BrotherHongChen / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

Usage of new[] in MicrodumpWriter ctor while in compromised context. #640

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Use following sample code to initiate crash:
      char *a = new char[100];
      a[-1]  =0x64ab821;
      a[100] =0xdeadf00d;
      delete [] a;
   This code will obviously destroy heap.
2. Use Microdump output:
static google_breakpad::MinidumpDescriptor   
descriptor(google_breakpad::MinidumpDescriptor::kMicrodumpOnConsole);

3. Run sample, it will crash (hangs) in breakpad's code inside MicrodumpWriter 
ctor:
  MicrodumpWriter(const ExceptionHandler::CrashContext* context,
                  const MappingList& mappings,
                  LinuxDumper* dumper)
      : ucontext_(context ? &context->context : NULL),
#if !defined(__ARM_EABI__) && !defined(__mips__)
        float_state_(context ? &context->float_state : NULL),
#endif
        dumper_(dumper),
        mapping_list_(mappings),
>>>>>   log_line_(new char[kLineBufferSize]) {
    log_line_.get()[0] = '\0';  // Clear out the log line buffer.
  }

What version of the product are you using? On what operating system?
Android/Linux

Please provide any additional information below.
If Minidump output is used, everything works fine.

Original issue reported on code.google.com by savushk...@gmail.com on 25 Feb 2015 at 1:18

GoogleCodeExporter commented 9 years ago

Original comment by thestig@chromium.org on 25 Feb 2015 at 8:12

GoogleCodeExporter commented 9 years ago
facepalm. Will look soon into this.

Original comment by primi...@chromium.org on 2 Mar 2015 at 9:35

GoogleCodeExporter commented 9 years ago
The good side is that this handler runs in Chrome (which, AFAIK, is the only 
microdump client) after the regular minidump one, so any crash on the microdump 
generation should not jeopardize the regular minidumps.

Original comment by primi...@chromium.org on 2 Mar 2015 at 9:37

GoogleCodeExporter commented 9 years ago
Fix coming in https://breakpad.appspot.com/10714002/

Original comment by primi...@chromium.org on 10 Mar 2015 at 3:39

GoogleCodeExporter commented 9 years ago

Original comment by primi...@chromium.org on 12 Mar 2015 at 12:04