commit | 5c7535af7808b02de0c6670cf16086efe48ebd89 | [log] [tgz] |
---|---|---|
author | Joshua Peraza <jperaza@chromium.org> | Wed Oct 07 12:27:28 2020 -0700 |
committer | Joshua Peraza <jperaza@chromium.org> | Wed Oct 07 19:33:38 2020 +0000 |
tree | 638558e9280c31f3056d31a30b45559a4ab98629 | |
parent | f6669d6df42686aea832762f701359a3f9bdc762 [diff] |
amd64: reject frames with invalid rsp/rip CFI might compute invalid rsp/rip values if the values in the callee frame were corrupted, as in stack overflow. Rejecting the frame computed by CFI allows Breakpad to fall-back to scanning. Bug: b/169611285 Change-Id: Ifeb08ab5639932c0e23722a161d9d15403738019 Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2456037 Reviewed-by: Mark Mentovai <mark@chromium.org>
diff --git a/src/processor/stackwalker_amd64.cc b/src/processor/stackwalker_amd64.cc index f906f20..f346a4e 100644 --- a/src/processor/stackwalker_amd64.cc +++ b/src/processor/stackwalker_amd64.cc
@@ -143,6 +143,11 @@ if ((frame->context_validity & essentials) != essentials) return NULL; + if (!frame->context.rip || !frame->context.rsp) { + BPLOG(ERROR) << "invalid rip/rsp"; + return NULL; + } + frame->trust = StackFrame::FRAME_TRUST_CFI; return frame.release(); }