Inline frames are always of the base-class type (StackFrame). Treating them as derived-class and accessing members is causing buffer overflows.
Change-Id: Ib41b74256e6162e7d2b14ca3905dfaf5591b9c86
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4847317
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Functions such as FindElfSection and FindElfSegments that inspect
the ELF header expect a pointer to the first byte of the file.
IsValidElf() checks for the ELF magic number at offset 0.
Thus, we must map ELF object files from offset 0.
Change-Id: Icebfb46229a04019f57a7ec07844257b98ceb278
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4674337
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The _tmp buffer used in STRNCATF is too small for several callers,
which might lead to truncated output in some situations.
For example, GCC 11 warns:
src/third_party/libdisasm/x86_format.c:899:40: warning: ‘%s’ directive output may be truncated writing up to 63 bytes into a region of size 32 [-Wformat-truncation=]
899 | STRNCATF( buf, "%s:", str, len );
| ^~~~~ ~~~
src/third_party/libdisasm/x86_format.c:34:38: note: in definition of macro ‘STRNCATF’
34 | snprintf( _tmp, sizeof _tmp, fmt, data ); \
| ^~~
src/third_party/libdisasm/x86_format.c:899:41: note: format string is defined here
899 | STRNCATF( buf, "%s:", str, len );
| ^~
In file included from /usr/include/stdio.h:894,
from src/third_party/libdisasm/x86_format.c:1:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:71:10: note: ‘__builtin___snprintf_chk’ output between 2 and 65 bytes into a destination of size 32
71 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72 | __glibc_objsize (__s), __fmt,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73 | __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~
Change-Id: Ia876e288bf9629f2c72db3faf2287c7940924ea0
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4668735
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The debug info in the dwp file needs to refer to the .debug_line and
.debug_line_str sections in the main binary.
This fixes dump_syms not generating LINE records for dwp in split dwarf.
Bug: chromium:1448979
Change-Id: I71923f12cea72caae081c1406e2cbca55e95859e
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4576346
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
The hex formatting in MinidumpCrashpadInfo::Print() was missing
the leading 0, so byte values < 128 were not possible to decode.
Change-Id: Ib355bcdaf86e91d644045df645fb4fa75332aa4b
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4571100
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
- RISCV32 will only include support for 32 bit floating point registers
- RISCV64 will only include support for 64 bit floating point registers
- RISCV 32/64 context will include a "version" field to account for
future extensions
Fixed: 1447862
Tested: `make check` on x86 host
Tested: `minidump_stackwalk` for RISCV64 minidump on x86 host
Change-Id: I605d5b2c35e627a5dc986aaf818a9c9898f6ae0b
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4553281
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
It fixes following two problems:
1. When we have skeleton compilation unit (DW_TAG_skeleton_unit) in a
binary file refers to the complete unit in a split dwarf file
(.dwo/.dwp file), we should use the split dwarf file's path in warning
reporting. Right now, it uses the original file (binary file) path in
warning report, which is incorrect.
For example, if we have chrome.debug which is the binary with skeleton
debug info and chrome.dwp which is the complete debug info and the debug
info in chrome.dwp has some incorrect reference, it will warn on
chrome.debug rather than chrome.dwp
2. When split dwarf is enabled, the global inline_origin_map will likely
encounter key collision because the offsets as keys are now relative to
each CU's offset which is relative to .debug_info section. Also
offsets from different files might collide.
This change makes a inline_origin_map for each debug file and use
offsets only relative to .debug_info section as keys.
Bug: b/280290608
Change-Id: If70e2e1bfcbeeeef2d425c918796d351a0e9ab3b
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4544694
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
macOS caps filenames at 255 characters. When upload_system_symbols runs
`dump_syms`, the resulting filename is based on a mangled version of
the file's full path. In some circumstances (for example, the dumped
file itself lives in a temp directory), this name can exceed the max.
This change replaces the current mangling by mapping each path component but the last to its first initial, greatly shortening
the resulting filename.
Bug: 1400770
Change-Id: I68203a98eda2912893c5d8f7c676faee17e39e91
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4519231
Reviewed-by: Robert Sesek <rsesek@chromium.org>
- Replace DISALLOW_COPY_AND_ASSIGN with =delete.
- Replace some NULLs with nullptrs;
- Use the override keyword when appropriate.
- Use =default when appropriate.
Change-Id: I99e1d7f349dd4c32aa5d05e2ebdce7a86e47f551
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4527718
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This adds a new flag `enable_objdump_for_exploitability_` to the
MinidumpProcessor, which allows enabling objdump separately for crash
address fixups and for exploitability analysis, as the performance cost
of the exploitability analysis is significantly higher.
Change-Id: I667ffdce7cc0a970793f91413c3d2e3af93f4247
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4507067
Reviewed-by: Ivan Penkov <ivanpe@google.com>
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
Change 4505156 changed the RISCV register names, this change adjusts
the unittest to match the new names.
Bug: 1432426
Change-Id: I0887d8fc11eec63ab6953ea1a136873591e49286
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4507066
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
dump_syms was using x0...x31 notation, while the rest of Breakpad was
using the ABI names. This mismatch was causing stackwalking to not fully
succeed.
Fixed: 1432426
Change-Id: I0713e76e65ff6dad492b51bc3607e94e25dc2c3a
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4505156
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
MDRawCrashpadAnnotationList::objects is a flexible array of
MDRawCrashpadAnnotation and not MDLocationDescriptor. Breakpad does not
currently use the MDRawCrashpadAnnotationList type, but its definition
should be updated to reflect the correct type to avoid confusion.
Change-Id: I58b5b0e4f7f95bc003b103e2750e3759c3e31292
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4503630
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
MDRawModuleCrashpadInfoList::modules is a flexible array of
MDRawModuleCrashpadInfoLink and not MDLocationDescriptor. Breakpad does
not currently use the MDRawModuleCrashpadInfoList type, but its
definition should be updated to reflect the correct type to avoid
confusion.
Change-Id: If97f490db8d41529b59a225a275a37116746c2b7
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4504150
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Use the exception record's context for the crashed thread instead of
the thread's own context. For the crashed thread the thread's own
context is the state inside the exception handler. Using it would not
result in the expected stack trace from the time of the crash.
This change aligns the behavior of minidump-2-core with the behavior of
minidump_stackwalk.
Bug: google-breakpad:885
Change-Id: I5cd3e9d39807308491b64fcd335f5f85b1dcd084
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4473128
Reviewed-by: Joshua Peraza <jperaza@google.com>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Use MD_CONTEXT_AMD64_DEBUG_REGISTERS instead of
MD_CONTEXT_AMD64_DEBUG_REGISTERS in the definition of
MD_CONTEXT_AMD64_ALL. This previously happened to work because the two
flags happened to have the same values and every includer of
minidump_cpu_amd64.h also happened to previously include
minidump_cpu_x86.h.
Change-Id: If8b422d3623936f4a0b57a4cf6dac4f348daa024
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4480251
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
The NXArch* family is deprecated in macOS 13. This change:
- Uses the replacements where available
- Silences deprecation warnings otherwise
- Removes the Linux cross-compile shims in favor of having completely
separate implementations for Mac and non-Mac. The logic of the Linux
versions uses the same prepopulated data as before, but they no longer
use NXArchInfo.
clang diagnostic disables are necessary due to https://crbug.com/1406057
Bug: chromium:1420654, google-breakpad:880, b/257505171
Change-Id: Iad777915a5a058551cfb3a7d3cf681cce180dfea
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4437109
Reviewed-by: Mark Mentovai <mark@chromium.org>
These are reimported from Apple's Github source drops, see exact
provenance in README. Most were imported as is, some were edited
to match previous versions, and as noted below
- Added arm headers where needed
- Removed (now) unused `/mach/i386/vm_param.h`
- Removed availability annotations
- Removed `__kernel_ptr_semantics`
- Added `defined(__aarch64__)` to all arm64 define guards
Bug: chromium:1420654, google-breakpad:880, b/257505171
Change-Id: I17bd03fa871a8f1dc4285daafa3d7b26c2186e2b
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4482294
Reviewed-by: Mark Mentovai <mark@chromium.org>
This is a speculative fix for a memory bug where our symbol files are
looking like they've grown enough that serializing them will outgrow
UINT_MAX. Before this change a size_t is implicitly cast to a size_t in
unsigned int, allocate a buffer of that size and then continue to write
module data out of bounds.
I have not been able to reproduce the OOB write locally as the original
uploaded symbol data is gone, but I have been able to reproduce builds
where, if we enable inline frames and CFI dumping, the size grows to
3.6GB when serializing it, which is close enough to 4.2GB that the
wrapping theory seems reasonable on another board or build.
No effort is made here to prevent wrapping behavior on 32-bit systems.
Bug: b/237242489, chromium:1410232
Change-Id: I3d7ec03c51c298f10df3d5b1e5306433875c7919
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4477821
Reviewed-by: Leonard Grey <lgrey@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Previously, the logic to mark a symbol as "multiple" would always fire
for C++ symbols for Apple `.dSYM`s built with `-gmlt`.
This was because for a C++ symbol like `void foo::bar::Baz()`, the
DWARF data would contain the truncated function name `Baz`, but the
STABS would contain the fully-qualified name `void foo::bar::Baz()`.
This CL relaxes the name matching to not mark as multiple:
1) Symbols which were missing names entirely in the DWARF (e.g, "<name omitted">)`
2) Symbols whose fully-qualified name includes the truncated name as a substring
Bug: https://bugs.chromium.org/p/google-breakpad/issues/detail?id=883
Change-Id: I26ded7ca84d964aa4a73da19e4bdd7e686e2c998
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4470047
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
When built with -gmlt, .dSYMs are (by design) missing the
`DW_AT_linkage_name` which Breakpad uses to fill out the
(name-mangled) function names.
Thankfully, the .dSYM contains both the old-school LC_SYMTAB command
containing the STABS-format symbols (which include the fully-qualified
C++ symbol names we want, but no actual compilation unit data), as
well as the LC_SEGMENT_64 containing the __DWARF segment with the
minimal -gmlt debug information (which excludes the name-mangled C++
symbols).
Unfortunately, since the .dSYM's STABS does not define compilation
units, the usual path in `StabsReader` ignores all the fully-qualified
C++ symbol names for the functions:
bd9d94c708/src/common/stabs_reader.cc (100)
Fortunately, when built for macOS platforms (`HAVE_MACH_O_NLIST_H`),
`StabsReader` supports storing all the STABS-format symbols as
`Extern`s, regardless of whether or not they're in a compilation unit:
bd9d94c708/src/common/stabs_reader.cc (119)
Currently, when there's both a `Function` and an `Extern` with the same address, `Module` discards the `Extern`:
bd9d94c708/src/common/module.cc (161)
This CL adds a new `-x` option to the Mac `dump_syms` which prefers
the Extern function name if there's a mismatch.
Bug: https://bugs.chromium.org/p/google-breakpad/issues/detail?id=883
Change-Id: I0d32adc64fbf567600b0a5ca63c71c422b7f0f8c
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4453650
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Printing the register values as part of the stack trace relies on the
CPU architecture being "riscv" or "riscv64" rather than the numeric
identifiers (0x8005 and 0x8006, respectively).
Fixed: 1432306
Test: Run `minidump_stackwalk` on a RISC-V minidump
Change-Id: I0009da687438d51047e2ee39ffa1c50d78798caa
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4416399
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Breakpad skips the xstate area in x64 contexts but allowed this area
to be of unconstrained size. This hits problems if the size is greater
than Chrome's maximum allocation size, so we change to skipping a
maximum size. The maximum is chosen to allow the full set of states
today, plus some slack for the future:
Based on Intel x64 manual 13.5 XSAVE-MANAGED STATE
* => further bytes might be reserved
| Size | Region |
| 576 | Legacy + header |
| 384 | AVX State |
| 80 | MPX State |
| 1600 | AVX-512 State |
| 72*| PT State |
| 8 | pkru state |
| 8 | pasid state |
| 16 | CET state |
| 8 | HDC State |
| 96?| uintr state |
| 808*| lbr state |
| 8 | hwp state |
| 16 | amx state |
== 3680 so jump up a bit for the future to 2**12.
Bug:1425631
Change-Id: Ie08555651977cdbfa1c351c661118f13238213c4
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4379497
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
RISC-V register names are needed in order to load DWARF call frame
information.
Bug: fuchsia:124084
Change-Id: I2791b3a38ea35ddc2bb293f60f75dcc86338e354
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4376827
Reviewed-by: Mike Frysinger <vapier@chromium.org>
`dump_syms` fails to write symbol file without knowing how to convert
the ELF `e_machine` field to a string.
Use "riscv" as the value because ELF `e_machine` does not distinguish
between 32 bit and 64 bit RISC-V.
Test: run `dump_syms` on the libc++ that's shipped with the Clang
toolchain, or any other riscv binary: `./dump_syms -r -n libc++.so -o
Fuchsia <clang_path>/lib/riscv64-unknown-fuchsia/libc++.so.2.0`
Bug: fuchsia:124084
Change-Id: Ic04db96ec3d3d484350bdd0b90c9dfb70d7f7eb2
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4376828
Reviewed-by: Mike Frysinger <vapier@chromium.org>
`NXFindBestFatArch` is deprecated in macOS 13. We use this when an
architecture is passed in via the `-a` flag. Unfortunately, neither
of the potential replacements can help with this use case:
- `macho_for_each_slice` as suggested in a reply to FB11955188 just
enumerates slices, without the logic for inexact matches (for example,
x86_64h -> x86_64 or arm64e -> arm64).
- `macho_best_slice` as recommended by the deprecation notice only
supports finding a suitable slice to run on the local machine.
We could adapt the logic in `NXFindBestFatArch` but it gets quite
complex for some architectures. Instead, this change adapts the
`NXFindBestFatArch` polyfill used in `dump_syms_mac` for Linux, which
returns an exact match if possible, and the first slice that matches
the requested CPU type otherwise. I think this is probably Good
Enough for most cases; if not, we can try porting the x86_64 and ARM
logic and falling back to this for the rest.
Change-Id: I3b269dab7246eced768cecd994e915debd95721a
Bug: chromium:14206541420654
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4335477
Reviewed-by: Mark Mentovai <mark@chromium.org>
Previously, dump_syms always used the basename of the on-disk file as
the Breakpad module name and required that the on-disk filename of the dSYM and binary file match, or it would exit with an error.
Build automation often uses filenames unrelated to the Breakpad module
name, so this CL adds a new optional "-n MODULE" argument to Mac
dump_syms that allows passing in the Breakpad module name from outside.
In this case, the basename of the on-disk file(s) is ignored and
no longer required to match.
Change-Id: Ic38e8cf762c79bce61d289b397293eff6c0039ce
Bug: b/273531493
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4338857
Reviewed-by: Robert Sesek <rsesek@chromium.org>
The added flag will print only one line per frame for the requesting
thread (This is mostly the crashing thread).
Refactor the code for printing the frame so it can be reused.
Bug: 1374075
Change-Id: I8a1c8b1a09740fcaa23c3cc642468622ee64ea73
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4339771
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
It's deprecated in macOS 13/iOS 16, so this is an incremental step towards using newly introduced APIs for those OSes.
Since the description field is no longer available in the new
mach-o/util.h API, stop using it, especially since architecture name is
sufficiently informative.
Bug: chromium:1420654
Change-Id: If2cec4f1fc88d13a71f011822bff61f173486b68
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4322265
Reviewed-by: Mark Mentovai <mark@chromium.org>
Added
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
to the beginning of all source files that didn't have it.
This ensures that configuration options are respected in all source
files. In particular, it ensures that the defines needed to fix Large
File System issues are set before including system headers.
More generally, it ensures consistency between the source files, and
avoids the possibility of ODR violations between source files that were
including config.h and source files that were not.
Process:
Ran
find . \( -name third_party -prune \) -o \( -name '.git*' -prune \) -o \( \( -name '*.cc' -o -name '*.c' \) -exec sed -i '0,/^#include/ s/^#include/#ifdef HAVE_CONFIG_H\n#include <config.h> \/\/ Must come first\n#endif\n\n#include/' {} + \)
and then manually fixed up src/common/linux/guid_creator.cc,
src/tools/solaris/dump_syms/testdata/dump_syms_regtest.cc,
src/tools/windows/dump_syms/testdata/dump_syms_regtest.cc,
src/common/stabs_reader.h, and src/common/linux/breakpad_getcontext.h.
BUG=google-breakpad:877
Fixed: google-breakpad:877
TEST=./configure && make && make check
TEST=Did the find/sed in ChromeOS's copy, ensured emerge-hana google-breakpad
worked and had fewer LFS violations.
TEST=Did the find/sed in Chrome's copy, ensured compiling hana, windows, linux, and
eve still worked (since Chrome doesn't used config.h)
Change-Id: I16cededbba0ea0c28e919b13243e35300999e799
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4289676
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Changes a recent introduction of sprintf to snprintf since sprintf is
deprecated in Chromium.
Bug: crashpad:329
Change-Id: Icd346da4c86bd8e867266dfebaf617991dd90113
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4261633
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
Updates minidump_dump to print out any Crashpad annotation objects that
are in a minidump. If an annotation contains a string value, it will be
printed out as such, otherwise it will be printed out as hex bytes.
Bug: crashpad:329
Change-Id: Ieecd6381c623f9011b16357742f7145a118dbc3c
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/4261631
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
