A computation in the stack unwind algorithm could cause an overflow if a base
pointer read from crashed process is sufficiently close to top of address space.
This causes a memory read that causes the dump thread to crash, resulting in a
failure to generate crash dump. Check fixed to properly detect that this pointer
is greater than actual memory range of current stack.
Patch by Kyle Joswiak <kjoswiak@chromium.org>
Review URL: https://breakpad.appspot.com/3754003/
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1425 4c0a9323-5329-0410-9bdc-e9ce6186880e
When LinuxCoreDumper fails to copy process data from a core file, it
fills the return buffer with a repeated sequence of a special marker.
However, MinidumpWriter doesn't know about that and may incorrectly
interpret the data. In many cases, MinidumpWriter simply copies the
gibberish data to the minidump, which isn't too bad. However, the
gibberish data may cause MinidumpWriter to behave badly in some other
cases. For example, when MinidumpWriter tries to iterate through the
linked list of all loaded DSOs via the r_map field of a r_debug struct,
if the linked list is filed with the special marker, the code keeps
iterating through the same address.
This CL addresses the issue by having LinuxCoreDumper::CopyFromProcess()
returns a Boolean value to indicate if the expected data is found from
the core file. MinidumpWriter can then decide how to handle that.
BUG=chromium:453484
TEST=Run core2md with the test data attached to chromium:453484.
R=mark@chromium.org
Review URL: https://breakpad.appspot.com/4724002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1420 4c0a9323-5329-0410-9bdc-e9ce6186880e
problems.
- The ordering of keys in stl containers cannot change. Make the relevant
members const to guarantee this assumption.
- Add handling and logging for demangle errors.
- Fix a potential double-delete bug if a function passed to AddFunction() is
already present.
BUG=chromium:449214
R=mark@chromium.org
Review URL: https://breakpad.appspot.com/10704002/
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1415 4c0a9323-5329-0410-9bdc-e9ce6186880e
gcc has a single exception setting for all languages. Saying -fno-exceptions
in gcc disables exceptions and cleanups for cc files, but has no effect for mm
files.
In clang, -fno-exceptions only disables c++ exceptions, but keeps objective-c
exceptions and cleanups enabled.
http://llvm.org/viewvc/llvm-project?view=revision&revision=220714 changed
__EXCEPTIONS to be defined for clang when cleanups are enabled, independent of
if c++ exceptions are enabled. (This was necessary to have clang work with
glibc which looks at __EXCEPTIONS to decide if cleanups are enabled.)
Breakpad tried to use __EXCEPTIONS to figure out if c++ exceptions are enabled.
In cc files, this works: -fno-exceptions will disable c++ exceptions and
cleanups. But in mm files, -fno-exceptions will disable c++ exceptions and
objective-c exceptions will still be enabled, and so cleanups must run and hence
__EXCEPTIONS is defined.
To make things work with both old and new compilers, do the try/catch hack in
mm files either if __EXCEPTIONS is not defined (for old compilers) or if the
compiler is clang and __has_feature(cxx_exceptions) isn't set (which will work
for new clangs too, and which cleanly maps to if c++ exceptions are enabled).
Patch by Nico Weber <thakis@chromium.org>
Review URL: https://breakpad.appspot.com/1774002/
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1409 4c0a9323-5329-0410-9bdc-e9ce6186880e
Previously, dump_syms did not handle DW_FORM_ref_addr if it appeared
in DWARF 4 debugging info.
Also fix a DW_FORM_ref_addr case so that it doesn't fall through to
the next switch case when assertions are disabled and the DWARF
version isn't recognised.
The following steps will reproduce the problem when using LLVM 3.4:
cat <<END >example1.c
int main() { return 0; }
END
cat <<END >example2.c
void foo(int x) {}
END
clang -emit-llvm -g -c example1.c -o example1.bc
clang -emit-llvm -g -c example2.c -o example2.bc
llvm-link-3.4 example1.bc example2.bc -o combined.bc
clang combined.bc -o executable
./google-breakpad/build/src/tools/linux/dump_syms/dump_syms executable
When using LLVM bitcode linking in this way, LLVM's backend generates
partially-merged DWARF debugging info in which some of the references
to the "int" type go via "DW_FORM_ref_addr". Since PNaCl uses LLVM
bitcode linking, this dump_syms failure occurs with nexes produced by
the PNaCl toolchain.
BUG= https://code.google.com/p/chromium/issues/detail?id=416368
TEST= see above
R=mark@chromium.org, mcgrathr@chromium.org
Review URL: https://breakpad.appspot.com/5744002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1408 4c0a9323-5329-0410-9bdc-e9ce6186880e
- Filter modules by prot flags (only +x) not extensions. It wouldn't
otherwise catch the case of Chrome mapping the library from the
apk (which is mapped r-x but doesn't end in .so).
- Use compile-time detection of target arch, in order to cope with
multilib OSes, where uname() doesn't reflect the run-time arch.
- Add OS information and CPU arch / count.
- Add support for aarch64.
- Add tests and stackwalk expectations for aarch64.
- Fix a potential overflow bug in the processor.
- Rebaseline the tests using smaller symbols.
- Fix microdump_writer_unittest.cc on 32-bit host.
BUG=chromium:410294
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1407 4c0a9323-5329-0410-9bdc-e9ce6186880e
and updating minidump_stackwalk to show process uptime.
I tested this with a minidump from Chrome and I got a result that
is inline with what the Windows debugger is showing for that dump:
minidump_stackwalk output:
--------------------------
Process uptime: 601 seconds
WinDBG output:
--------------
Process Uptime: 0 days 0:10:01.000
I didn't update the machine readable output of minidump_stackwalk
on purpose in order to avoid breaking someone that uses it.
It can be added later to the machine output if needed.
R=mark@chromium.org
Review URL: https://breakpad.appspot.com/7754002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1406 4c0a9323-5329-0410-9bdc-e9ce6186880e
This introduces the microdump_stackwalk binary which takes advantage
of the MicrodumpProcessor to symbolize microdumps.
Its operation is identical to the one of minidump_stackwalk.
This CL, in fact, is also refactoring most of the common bits into
stackwalk_common.
BUG=chromium:410294
R=mmandlis@chromium.org
Review URL: https://breakpad.appspot.com/4704002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1405 4c0a9323-5329-0410-9bdc-e9ce6186880e
Adding an optional parameter --product to symupload.exe. If specified it will be passed to the symbol server as POST parameter 'product'.
As part of this, I'm also fixing:
- Removed the .vcproj file as it can be generated from the .gyp file on demand.
- error C4335: Mac file format detected. Fixed the line endings for omap.cc and dia_util.cc.
- warning C4003: not enough actual parameters for macro 'max'
Symupload.exe was compiled using MSVS 2013 and DIA SDK 12.0.
Review URL: https://breakpad.appspot.com/9734002/
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1402 4c0a9323-5329-0410-9bdc-e9ce6186880e
Microdumps are a very lightweight variant of minidumps. They are meant
to dump a minimal crash report on the system log (logcat on Android),
containing only the state of the crashing thread.
This is to deal with cases where the user has opted out from crash
uploading but we still want to generate meaningful information on the
device to pull a stacktrace for development purposes.
Conversely to conventional stack traces (e.g. the one generated by
Android's debuggerd or Chromium's base::stacktrace) microdumps do NOT
require unwind tables to be present in the target binary. This allows
to save precious binary size (~1.5 MB for Chrome on Arm, ~10 MB on
arm64).
More information and design doc on crbug.com/410294
BUG=chromium:410294
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1398 4c0a9323-5329-0410-9bdc-e9ce6186880e
This change introduces the necessary glue typedefs to deal with the
mismatch introduced by the latest Android NDK (w.r.t. desktop Linux):
- [x86_64] Rename fpregs mxcr_mask -> .mxcsr_mask
- [mips] uc_mcontext.fpregs.fp_r.fp_dregs -> uc_mcontext.fpreg
- [mips] restore the forked user.h
Submitting this on behalf of fdegans@chromium.orgTBR=mark@chromium.org
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1397 4c0a9323-5329-0410-9bdc-e9ce6186880e
Prior to NDK r10c, Breakpad was privately backporting these system
headers. This change is now unforking and removing those headers and
using the ones from the NDK.
Rationale:
- They are finally available in the NDK, so there is no need to keep
maintaining a fork (which was necessary up until recently to support
arm64).
- These forked headers, as they are today, are not compatible with the
latest NDK (i.e. this change is required to roll NDK r10c).
The forked ucontext.h, being removed by this CL, depends on some
transitional features which are not compatible with the NDK release
being targeted here.
After this change, the NDK r10c is now required to build Breakpad on
Android. Note that NDK releases are backwards compatible and contain all
the previous API levels, so this change is NOT effectively enforcing to
build against any particular Android SDK.
Submitting this on behalf of fdegans@chromium.org
BUG=chromium:358831
R=mark@chromium.org, primiano@chromium.org, rmcilroy@chromium.org
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1396 4c0a9323-5329-0410-9bdc-e9ce6186880e
This is a refactoring of the logic which determines the
module name and path for a given MappingInfo in minidump_writer.cc.
Such logic, which will be soon shared also with the upcoming
microdump_writer.cc, is simply being moved to linux_dumper.cc,
extracting a GetMappingEffectiveNameAndPath method.
No behavioral change is intended.
BUG=chromium:410294
R=thestig@chromium.org
Review URL: https://breakpad.appspot.com/7734002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1392 4c0a9323-5329-0410-9bdc-e9ce6186880e
Server is used is done by subtracting the crashing process creation time from
the current time when the crash is generated:
uptime = now - process_creation_time
There was a bug and instead of the process creation time the code was using the
time when the process was registered with the Crash Generation Server.
R=mark@chromium.org
Review URL: https://breakpad.appspot.com/1744002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1391 4c0a9323-5329-0410-9bdc-e9ce6186880e
This change is a pure refactoring of the common bits of minidump_writer.cc
that will be shared soon with the upcoming microdump_writer.cc.
In particular, this CL is extracting the following classes:
- ThreadInfo: handles the state of the threads in the crashing process.
- RawContextCPU: typedef for arch-specific CPU context structure.
- UContextReader: Fills out a dump RawContextCPU structure from the
ucontext struct provided by the kernel (arch-dependent).
- SeccompUnwinder: cleans out the stack frames of the Seccomp sandbox
on the supported architectures.
- MappingInfo: handles information about mappings
BUG=chromium:410294
R=mmandlis@chromium.org
Review URL: https://breakpad.appspot.com/4684002
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1388 4c0a9323-5329-0410-9bdc-e9ce6186880e
When parsing /proc/pid/maps, current code merges adjacent entries that
refer to the same library and where the start of the second is equal to
the end of the first, for example:
40022000-40025000 r-xp 00000000 b3:11 827 /system/lib/liblog.so
40025000-40026000 r--p 00002000 b3:11 827 /system/lib/liblog.so
40026000-40027000 rw-p 00003000 b3:11 827 /system/lib/liblog.so
When the system linker loads a library it first reserves all the address
space required, from the smallest start to the largest end address, using
an anonymous mapping, and then maps loaded segments inside that reservation.
If the loaded segments do not fully occupy the reservation this leaves
gaps, and these gaps prevent merges that should occur from occurring:
40417000-4044a000 r-xp 00000000 b3:11 820 /system/lib/libjpeg.so
> 4044a000-4044b000 ---p 00000000 00:00 0
4044b000-4044c000 r--p 00033000 b3:11 820 /system/lib/libjpeg.so
4044c000-4044d000 rw-p 00034000 b3:11 820 /system/lib/libjpeg.so
Where the segments that follow this gap do not contain executable code
the failure to merge does not affect breakpad operation. However, where
they do then the merge needs to occur. Packing relocations in a large
library splits the executable segment into two, resulting in:
73b0c000-73b21000 r-xp 00000000 b3:19 786460 /data/.../libchrome.2160.0.so
> 73b21000-73d12000 ---p 00000000 00:00 0
73d12000-75a90000 r-xp 00014000 b3:19 786460 /data/.../libchrome.2160.0.so
75a90000-75c0d000 rw-p 01d91000 b3:19 786460 /data/.../libchrome.2160.0.so
Here the mapping at 73d12000-75a90000 must be merged into 73b0c000-73b21000
so that breakpad correctly calculates the base address for text.
This change enables the full merge by also merging anonymous maps which
result from unused reservation, identified as '---p' with offset 0, and
which follow on from an executable mapping, into that executable mapping.
BUG=chromium:394703
R=rmcilroy@chromium.org, thestig@chromium.org
Review URL: https://breakpad.appspot.com/7714003
Patch from Simon Baldwin <simonb@chromium.org>.
git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1380 4c0a9323-5329-0410-9bdc-e9ce6186880e
