processor: subtract 1 from return pointers while scanning
Each stackwalker subtracts the size of an instruction
from a frame's instruction pointer to determine which
instruction it was executing. This should also be done
for pointers examined while scanning for likely return
addresses to ensure that those pointers don't point
past the end of functions.
Bug: b/118634446
Change-Id: I043e3f1e51a2c0a3d99ed14bf18ea64dc98add44
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2356649
Reviewed-by: Mark Mentovai <mark@chromium.org>
diff --git a/src/google_breakpad/processor/stackwalker.h b/src/google_breakpad/processor/stackwalker.h
index 0c458d5..daa5039 100644
--- a/src/google_breakpad/processor/stackwalker.h
+++ b/src/google_breakpad/processor/stackwalker.h
@@ -176,8 +176,12 @@
if (!memory_->GetMemoryAtAddress(location, &ip))
break;
- if (modules_ && modules_->GetModuleForAddress(ip) &&
- InstructionAddressSeemsValid(ip)) {
+ // The return address points to the instruction after a call. If the
+ // caller was a no return function, this might point past the end of the
+ // function. Subtract one from the instruction pointer so it points into
+ // the call instruction instead.
+ if (modules_ && modules_->GetModuleForAddress(ip - 1) &&
+ InstructionAddressSeemsValid(ip - 1)) {
*ip_found = ip;
*location_found = location;
return true;
