + MD_FAST_FAIL_GUARD_ICALL_CHECK_SUPPRESSED = 31, + MD_FAST_FAIL_APCS_DISABLED = 32, + MD_FAST_FAIL_INVALID_IDLE_STATE = 33, + MD_FAST_FAIL_MRDATA_PROTECTION_FAILURE = 34, + MD_FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION = 35, + MD_FAST_FAIL_INVALID_LOCK_STATE = 36, + MD_FAST_FAIL_GUARD_JUMPTABLE = 37, + MD_FAST_FAIL_INVALID_LONGJUMP_TARGET = 38, + MD_FAST_FAIL_INVALID_DISPATCH_CONTEXT = 39, + MD_FAST_FAIL_INVALID_THREAD = 40, + MD_FAST_FAIL_INVALID_SYSCALL_NUMBER = 41, + MD_FAST_FAIL_INVALID_FILE_OPERATION = 42, + MD_FAST_FAIL_LPAC_ACCESS_DENIED = 43, + MD_FAST_FAIL_GUARD_SS_FAILURE = 44, + MD_FAST_FAIL_LOADER_CONTINUITY_FAILURE = 45, + MD_FAST_FAIL_GUARD_EXPORT_SUPPRESSION_FAILURE = 46, + MD_FAST_FAIL_INVALID_CONTROL_STACK = 47, + MD_FAST_FAIL_SET_CONTEXT_DENIED = 48, + MD_FAST_FAIL_INVALID_IAT = 49, + MD_FAST_FAIL_HEAP_METADATA_CORRUPTION = 50, + MD_FAST_FAIL_PAYLOAD_RESTRICTION_VIOLATION = 51, + MD_FAST_FAIL_LOW_LABEL_ACCESS_DENIED = 52, + MD_FAST_FAIL_ENCLAVE_CALL_FAILURE = 53, + MD_FAST_FAIL_UNHANDLED_LSS_EXCEPTON = 54, + MD_FAST_FAIL_ADMINLESS_ACCESS_DENIED = 55, + MD_FAST_FAIL_UNEXPECTED_CALL = 56, + MD_FAST_FAIL_CONTROL_INVALID_RETURN_ADDRESS = 57, + MD_FAST_FAIL_UNEXPECTED_HOST_BEHAVIOR = 58, + MD_FAST_FAIL_FLAGS_CORRUPTION = 59, + MD_FAST_FAIL_VEH_CORRUPTION = 60, + MD_FAST_FAIL_ETW_CORRUPTION = 61, + MD_FAST_FAIL_RIO_ABORT = 62, + MD_FAST_FAIL_INVALID_PFN = 63, + MD_FAST_FAIL_GUARD_ICALL_CHECK_FAILURE_XFG = 64, + MD_FAST_FAIL_CAST_GUARD = 65, + MD_FAST_FAIL_HOST_VISIBILITY_CHANGE = 66, + MD_FAST_FAIL_KERNEL_CET_SHADOW_STACK_ASSIST = 67, + MD_FAST_FAIL_PATCH_CALLBACK_FAILED = 68, + MD_FAST_FAIL_NTDLL_PATCH_FAILED = 69, + MD_FAST_FAIL_INVALID_FLS_DATA = 70 +} MDFastFailSubcodeTypeWin; + #endif /* GOOGLE_BREAKPAD_COMMON_MINIDUMP_EXCEPTION_WIN32_H__ */ diff --git a/src/processor/minidump_processor.cc b/src/processor/minidump_processor.cc index fd4b28e2..e6875c9e 100644 --- a/src/processor/minidump_processor.cc +++ b/src/processor/minidump_processor.cc @@ -1330,7 +1330,220 @@ string MinidumpProcessor::GetCrashReason(Minidump* dump, uint64_t* address) { reason = "EXCEPTION_POSSIBLE_DEADLOCK"; break; case MD_EXCEPTION_CODE_WIN_STACK_BUFFER_OVERRUN: - reason = "EXCEPTION_STACK_BUFFER_OVERRUN"; + if (raw_exception->exception_record.number_parameters >= 1) { + MDFastFailSubcodeTypeWin subcode = + static_cast( + raw_exception->exception_record.exception_information[0]); + switch (subcode) { + // Note - we skip the '0'/GS case as it exists for legacy reasons. + case MD_FAST_FAIL_VTGUARD_CHECK_FAILURE: + reason = "FAST_FAIL_VTGUARD_CHECK_FAILURE"; + break; + case MD_FAST_FAIL_STACK_COOKIE_CHECK_FAILURE: + reason = "FAST_FAIL_STACK_COOKIE_CHECK_FAILURE"; + break; + case MD_FAST_FAIL_CORRUPT_LIST_ENTRY: + reason = "FAST_FAIL_CORRUPT_LIST_ENTRY"; + break; + case MD_FAST_FAIL_INCORRECT_STACK: + reason = "FAST_FAIL_INCORRECT_STACK"; + break; + case MD_FAST_FAIL_INVALID_ARG: + reason = "FAST_FAIL_INVALID_ARG"; + break; + case MD_FAST_FAIL_GS_COOKIE_INIT: + reason = "FAST_FAIL_GS_COOKIE_INIT"; + break; + case MD_FAST_FAIL_FATAL_APP_EXIT: + reason = "FAST_FAIL_FATAL_APP_EXIT"; + break; + case MD_FAST_FAIL_RANGE_CHECK_FAILURE: + reason = "FAST_FAIL_RANGE_CHECK_FAILURE"; + break; + case MD_FAST_FAIL_UNSAFE_REGISTRY_ACCESS: + reason = "FAST_FAIL_UNSAFE_REGISTRY_ACCESS"; + break; + case MD_FAST_FAIL_GUARD_ICALL_CHECK_FAILURE: + reason = "FAST_FAIL_GUARD_ICALL_CHECK_FAILURE"; + break; + case MD_FAST_FAIL_GUARD_WRITE_CHECK_FAILURE: + reason = "FAST_FAIL_GUARD_WRITE_CHECK_FAILURE"; + break; + case MD_FAST_FAIL_INVALID_FIBER_SWITCH: + reason = "FAST_FAIL_INVALID_FIBER_SWITCH"; + break; + case MD_FAST_FAIL_INVALID_SET_OF_CONTEXT: + reason = "FAST_FAIL_INVALID_SET_OF_CONTEXT"; + break; + case MD_FAST_FAIL_INVALID_REFERENCE_COUNT: + reason = "FAST_FAIL_INVALID_REFERENCE_COUNT"; + break; + case MD_FAST_FAIL_INVALID_JUMP_BUFFER: + reason = "FAST_FAIL_INVALID_JUMP_BUFFER"; + break; + case MD_FAST_FAIL_MRDATA_MODIFIED: + reason = "FAST_FAIL_MRDATA_MODIFIED"; + break; + case MD_FAST_FAIL_CERTIFICATION_FAILURE: + reason = "FAST_FAIL_CERTIFICATION_FAILURE"; + break; + case MD_FAST_FAIL_INVALID_EXCEPTION_CHAIN: + reason = "FAST_FAIL_INVALID_EXCEPTION_CHAIN"; + break; + case MD_FAST_FAIL_CRYPTO_LIBRARY: + reason = "FAST_FAIL_CRYPTO_LIBRARY"; + break; + case MD_FAST_FAIL_INVALID_CALL_IN_DLL_CALLOUT: + reason = "FAST_FAIL_INVALID_CALL_IN_DLL_CALLOUT"; + break; + case MD_FAST_FAIL_INVALID_IMAGE_BASE: + reason = "FAST_FAIL_INVALID_IMAGE_BASE"; + break; + case MD_FAST_FAIL_DLOAD_PROTECTION_FAILURE: + reason = "FAST_FAIL_DLOAD_PROTECTION_FAILURE"; + break; + case MD_FAST_FAIL_UNSAFE_EXTENSION_CALL: + reason = "FAST_FAIL_UNSAFE_EXTENSION_CALL"; + break; + case MD_FAST_FAIL_DEPRECATED_SERVICE_INVOKED: + reason = "FAST_FAIL_DEPRECATED_SERVICE_INVOKED"; + break; + case MD_FAST_FAIL_INVALID_BUFFER_ACCESS: + reason = "FAST_FAIL_INVALID_BUFFER_ACCESS"; + break; + case MD_FAST_FAIL_INVALID_BALANCED_TREE: + reason = "FAST_FAIL_INVALID_BALANCED_TREE"; + break; + case MD_FAST_FAIL_INVALID_NEXT_THREAD: + reason = "FAST_FAIL_INVALID_NEXT_THREAD"; + break; + case MD_FAST_FAIL_GUARD_ICALL_CHECK_SUPPRESSED: + reason = "FAST_FAIL_GUARD_ICALL_CHECK_SUPPRESSED"; + break; + case MD_FAST_FAIL_APCS_DISABLED: + reason = "FAST_FAIL_APCS_DISABLED"; + break; + case MD_FAST_FAIL_INVALID_IDLE_STATE: + reason = "FAST_FAIL_INVALID_IDLE_STATE"; + break; + case MD_FAST_FAIL_MRDATA_PROTECTION_FAILURE: + reason = "FAST_FAIL_MRDATA_PROTECTION_FAILURE"; + break; + case MD_FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION: + reason = "FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION"; + break; + case MD_FAST_FAIL_INVALID_LOCK_STATE: + reason = "FAST_FAIL_INVALID_LOCK_STATE"; + break; + case MD_FAST_FAIL_GUARD_JUMPTABLE: + reason = "FAST_FAIL_GUARD_JUMPTABLE"; + break; + case MD_FAST_FAIL_INVALID_LONGJUMP_TARGET: + reason = "FAST_FAIL_INVALID_LONGJUMP_TARGET"; + break; + case MD_FAST_FAIL_INVALID_DISPATCH_CONTEXT: + reason = "FAST_FAIL_INVALID_DISPATCH_CONTEXT"; + break; + case MD_FAST_FAIL_INVALID_THREAD: + reason = "FAST_FAIL_INVALID_THREAD"; + break; + case MD_FAST_FAIL_INVALID_SYSCALL_NUMBER: + reason = "FAST_FAIL_INVALID_SYSCALL_NUMBER"; + break; + case MD_FAST_FAIL_INVALID_FILE_OPERATION: + reason = "FAST_FAIL_INVALID_FILE_OPERATION"; + break; + case MD_FAST_FAIL_LPAC_ACCESS_DENIED: + reason = "FAST_FAIL_LPAC_ACCESS_DENIED"; + break; + case MD_FAST_FAIL_GUARD_SS_FAILURE: + reason = "FAST_FAIL_GUARD_SS_FAILURE"; + break; + case MD_FAST_FAIL_LOADER_CONTINUITY_FAILURE: + reason = "FAST_FAIL_LOADER_CONTINUITY_FAILURE"; + break; + case MD_FAST_FAIL_GUARD_EXPORT_SUPPRESSION_FAILURE: + reason = "FAST_FAIL_GUARD_EXPORT_SUPPRESSION_FAILURE"; + break; + case MD_FAST_FAIL_INVALID_CONTROL_STACK: + reason = "FAST_FAIL_INVALID_CONTROL_STACK"; + break; + case MD_FAST_FAIL_SET_CONTEXT_DENIED: + reason = "FAST_FAIL_SET_CONTEXT_DENIED"; + break; + case MD_FAST_FAIL_INVALID_IAT: + reason = "FAST_FAIL_INVALID_IAT"; + break; + case MD_FAST_FAIL_HEAP_METADATA_CORRUPTION: + reason = "FAST_FAIL_HEAP_METADATA_CORRUPTION"; + break; + case MD_FAST_FAIL_PAYLOAD_RESTRICTION_VIOLATION: + reason = "FAST_FAIL_PAYLOAD_RESTRICTION_VIOLATION"; + break; + case MD_FAST_FAIL_LOW_LABEL_ACCESS_DENIED: + reason = "FAST_FAIL_LOW_LABEL_ACCESS_DENIED"; + break; + case MD_FAST_FAIL_ENCLAVE_CALL_FAILURE: + reason = "FAST_FAIL_ENCLAVE_CALL_FAILURE"; + break; + case MD_FAST_FAIL_UNHANDLED_LSS_EXCEPTON: + reason = "FAST_FAIL_UNHANDLED_LSS_EXCEPTON"; + break; + case MD_FAST_FAIL_ADMINLESS_ACCESS_DENIED: + reason = "FAST_FAIL_ADMINLESS_ACCESS_DENIED"; + break; + case MD_FAST_FAIL_UNEXPECTED_CALL: + reason = "FAST_FAIL_UNEXPECTED_CALL"; + break; + case MD_FAST_FAIL_CONTROL_INVALID_RETURN_ADDRESS: + reason = "FAST_FAIL_CONTROL_INVALID_RETURN_ADDRESS"; + break; + case MD_FAST_FAIL_UNEXPECTED_HOST_BEHAVIOR: + reason = "FAST_FAIL_UNEXPECTED_HOST_BEHAVIOR"; + break; + case MD_FAST_FAIL_FLAGS_CORRUPTION: + reason = "FAST_FAIL_FLAGS_CORRUPTION"; + break; + case MD_FAST_FAIL_VEH_CORRUPTION: + reason = "FAST_FAIL_VEH_CORRUPTION"; + break; + case MD_FAST_FAIL_ETW_CORRUPTION: + reason = "FAST_FAIL_ETW_CORRUPTION"; + break; + case MD_FAST_FAIL_RIO_ABORT: + reason = "FAST_FAIL_RIO_ABORT"; + break; + case MD_FAST_FAIL_INVALID_PFN: + reason = "FAST_FAIL_INVALID_PFN"; + break; + case MD_FAST_FAIL_GUARD_ICALL_CHECK_FAILURE_XFG: + reason = "FAST_FAIL_GUARD_ICALL_CHECK_FAILURE_XFG"; + break; + case MD_FAST_FAIL_CAST_GUARD: + reason = "FAST_FAIL_CAST_GUARD"; + break; + case MD_FAST_FAIL_HOST_VISIBILITY_CHANGE: + reason = "FAST_FAIL_HOST_VISIBILITY_CHANGE"; + break; + case MD_FAST_FAIL_KERNEL_CET_SHADOW_STACK_ASSIST: + reason = "FAST_FAIL_KERNEL_CET_SHADOW_STACK_ASSIST"; + break; + case MD_FAST_FAIL_PATCH_CALLBACK_FAILED: + reason = "FAST_FAIL_PATCH_CALLBACK_FAILED"; + break; + case MD_FAST_FAIL_NTDLL_PATCH_FAILED: + reason = "FAST_FAIL_NTDLL_PATCH_FAILED"; + break; + case MD_FAST_FAIL_INVALID_FLS_DATA: + reason = "FAST_FAIL_INVALID_FLS_DATA"; + break; + default: + reason = "EXCEPTION_STACK_BUFFER_OVERRUN"; + break; + } + } else { + reason = "EXCEPTION_STACK_BUFFER_OVERRUN"; + } break; case MD_EXCEPTION_CODE_WIN_HEAP_CORRUPTION: reason = "EXCEPTION_HEAP_CORRUPTION"; diff --git a/src/processor/minidump_processor_unittest.cc b/src/processor/minidump_processor_unittest.cc index 775a48ea..3af000d0 100644 --- a/src/processor/minidump_processor_unittest.cc +++ b/src/processor/minidump_processor_unittest.cc @@ -784,6 +784,22 @@ TEST_F(MinidumpProcessorTest, TestXStateAmd64ContextMinidump) { // breakpad. } +TEST_F(MinidumpProcessorTest, TestFastFailException) { + // This tests if we can understand fastfail exception subcodes. + // Dump is captured from a toy executable and is readable by windbg. + MinidumpProcessor processor(nullptr, nullptr /*&supplier, &resolver*/); + + string minidump_file = GetTestDataPath() + + "tiny-exe-fastfail.dmp"; + + ProcessState state; + ASSERT_EQ(processor.Process(minidump_file, &state), + google_breakpad::PROCESS_OK); + ASSERT_TRUE(state.crashed()); + ASSERT_EQ(state.threads()->size(), size_t(4)); + ASSERT_EQ(state.crash_reason(), "FAST_FAIL_FATAL_APP_EXIT"); +} + } // namespace int main(int argc, char* argv[]) { diff --git a/src/processor/testdata/tiny-exe-fastfail.dmp b/src/processor/testdata/tiny-exe-fastfail.dmp new file mode 100644 index 00000000..f7a0a502 Binary files /dev/null and b/src/processor/testdata/tiny-exe-fastfail.dmp differ