Commit graph

1370 commits

Author SHA1 Message Date
Vadim Shtayura 26ce7a2a89 Change codereview.settings to point to new repo URL.
It changes "Committed: <URL>" in CLs to point to Git repo browser.

BUG=chromium:502355
R=mark@chromium.org

Review URL: https://codereview.chromium.org/1319083007 .
2015-09-01 17:13:51 -07:00
mmandlis@chromium.org 3f4d090d70 The "CPU architecture" field is being filled from the wrong part of
the microdump. The microdump OS/arch line looks like:
O A arm 04 armv7l 3.4.0-perf-g4d6e88e #1 SMP PREEMPT Mon Mar 30 19:09:30 2015
and currently the field that says "armv7l" or "aarch64" is being used
to fill in the CPU arch field in crash. The problem is that on a
64-bit device this field *always* says "aarch64" even when running in
a 32-bit process, and so currently the crash reports for aarch64 are
a mix of 32-bit and 64-bit crashes. We should be using the first field
instead, which just says "arm" or "arm64" and reflects the actual
version of webview (32-bit or 64-bit) which is running.

BUG=
R=primiano@chromium.org

Review URL: https://codereview.chromium.org/1306983003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1498 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-26 16:18:52 +00:00
Liu.andrew.x@gmail.com f073540795 Add check for Linux minidump ending on bad write for exploitability rating.
If a crash occurred as a result to a write to unwritable memory, it is reason
to suggest exploitability. The processor checks for a bad write by
disassembling the command that caused the crash by piping the raw bytes near
the instruction pointer through objdump. This allows the processor to see if
the instruction that caused the crash is a write to memory and where the
target of the address is located.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1273823004

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1497 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-21 16:22:19 +00:00
ted.mielczarek@gmail.com ee2d76fe90 Don't use strtok_s for mingw builds
R=ivanpe at https://codereview.chromium.org/1292503005/


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1496 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-20 15:09:16 +00:00
rmcilroy@chromium.org 8e8be001cb Add user_regs_struct and user_fpsimd_struct for aarch64 on Android.
Android's sys/user.h is missing user_regs_struct and user_fpsimd_struct.
Add them to the Android specific user.h used by breakpad to workaround
Android / glibc compatibility issues.

A bug has been filed on the Android NDK team to add the missing structures to
the NDK, at which point this hack can be removed.

Also remove the mxcsr_mask hack on x64, which is no longer required since
we have moved to the r10d NDK which fixes this issue.

R=primiano@chromium.org

Review URL: https://codereview.chromium.org/1291983003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1495 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-20 14:30:38 +00:00
wfh@chromium.org 9178d8fa03 Fix compile error with Windows clang.
This change fixes the following errors shown during compile with
Windows clang:

error: cannot pass non-trivial object of type 'ATL::CComBSTR' to variadic function; expected type from format string was 'wchar_t *' [-Wnon-pod-varargs]

Original CL: https://codereview.chromium.org/1252913009/

BUG=https://code.google.com/p/google-breakpad/issues/detail?id=662

Review URL: https://codereview.chromium.org/1307463003

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1494 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-19 22:28:17 +00:00
primiano@chromium.org 3bc3dad8f8 Fix inttypes format macros in src/processor/proc_maps_linux.cc
crrev.com/1298443002 has introduced a build failure by re-defining
__STDC_FORMAT_MACROS. Fixing it.

BUG=
R=mark@chromium.org, ted.mielczarek@gmail.com

Review URL: https://codereview.chromium.org/1303493003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1493 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-19 07:24:21 +00:00
primiano@chromium.org 3365fe7986 Remove obsolete seccomp_unwinder for legacy (pre-BPF) sandbox
The PopSeccompStackFrame was introduced to deal with stack frames
originated in the legacy seccomp sandbox. The only user of that
sandbox was Google Chrome, but the legacy sandbox has been
deprecated in 2013 (crrev.com/1290643003) in favor of the new
bpf sandbox.
Removing this dead code as it has some small bound checking bug
which causes occasional crashes in WebView (which are totally
unrelated to the sandbox).

Note: this will require a corresponding change in the chromium
GYP/GN build files to roll.

BUG=665,chromium:477444
R=jln@chromium.org, mark@chromium.org, torne@chromium.org

Review URL: https://codereview.chromium.org/1299593003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1492 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-18 08:38:14 +00:00
ted.mielczarek@gmail.com dc5c38675c Fix proc_maps_linux compile for non-Linux
R=ivanpe at https://codereview.chromium.org/1298443002/


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1491 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-17 11:55:15 +00:00
primiano@chromium.org 6ea9219d80 [microdump] Move microdump writes to the crash ring-buffer log
So far the microdump_writer dumped the log in logcat using the default
system log. This is simple to achieve but has some drawbacks:
 1. Creates spam in the system log, pushing back other eventual useful
    messages.
 2. There is a high chance that the microdump gets lost if some log
    spam storm happens immediately after a crash and before the log
    is collected by the feedback client.
 3. Since Android L, the logger is smartly throttling messages (to
    reduce logcat spam). Throttling brekpad logs defeats the all
    point of microdumps.

This change is conceptually very simple. Replace the use of
__android_log_write() with __android_log_buf_write(), which takes
an extra bufID argument. The main drawback is that the
__android_log_buf_write is not exported in the NDK and needs to be
dynamically looked up via dlsym.
This choice has been discussed and advocated by Android owners.
See the internal bug b/21753476.

BUG=chromium:512755
R=thestig@chromium.org

Review URL: https://codereview.chromium.org/1286063003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1490 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-17 10:32:26 +00:00
primiano@chromium.org a3e9c02647 [microdump] Fix hw architecture indication in build fingerprint line
r1456 introduced the possibility to customize the OS-line of the
microdump, enabling to replace, in the case of android, the generic
uname() info with the Android build fingerprint.
While doing that, it mistakenly removed the HW architecture indication
from the format.
See crbug.com/520075 for more details.

BUG=chromium:520075
R=mmandlis@chromium.org, torne@chromium.org

Review URL: https://codereview.chromium.org/1288313002 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1489 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-17 08:02:16 +00:00
Liu.andrew.x@gmail.com e3687f92c2 Add check for executable stack/heap when rating Linux exploitability.
This CL also consequentially adds a public method to get the number of
mappings in a Linux minidump.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1291603002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1488 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-15 00:37:14 +00:00
Liu.andrew.x@gmail.com ab5ffb8b6c Add check to see if stack pointer is off the stack according to the memory
mappings when rating Linux exploitability.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1286033002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1487 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-15 00:27:27 +00:00
Liu.andrew.x@gmail.com 8794e39888 Fix format specifier in proc maps to support 32-bit architectures.
R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1288323003

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1486 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-13 20:13:55 +00:00
ted.mielczarek@gmail.com cde8616abf Actually remove removed files
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1485 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-13 19:49:44 +00:00
ted.mielczarek@gmail.com 591ba326b3 Remove some old unused code, add a missing include
R=lei at https://codereview.chromium.org/1211963002



git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1484 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-13 16:38:19 +00:00
Liu.andrew.x@gmail.com ffa293221f Fix format specifier in proc maps to support 32-bit architectures.
R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1280853003

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1483 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-12 00:53:39 +00:00
Liu.andrew.x@gmail.com c4e643dfb4 Allow Print() to be called by const instances of MinidumpLinuxMaps and
MinidumpLinuxMapsList.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1287803002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1482 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-12 00:21:44 +00:00
Liu.andrew.x@gmail.com 6a1a906773 Change Print method of MinidumpLinuxMaps and MinidumpLinuxMapsList to print
contents of /proc/<pid>/maps instead of just the files mapped to memory.

Review URL: https://codereview.chromium.org/1273123002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1481 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-11 16:05:48 +00:00
ivanpe@chromium.org 47527e48e5 Workaround for range map overlaps caused by Android package relocation.
If there is a range overlap, the cause may be the client correction applied for Android packed relocations.  If this is the case, back out the client correction and retry.

Patch from Simon Baldwin <simonb@chromium.org>.

https://code.google.com/p/chromium/issues/detail?id=509110

R=simonb@chromium.org

Review URL: https://codereview.chromium.org/1275173005

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1480 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-10 17:03:29 +00:00
cjhopman@chromium.org 64c0d9c66d Fix breakpad for arm on arm64
On arm64 devices, GETFPREGS fails with errno==EIO. Ignore those failures
on Android arm builds.

BUG=508324
R=thestig@chromium.org

Review URL: https://codereview.chromium.org/1268023003 .

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1479 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-05 22:48:48 +00:00
Liu.andrew.x@gmail.com 0dbae0cf3f Fix potential null pointer dereference.
If a MinidumpLinuxMapsList was created and destroyed without its Read method,
the program would have a segmentation fault because the destructor did not
check for a null maps_ field. Additional changes include additional
supplementary null checks, a potential memory leak fix, and some comment
removal.

Review URL: https://codereview.chromium.org/1271543002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1478 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-31 15:26:39 +00:00
Liu.andrew.x@gmail.com 4634d88f2e Remove unnecessary dependencies.
Review URL: https://codereview.chromium.org/1266493002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1477 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-29 00:09:22 +00:00
Liu.andrew.x@gmail.com 2997f45907 Add support for Linux memory mapping stream and remove ELF header usage
when checking exploitability rating.

Linux minidumps do not support MD_MEMORY_INFO_LIST_STREAM, meaning the
processor cannot retrieve its memory mappings. However, it has its own
stream, MD_LINUX_MAPS, which contains memory mappings specific to Linux
(it contains the contents of /proc/self/maps). This CL allows the minidump
to gather information from the memory mappings for Linux minidumps.

In addition, exploitability rating for Linux dumps now use memory mappings
instead of checking the ELF headers of binaries. The basis for the change
is that checking the ELF headers requires the minidumps to store the memory
from the ELF headers, while the memory mapping data is already present,
meaning the size of a minidump will be unchanged.

As a result, of removing ELF header analysis, two unit tests have been removed.
Arguably, the cases that those unit tests check do not merit a high
exploitability rating and do not warrant a solid conclusion that was given
earlier.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1251593007

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1476 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-28 00:53:44 +00:00
Liu.andrew.x@gmail.com 4959c18e98 Fix incorrect comment.
The exploitability rating for a dump is EXPLOITABILITY_NOT_ANALYZED if the
exploitability engine in not enabled, not EXPLOITABILITY_NONE.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1254333002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1475 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-27 18:04:54 +00:00
vapier@chromium.org 0b7c158932 add aarch64 support to minidump-2-core
The thread info expects the struct names as they expect in asm/ptrace.h,
but the header doesn't include that, it includes sys/user.h.  Rename the
reg structs to match that header.

Rename the elf_siginfo to _elf_siginfo to avoid conflicting with the one
in the sys/procfs.h.  It is only used locally in one place, so we don't
need to update any callers.

Otherwise, drop in aarch64 support into the minidump-2-core file.

BUG=chromium:334368


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1474 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-20 10:21:27 +00:00
vapier@chromium.org 85e4cf8029 tests: InstructionPointerMemoryNullPointer: make it work under llvm
When LLVM sees an attempt to dereference a NULL pointer, it will generate
invalid opcodes (undefined behavior) which leads to SIGILL which breaks
this unittest.  Upstream's recommendation in this case is to add volatile
markings to get the actual dereference to happen.

This is documented in the blog post under "Dereferencing a NULL Pointer":
http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1473 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-20 06:19:49 +00:00
Liu.andrew.x@gmail.com a840e1b710 Add ELF header analysis when checking for instruction pointer in code.
If the minidump module containing the instruction pointer has memory
containing the ELF header and program header table, when checking the
exploitability rating, the processor will use the ELF header data to determine
if the instruction pointer lies in an executable region of the module, rather
than just checking if it lies in a module.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1233973002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1472 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-16 20:42:29 +00:00
wfh@chromium.org 0c426387b8 Fix -Wreorder warnings in the Windows code.
This makes the order of fields in constructor initializer lists match
the order in which the fields are declared in (which is the order
they're initialized in). No intended behavior change.

This change was originally reviewed at
https://codereview.chromium.org/1230923005/

BUG=chromium:505304
TBR=thakis@chromium.org

Review URL: https://codereview.chromium.org/1234653002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1471 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-10 20:24:33 +00:00
changluo@google.com 28c9c9b82c Default nil or empty version string to CFBundleVersion
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1470 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-10 01:29:50 +00:00
Liu.andrew.x@gmail.com fed2e33bd1 Set exception whitelist check as earlier check instead of last check.
When I first added the exception whitelist, I meant to put the check before
checking the location of the instruction pointer. (I didn't notice that it
was after the other check until now.) The whitelist check is to quickly rule
out minidumps, and if checking the instruction pointer provided any useful
information, it would be pretty indicative that the exception causing the
dump is interesting.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1211253009

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1469 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-07-07 21:30:06 +00:00
Liu.andrew.x@gmail.com e2eb4505d0 Use general instruction/stack pointer convenience method instead of manually
finding the instruction/stack pointer for exploitability rating.

There was already a method that found the instruction pointer, so the files
for exploitability ratings had repeated code. Also a method for finding the
stack pointer is implemented in this CL.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1210943005

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1468 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-30 23:22:09 +00:00
Liu.andrew.x@gmail.com 12213a5e15 Checking for benign exceptions that trigger a minidump.
If the exception reponsible for the crash is benign, such as a floating point
exception, we can rule out the possibility that the code is exploitable. This
CL checks for such exceptions and marks the dump as not exploitable if such an
exception is found.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1212383004

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1467 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-30 20:34:39 +00:00
Liu.andrew.x@gmail.com 440c1f79ef This CL adds support for ARM and ARM64 architectures when calculating
exploitability ratings.

The stackwalker will now grab the instruction pointers for ARM and ARM64
architectures, so checking exploitability on ARM and ARM64 will no longer
return EXPLOITABILITY_ERR_PROCESSING.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1216063004

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1466 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-30 18:17:23 +00:00
rmcilroy@chromium.org cd744acecc Adjust breakpad module size to match adjusted start_addr.
When changing a module's start_addr to account for Android packed
relocations, also adjust its size field so that the apparent module
end addr calculated by the breakpad processor does not alter.

Ensures that the mapping entry from a packed library is consistent
with that which an unpacked one would produce.

BUG=499747
R=primiano@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1211863002.

Patch from Simon Baldwin <simonb@chromium.org>.

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1465 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-30 13:30:22 +00:00
Liu.andrew.x@gmail.com cca153368a Checking location of the instruction pointer to see if it is
in valid code for Linux exploitability rating.

This CL adds to the Linux exploitability checker by verifying that the
instruction pointer is in valid code. Verification is done by obtaining a
memory mapping of the crash and checking if the instruction pointer lies in
an executable region. If there is no memory mapping, the instruction pointer
is checked to determine if it lies within a known module.

R=ivanpe@chromium.org

Review URL: https://codereview.chromium.org/1210493003

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1464 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-25 23:05:16 +00:00
rsesek@chromium.org ed3bf1c825 Update the upload.py code review server.
This is follow-up to r1455.

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1463 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-24 16:27:36 +00:00
ivanpe@chromium.org 3c3c6680d3 Reconfigured options for sym_upload to not treat h and ? flags as invalid options.
I'm submitting this on behalf of Andrew Liu.

R=mmandlis@chromium.org

Review URL: https://codereview.chromium.org/1196733004

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1462 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-22 21:21:40 +00:00
primiano@chromium.org 11004944ad Fix signal propagation logic for Linux/Android exception handler.
The current code is relying on info->si_pid to figure out whether
the exception handler was triggered by a signal coming from the kernel
(that will re-trigger until the cause that triggered the signal has
been cleared) or from user-space e.g., kill -SIGNAL pid, which will NOT
automatically re-trigger in the next signal handler in the chain.
While the intentions are good (manually re-triggering user-space
signals), the current implementation mistakenly looks at the si_pid
field in siginfo_t, assuming that it is coming from the kernel if
si_pid == 0.
This is wrong. siginfo_t, in fact, is a union and si_pid is meaningful
only for userspace signals. For signals originated by the kernel,
instead, si_pid overlaps with si_addr (the faulting address).
As a matter of facts, the current implementation is mistakenly
re-triggering the signal using tgkill for most of the kernel-space
signals (unless the fault address is exactly 0x0).
This is not completelly correct for the case of SIGSEGV/SIGBUS. The
next handler in the chain will stil see the signal, but the |siginfo|
and the |context| arguments of the handler will be meaningless
(retriggering a signal with tgkill doesn't preserve them).
Therefore, if the next handler in the chain expects those arguments
to be set, it will fail.
Concretelly, this is causing problems to WebView. In some rare
circumstances, the next handler in the chain is a user-space runtime
which does SIGSEGV handling to implement speculative null pointer
managed exceptions (see as an example
http://www.mono-project.com/docs/advanced/runtime/docs/exception-handling/)

The fix herein proposed consists in using the si_code (see SI_FROMUSER
macros) to determine whether a signal is coming form the kernel
(and therefore just re-establish the next signal handler) or from
userspace (and use the tgkill logic).

Repro case:
This issue is visible in Chrome for Android with this simple repro case:
- Add a non-null pointer dereference in the codebase:
  *((volatile int*)0xbeef) = 42
Without this change: the next handler (the libc trap) prints:
  F/libc  (  595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x487
  where 0x487 is actually the PID of the process (which is wrong).
With this change: the next handler prints:
  F/libc  (  595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbeef
  which is the correct answer.

BUG=chromium:481937
R=mark@chromium.org

Review URL: https://breakpad.appspot.com/6844002.

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1461 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-22 11:50:00 +00:00
ivanpe@chromium.org 893e93a41f Use local variable for out parameter rather than direct use of ivar
- Resolves spurious static analyzer warning about response_ being potentially leaked due to the retain in Xcode 6.3 and later.

I'm submitting this on behalf of Brian Moore.

R=qsr@chromium.org

Review URL: https://codereview.chromium.org/1171693007

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1460 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-20 00:32:37 +00:00
rmcilroy@chromium.org 8785c0cb8f Update breakpad for Android packed relocations.
Shared libraries containing Android packed relocations have a load
bias that differs from the start address in /proc/$$/maps. Current
breakpad assumes that the load bias and mapping start address are
the same.

Fixed by changing the client to detect the presence of Android packed
relocations in the address space of a loaded library, and adjusting the
stored mapping start address of any that are packed so that it contains
the linker's load bias.

For this to work properly, it is important that the non-packed library
is symbolized for breakpad. Either packed or non-packed libraries may
be run on the device; the client detects which has been loaded by the
linker.

BUG=499747
R=primiano@chromium.org, rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1189823002.

Patch from Simon Baldwin <simonb@chromium.org>.

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1459 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-06-19 16:30:42 +00:00
vapier@chromium.org 66295d1352 update more ignore files
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1458 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-05-28 06:16:15 +00:00
primiano@chromium.org 90cbb27528 [microdump] Add build fingerprint and product info metadata.
This is to add build fingerprint and product name/version to
microdumps. Conversely to what happens in the case of minidumps
with MIME fields, due to the nature of minidumps, extra metadata
cannot be reliably injected after the dump is completed.
This CL adds the plumbing to inject two optional fields plus the
corresponding tests.

BUG=chromium:410294
R=thestig@chromium.org

Review URL: https://codereview.chromium.org/1125153008

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1456 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-05-15 08:43:01 +00:00
mark@chromium.org f1ca06a079 Switch code review server to codereview.chromium.org.
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1455 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-05-06 17:52:38 +00:00
primiano@chromium.org 69b745aa74 Fix signal propagation logic for Linux/Android exception handler.
The current code is relying on info->si_pid to figure out whether
the exception handler was triggered by a signal coming from the kernel
(that will re-trigger until the cause that triggered the signal has
been cleared) or from user-space e.g., kill -SIGNAL pid, which will NOT
automatically re-trigger in the next signal handler in the chain.
While the intentions are good (manually re-triggering user-space
signals), the current implementation mistakenly looks at the si_pid
field in siginfo_t, assuming that it is coming from the kernel if
si_pid == 0.
This is wrong. siginfo_t, in fact, is a union and si_pid is meaningful
only for userspace signals. For signals originated by the kernel,
instead, si_pid overlaps with si_addr (the faulting address).
As a matter of facts, the current implementation is mistakenly
re-triggering the signal using tgkill for most of the kernel-space
signals (unless the fault address is exactly 0x0).
This is not completelly correct for the case of SIGSEGV/SIGBUS. The
next handler in the chain will stil see the signal, but the |siginfo|
and the |context| arguments of the handler will be meaningless
(retriggering a signal with tgkill doesn't preserve them).
Therefore, if the next handler in the chain expects those arguments
to be set, it will fail.
Concretelly, this is causing problems to WebView. In some rare
circumstances, the next handler in the chain is a user-space runtime
which does SIGSEGV handling to implement speculative null pointer
managed exceptions (see as an example
http://www.mono-project.com/docs/advanced/runtime/docs/exception-handling/)

The fix herein proposed consists in using the si_code (see SI_FROMUSER
macros) to determine whether a signal is coming form the kernel
(and therefore just re-establish the next signal handler) or from
userspace (and use the tgkill logic).

Repro case:
This issue is visible in Chrome for Android with this simple repro case:
- Add a non-null pointer dereference in the codebase:
  *((volatile int*)0xbeef) = 42
Without this change: the next handler (the libc trap) prints:
  F/libc  (  595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x487
  where 0x487 is actually the PID of the process (which is wrong).
With this change: the next handler prints:
  F/libc  (  595): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xbeef
  which is the correct answer.

BUG=chromium:481937
R=mark@chromium.org

Review URL: https://breakpad.appspot.com/6844002

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1454 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-30 09:12:54 +00:00
erikchen@chromium.org aa75fa5d4e Support object files larger than 2**32.
Reviewed at https://breakpad.appspot.com/7834002/#ps340001


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1453 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-22 20:14:24 +00:00
rmcilroy@chromium.org 0f27af628f [MIPS]: Use mcontext_t structure for MIPS
This change removes user_regs_struct and
user_fpregs_struct structures for mips
and uses mcontext_t instead.

R=fdegans@chromium.org, mark@chromium.org, rmcilroy@chromium.org

Review URL: https://breakpad.appspot.com/3744002

Patch from Gordana Cmiljanovic <Gordana.Cmiljanovic@imgtec.com>.

git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1452 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-21 21:34:14 +00:00
vapier@chromium.org 9c6af3e29c update svn:ignores
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1451 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-18 03:27:45 +00:00
vapier@chromium.org 50b2a7e647 synx with latest upstream gnuconfig
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1450 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-18 03:25:50 +00:00
cjhopman@chromium.org 751453c357 Fix call to rt_sigaction
Despite the fact that many places imply that sigaction and rt_sigaction
are essentially the same, rt_sigaction's signature is actually
different-- it takes the size of the kernel's sigset_t as an extra argument.

BUG=473973


git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1447 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-04-15 22:57:24 +00:00