search

ldmtop68 / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

30 words isn't far enough to scan for RAs #452

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Of course this is just a heuristic scan that occurs when there is not proper 
debug information, but we are currently falling back to this scan for Chromium 
OS libc module.  We need 47 words to find the return address from abort().  
Since many, many run time errors go through abort, we're seeing them all be 
truncated with a stack like:

0x73402424   [linux-gate.so  + 0x00000424]  system call entry
0x7212edce   [libc-2.11.1.so     + 0x0002cdce]  raise()
0x7225ce4b   [libc-2.11.1.so     + 0x0015ae4b]  ????
0x7213065e   [libc-2.11.1.so     + 0x0002e65e]  abort()

Suggest doubling the heuristic from 30 words to 60.

Original issue reported on code.google.com by kmix...@chromium.org on 9 Nov 2011 at 7:44

GoogleCodeExporter commented 9 years ago 
With the patch, this stack trace becomes:

 0  linux-gate.so + 0x424
   eip = 0x73402424   esp = 0x7f8bc870   ebp = 0x00000000   ebx = 0x0000000a
   esi = 0x7f8bccec   edi = 0x7225ce4c   eax = 0x00000000   ecx = 0x0000000a
   edx = 0x00000006   efl = 0x00000206
   Found by: given as instruction pointer in context
 1  libc-2.11.1.so + 0x2cdce
   eip = 0x7212edcf   esp = 0x7f8bc880   ebp = 0x00000000
   Found by: stack scanning
 2  libc-2.11.1.so + 0x15ae4b
   eip = 0x7225ce4c   esp = 0x7f8bc884   ebp = 0x00000000
   Found by: stack scanning
 3  libc-2.11.1.so + 0x2e65e
   eip = 0x7213065f   esp = 0x7f8bc88c   ebp = 0x00000000
   Found by: stack scanning
 4  libc-2.11.1.so + 0x15b41f
   eip = 0x7225d420   esp = 0x7f8bc928   ebp = 0x00000000
   Found by: stack scanning
 5  libc-2.11.1.so + 0x15b41f
   eip = 0x7225d420   esp = 0x7f8bc934   ebp = 0x00000000
   Found by: stack scanning
 6  libc-2.11.1.so + 0xbd973
   eip = 0x721bf974   esp = 0x7f8bc948   ebp = 0x00000000
   Found by: stack scanning
 7  libc-2.11.1.so + 0x68a74
   eip = 0x7216aa75   esp = 0x7f8bc950   ebp = 0x00000000
   Found by: stack scanning
 8  libc-2.11.1.so + 0x15b83b
   eip = 0x7225d83c   esp = 0x7f8bc96c   ebp = 0x00000000
   Found by: stack scanning
 9  libc-2.11.1.so + 0x68953
   eip = 0x7216a954   esp = 0x7f8bc970   ebp = 0x00000000
   Found by: stack scanning
10  libc-2.11.1.so + 0x15ae4b
   eip = 0x7225ce4c   esp = 0x7f8bc984   ebp = 0x00000000
   Found by: stack scanning
11  libc-2.11.1.so + 0x15b83b
   eip = 0x7225d83c   esp = 0x7f8bc990   ebp = 0x00000000
   Found by: stack scanning
12  libc-2.11.1.so + 0x69fcd
   eip = 0x7216bfce   esp = 0x7f8bc994   ebp = 0x00000000
   Found by: stack scanning
13  libc-2.11.1.so + 0x691c1
   eip = 0x7216b1c2   esp = 0x7f8bc9a0   ebp = 0x00000000
   Found by: stack scanning
14  libc-2.11.1.so + 0x2e4f6
   eip = 0x721304f7   esp = 0x7f8bc9a4   ebp = 0x00000000
   Found by: stack scanning
15  libc-2.11.1.so + 0x15ae4b
   eip = 0x7225ce4c   esp = 0x7f8bc9b4   ebp = 0x00000000
   Found by: stack scanning
16  chrome!base::debug::BeingDebugged [debugger_posix.cc : 111 + 0x8]
   eip = 0x7429ee79   esp = 0x7f8bc9bc   ebp = 0x00000000
   Found by: stack scanning
17  chrome!logging::LogMessage::~LogMessage [logging.cc : 652 + 0x4]
   eip = 0x742b92f5   esp = 0x7f8bc9d0   ebp = 0x779b9ff4   ebx = 0x15cab44c
   esi = 0x7f8bccec   edi = 0x7429efb6
   Found by: call frame info
18  chrome!IPC::Channel::ChannelImpl::CreatePipe [ipc_channel_posix.cc : 421 + 
0x4]
   eip = 0x74b2bf15   esp = 0x7f8bca70   ebp = 0x7f8bccf0   ebx = 0x779b9ff4
   esi = 0x7f8bccec   edi = 0x00000000
   Found by: call frame info
19  chrome!IPC::Channel::ChannelImpl::ChannelImpl [ipc_channel_posix.cc : 313 + 
0xf]
   eip = 0x74b2d05d   esp = 0x7f8bd980   ebp = 0x78c6f010   ebx = 0x779b9ff4
   esi = 0x78c2c000   edi = 0x78c6f010
   Found by: call frame info
20  chrome!IPC::Channel::Channel [ipc_channel_posix.cc : 1197 + 0x2b]
   eip = 0x74b2d1cf   esp = 0x7f8bdab0   ebp = 0x00000002   ebx = 0x779b9ff4
   esi = 0x78be4c38   edi = 0x7f8bdcf0
   Found by: call frame info
21  chrome!IPC::ChannelProxy::Context::CreateChannel [ipc_channel_proxy.cc : 78 
+ 0x26]
   eip = 0x74b2dfbd   esp = 0x7f8bdb00   ebp = 0x7f8bdb8c   ebx = 0x779b9ff4
   esi = 0x78c18750   edi = 0x7f8bdcf0
   Found by: call frame info
22  chrome!IPC::ChannelProxy::Init [ipc_channel_proxy.cc : 325 + 0x1c]
   eip = 0x74b2f449   esp = 0x7f8bdb50   ebp = 0x763aba2e   ebx = 0x779b9ff4
   esi = 0x78d4ed40   edi = 0x7f8bdcf0
   Found by: call frame info
23  chrome!IPC::SyncChannel::SyncChannel [ipc_sync_channel.cc : 383 + 0x2c]
   eip = 0x74b356fd   esp = 0x7f8bdbf0   ebp = 0x00000000   ebx = 0x779b9ff4
   esi = 0x78d4ed40   edi = 0x78c28ba0
   Found by: call frame info

Note that there are many phantom frames in the libc module where false positive 
RA addresses are found.  But eventually it gets past these into the main 
application.

Original comment by kmix...@chromium.org on 9 Nov 2011 at 8:58

GoogleCodeExporter commented 9 years ago 
This got bumped to 40:
https://chromium.googlesource.com/breakpad/breakpad/+/84d37160a74e0ce627a6fedf33
95a7480450f4c1

Original comment by ted.mielczarek on 6 Oct 2015 at 12:16