Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update crashpad to 7e0af1d #3

Open
wants to merge 108 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
108 commits
Select commit Hold shift + click to select a range
4773a37
Crashpad: Adding PAC bit stripping to stack sanitization.
Apr 4, 2023
ada8dfa
ios: Always reset IOSIntermediateDumpWriter file descriptor on close.
Apr 10, 2023
0e3758b
pac_helper: test for __has_feature macro
stha09 Apr 12, 2023
3a6bc8c
[tests] Disable clang optimization on the infinite recursion function.
ZequanWu Apr 21, 2023
07827d9
Remove `base/cxx17_backports.h` from the code in third_patry/crashpad
gz83 Apr 25, 2023
a280d65
Update linux-syscall-support (LSS) version
thomasgales May 5, 2023
3307c7c
Fix ASan failures for MinidumpCrashpadInfoWriter
thomasgales May 5, 2023
8525d53
Fix broken doc links
thomasgales May 17, 2023
1103dfc
ios: Add fallbacks to try_free_default and claimed_address in forbidd…
May 20, 2023
402d431
Update mini_chromium
thomasgales May 24, 2023
1fdbd37
ios: More deflaking handler forbidden allocators.
May 30, 2023
788b72f
Remove Mac OS X Server support
eran-rom Jun 2, 2023
25f724d
[fuchsia] Add fp registers to x86 context
thomasgales Jun 6, 2023
656fc62
[snapshot] Suppress function type mismatch UB
PiJoules Jun 7, 2023
4f5dd67
[riscv] Add RISC-V Linux support
thomasgales Jun 8, 2023
2cf938a
[riscv][fuchsia] Add RISC-V Fuchsia support
thomasgales Jun 9, 2023
9464ef5
[fuchsia] Don't build crashpad_database_util
thomasgales Jun 13, 2023
a540e58
[fuchsia] Remove/replace outdated bug references
thomasgales Jun 14, 2023
dcdccf5
[fuchsia][arm64] Don't query for fp registers
thomasgales Jun 15, 2023
7e5b8ab
Disable fastfail end_to_end tests on Windows
quidity Jun 23, 2023
bc1e904
SetErrorMode() in fastfail tests
quidity Jun 23, 2023
a5e1796
Catch heap corruption failures on Windows
quidity Jun 23, 2023
87e1883
[Fuchsia] Replace checking out gn SDK with core
Jun 28, 2023
9e37dc4
Convert Crashpad to use ARC
Jun 30, 2023
00ce1f9
Disable PtraceBroker.SameBitness
Jul 5, 2023
dcba40c
[inspect] Route InspectSink in crashpad
Jul 11, 2023
3df478b
Remove redundant ARC configuration in Crashpad
Jul 26, 2023
8dcf2b2
[fuchsia] Don't build CaptureContext
thomasgales Jul 25, 2023
ca6d64d
[fuchsia][mac] Fix build errors
thomasgales Aug 2, 2023
b1e66e3
Add SetLastChanceExceptionHandler to implement permissive MTE mode
Aug 2, 2023
ce7f0f1
Revert "Add SetLastChanceExceptionHandler to implement permissive MTE…
Aug 3, 2023
617429d
Remove ARC boilerplate in Crashpad
Aug 3, 2023
8132af7
Roll crashpad/third_party/mini_chromium/mini_chromium/ e009af846..d1b…
pkasting Aug 4, 2023
419f995
Ban [w]ctype.h: crashpad
pkasting Aug 3, 2023
343aa69
Revert "[fuchsia][mac] Fix build errors"
thomasgales Aug 4, 2023
77c1ad2
Add support for linux-arm64
markmentovai Aug 8, 2023
3f3b7a8
Roll crashpad/third_party/mini_chromium/mini_chromium/ 2035d204b..a72…
thomasgales Aug 8, 2023
43d04a8
Update comment for new file location
Aug 16, 2023
6a9e2e6
Adjust to movement of base/ files to base/apple
Aug 16, 2023
13e3acc
Roll mini_chromium, adjust to more files in base/apple
Aug 17, 2023
50ce155
[fuchsia] Move //zircon/public/lib/zx to //zircon/system/ulib/zx
digit-android Aug 7, 2023
a736f7d
Roll mini_chromium putting /base/apple files into base::apple::
Aug 21, 2023
52c427a
tests: stop using legacy gtest APIs
vapier Aug 22, 2023
ea0496c
Roll crashpad/third_party/mini_chromium/mini_chromium/ 0c540fd54..10f…
thomasgales Aug 29, 2023
a7cfe95
Reland "Add SetLastChanceExceptionHandler to implement permissive MTE…
Aug 31, 2023
d25c332
[ssci] Added Shipped field to READMEs
anneredulla Aug 29, 2023
8da335f
mac: Fix build with deployment target ≥ 11
markmentovai Sep 19, 2023
ac0c27a
Deregister vectored exception handler on client destruction
quidity Sep 28, 2023
7f6d9e9
Add support for matching with key allowlist
Sep 29, 2023
485cfaf
Update chromium_mini dependency
Sep 29, 2023
b90db3e
ios: Fix Chromium bundle id for xcuitest.
Oct 4, 2023
a1b467a
Pull latest toolchain
thomasgales Oct 6, 2023
0fc1b6a
Mac: update ProcessReaderMac and tests for macOS 14
speednoisemovement Oct 6, 2023
f145b54
Stop registering Windows VEH in ASAN builds.
richmckeever Oct 12, 2023
2f6cffa
Mac: don't consider module order in process reader tests
speednoisemovement Oct 13, 2023
63ec948
Windows: don't compile HandleHeapCorruption on ASAN
speednoisemovement Oct 13, 2023
7c89d50
[ios] Remove ios_use_shared_bundle_id_for_test_apps gn variable
sdefresne Oct 16, 2023
aef7504
Use format macros for int64_t instead of hardcoding the format.
pkasting Oct 16, 2023
ce4e3d6
Roll crashpad/third_party/mini_chromium/mini_chromium/ 276f2ac53..42f…
pkasting Oct 17, 2023
c63c073
Do IWYU for check_op.h
leizleiz Oct 18, 2023
b6d3cdc
Roll crashpad/third_party/mini_chromium/mini_chromium/ 42f1fddfe..bc8…
pkasting Oct 18, 2023
376e8c0
Eliminate call to StringPrintf() with non-constexpr format string.
pkasting Oct 18, 2023
e17518a
Add an option to start a Windows client with global hooks disabled.
richmckeever Oct 26, 2023
59fc31c
Update mini_chromium & use its new support for wide streaming in file…
ericastor Oct 26, 2023
188ad79
Roll crashpad/third_party/mini_chromium/mini_chromium/ 707c87bd2..98b…
Oct 27, 2023
4a93d7f
Revert "Add an option to start a Windows client with global hooks dis…
Oct 27, 2023
41f6ad5
Fix crashpad tests under UBSan
davidben Oct 28, 2023
c5e2b03
Fix UB when saving an StringAnnotation
davidben Oct 28, 2023
c39206f
Provide a way to iterate over a const AnnotationList
andre-kempe-arm Oct 27, 2023
3ba2403
ios: Fix leak in iOS NSException preprocessor.
Oct 30, 2023
1675ce7
Add missing base/check.h includes
leizleiz Nov 6, 2023
5739185
Roll crashpad/third_party/mini_chromium/mini_chromium/ e508a6010..450…
pkasting Nov 7, 2023
5613499
Replace base::WStringPiece with std::string_view
leizleiz Nov 7, 2023
5fc60ae
Use googletest flag macros to access googletest flags.
zetafunction Dec 2, 2023
7049d96
Fix improper use of bit_cast
Dec 8, 2023
337b4f7
[mac] mach_absolute_time() -> clock_gettime_nsec_np(CLOCK_UPTIME_RAW)
bhamiltoncx Dec 12, 2023
9f896f2
Qualify bit_cast with base::
Dec 12, 2023
3a20cc2
[ios] Add arm64e support to in_process_intermediate_dump_handler
bhamiltoncx Dec 15, 2023
2905784
[build] Re-enable action tracing
fangism Jan 6, 2024
bbb721f
Roll crashpad/third_party/mini_chromium/mini_chromium/ ac3e73239..cc2…
pbos Jan 10, 2024
65f2a2b
Roll crashpad/third_party/mini_chromium/mini_chromium/ cc2ae8eb0..1e6…
pbos Jan 10, 2024
4426ed9
Roll crashpad/third_party/mini_chromium/mini_chromium/ 1e64ecb51..c7f…
pbos Jan 10, 2024
d256de3
Roll crashpad/third_party/mini_chromium/mini_chromium/ c7fccaa8e..203…
pbos Jan 10, 2024
98d0d86
Add [[noreturn]] version of NtstatusLogMessage
pbos Jan 11, 2024
30b2f4b
ios: Add crashpad_uptime_ns crash key to iOS reports.
Jan 11, 2024
5183bef
Remove should-be-dead code after PLOG(FATAL)
pbos Jan 12, 2024
305b648
doc: Upgrade the crashpad-home App Engine app to the go121 flex runtime
markmentovai Jan 17, 2024
22c386d
ios: Allow missing exception thread id from thread list.
Jan 19, 2024
a02e493
Avoid assuming string_view iterators are char*
danakj Jan 25, 2024
27b460c
[fxbug.dev] Migrate bug numbers
Jan 26, 2024
5d81482
ios: Read dyld modules in reverse order.
Jan 31, 2024
c576bf3
Add Update method to CrashpadInfo
jessemckenna Feb 9, 2024
5075fb6
Honor ios_is_app_extension chromium build flag
sdefresne Feb 12, 2024
940e8a3
Fix leaky CrashpadInfo test
jessemckenna Feb 13, 2024
29ac83c
[Fuchsia] remove use of fuchsia mac sdk
zijiehe-google-com Feb 15, 2024
37afd37
Properly update iterator
Feb 21, 2024
bc4fd34
Log argv[0] for failing spawns
pbos Feb 21, 2024
9c58b66
Increase kMaxNumberOfAnnotations
ianby Mar 7, 2024
c4d4a4d
ios: Disable annotations tests on older simulators on macOS 14.3
Mar 8, 2024
dea283a
Make AnnotationList's iterator compliant to input iterator
andre-kempe-arm Dec 1, 2023
6bf5e1b
Fix invalid check for valid key of Pointer Authentication
andre-kempe-arm Mar 5, 2024
ccd2065
ios: Update exception test for Chromium release builds.
Mar 18, 2024
1cea047
ios: Capture signal exception context memory regions correctly.
Mar 20, 2024
bbb99bf
Move crashpad to using Mac-13|Mac-14 (like chromium) and latest win sdk
danakj Apr 4, 2024
f9cee5c
Roll mini_chromium to pick up the latest version of base::span.
Apr 10, 2024
8df174c
[ios] Fix TSAN issue and Mach port leak in CrashpadClient
bhamiltoncx Apr 1, 2024
7e0af1d
Use byte conversions over the byte swap functions
danakj Apr 11, 2024
5b178f1
Merge branch 'main' of https://chromium.googlesource.com/crashpad/cra…
bobbyg603 Apr 14, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Catch heap corruption failures on Windows
Windows claims that heap corruption crashes are passed
to Windows Error Reporting but they are not, they are
swallowed and the process is simply terminated. WerFault.exe
does not run.

We can however intercept these crashes using a vectored
exception handler which forwards STATUS_HEAP_CORRUPTION
to the normal crash handler.

Adds an end-to-end test.

Bug: 2515
Change-Id: I2e1361dacef6fd03ea0f00327fee0b05a0c4899e
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/4637533
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Joshua Peraza <jperaza@chromium.org>
quidity authored and Crashpad LUCI CQ committed Jun 23, 2023
commit a5e179663a3876ed652b0bc8631abab2ba9334a2
19 changes: 19 additions & 0 deletions client/crashpad_client_win.cc
Original file line number Diff line number Diff line change
@@ -187,6 +187,15 @@ LONG WINAPI UnhandledExceptionHandler(EXCEPTION_POINTERS* exception_pointers) {
return EXCEPTION_CONTINUE_SEARCH;
}

LONG WINAPI HandleHeapCorruption(EXCEPTION_POINTERS* exception_pointers) {
if (exception_pointers->ExceptionRecord->ExceptionCode ==
STATUS_HEAP_CORRUPTION) {
return UnhandledExceptionHandler(exception_pointers);
}

return EXCEPTION_CONTINUE_SEARCH;
}

void HandleAbortSignal(int signum) {
DCHECK_EQ(signum, SIGABRT);

@@ -580,6 +589,16 @@ void CommonInProcessInitialization() {
void RegisterHandlers() {
SetUnhandledExceptionFilter(&UnhandledExceptionHandler);

// Windows swallows heap corruption failures but we can intercept them with
// a vectored exception handler.
#if defined(ADDRESS_SANITIZER)
// Let ASAN have first go.
bool go_first = false;
#else
bool go_first = true;
#endif
AddVectoredExceptionHandler(go_first, HandleHeapCorruption);

// The Windows CRT's signal.h lists:
// - SIGINT
// - SIGILL
18 changes: 15 additions & 3 deletions handler/BUILD.gn
Original file line number Diff line number Diff line change
@@ -49,10 +49,9 @@ static_library("handler") {
"linux/cros_crash_report_exception_handler.cc",
"linux/cros_crash_report_exception_handler.h",
]

# TODO(https://crbug.com/1420445): Remove this config when M115 branches.
configs += [
"../build:crashpad_is_in_chromium",
]
configs += [ "../build:crashpad_is_in_chromium" ]
}

if (crashpad_is_win) {
@@ -346,6 +345,19 @@ if (crashpad_is_win) {
]
}

crashpad_executable("heap_corrupting_program") {
testonly = true

sources = [ "win/heap_corrupting_program.cc" ]

deps = [
"../client",
"../compat",
"../snapshot",
"../third_party/mini_chromium:base",
]
}

if (current_cpu == "x86") {
# Cannot create an x64 DLL with embedded debug info.
crashpad_executable("crashy_z7_loader") {
95 changes: 95 additions & 0 deletions handler/win/heap_corrupting_program.cc
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
// Copyright 2023 The Crashpad Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <string.h>

#include "base/files/file_path.h"
#include "base/logging.h"
#include "client/crashpad_client.h"
#include "util/misc/paths.h"

#include <Windows.h>

// We set up a program that crashes with a heap corruption exception.
// STATUS_HEAP_CORRUPTION (0xC0000374 3221226356).
namespace crashpad {
namespace {

void HeapCorruptionCrash() {
__try {
HANDLE heap = ::HeapCreate(0, 0, 0);
CHECK(heap);
CHECK(HeapSetInformation(
heap, HeapEnableTerminationOnCorruption, nullptr, 0));
void* addr = ::HeapAlloc(heap, 0, 0x1000);
CHECK(addr);
// Corrupt heap header.
char* addr_mutable = reinterpret_cast<char*>(addr);
memset(addr_mutable - sizeof(addr), 0xCC, sizeof(addr));

HeapFree(heap, 0, addr);
HeapDestroy(heap);
} __except (EXCEPTION_EXECUTE_HANDLER) {
// Heap corruption exception should never be caught.
CHECK(false);
}
// Should never reach here.
abort();
}

int CrashyMain(int argc, wchar_t* argv[]) {
static CrashpadClient* client = new crashpad::CrashpadClient();

if (argc == 2) {
// We call this from end_to_end_test.py.
if (!client->SetHandlerIPCPipe(argv[1])) {
LOG(ERROR) << "SetHandler";
return EXIT_FAILURE;
}
} else if (argc == 3) {
// This is helpful for debugging.
if (!client->StartHandler(base::FilePath(argv[1]),
base::FilePath(argv[2]),
base::FilePath(),
std::string(),
std::map<std::string, std::string>(),
std::vector<std::string>(),
false,
true)) {
LOG(ERROR) << "StartHandler";
return EXIT_FAILURE;
}
// Got to have a handler & registration.
if (!client->WaitForHandlerStart(10000)) {
LOG(ERROR) << "Handler failed to start";
return EXIT_FAILURE;
}
} else {
fprintf(stderr, "Usage: %ls <server_pipe_name>\n", argv[0]);
fprintf(stderr, " %ls <handler_path> <database_path>\n", argv[0]);
return EXIT_FAILURE;
}

HeapCorruptionCrash();

LOG(ERROR) << "Invalid type or exception failed.";
return EXIT_FAILURE;
}

} // namespace
} // namespace crashpad

int wmain(int argc, wchar_t* argv[]) {
return crashpad::CrashyMain(argc, argv);
}
19 changes: 19 additions & 0 deletions snapshot/win/end_to_end_test.py
Original file line number Diff line number Diff line change
@@ -212,6 +212,12 @@ def GetDumpFromZ7Program(out_dir, pipe_name):
win32con.EXCEPTION_ACCESS_VIOLATION)


def GetDumpFromHeapCorruptingProgram(out_dir, pipe_name):
STATUS_HEAP_CORRUPTION = 0xC0000374
return GetDumpFromProgram(out_dir, pipe_name, 'heap_corrupting_program.exe',
STATUS_HEAP_CORRUPTION)


def GetDumpFromFastFailProgram(out_dir, pipe_name, *args):
STATUS_STACK_BUFFER_OVERRUN = 0xc0000409
return GetDumpFromProgram(out_dir, pipe_name, 'fastfail_program.exe',
@@ -444,6 +450,14 @@ def RunSigAbrtTest(cdb_path, sigabrt_main_path, sigabrt_background_path):
out.Check('code 40000015', 'got sigabrt signal from background thread')


def RunHeapCorruptionTest(cdb_path, heap_path):
"""Runs tests on heap corruption caught using the vectored handler."""
out = CdbRun(cdb_path, heap_path, '.ecxr;k')
out.Check('code c0000374', 'captured exception from heap corruption crash')
out.Check('::HeapCorruptionCrash', 'See expected throwing function')
out = CdbRun(cdb_path, heap_path, '.ecxr;k')


def RunFastFailDumpTest(cdb_path, fastfail_path):
"""Runs tests on __fastfail() caught using the runtime exception helper."""
out = CdbRun(cdb_path, fastfail_path, '.ecxr;k')
@@ -541,6 +555,11 @@ def main(args):
return 1
Run7zDumpTest(cdb_path, z7_dump_path)

heap_path = GetDumpFromHeapCorruptingProgram(args[0], pipe_name)
if not heap_path:
return 1
RunHeapCorruptionTest(cdb_path, heap_path)

# __fastfail() & CFG crash caught by WerRuntimeExceptionHelperModule.
# TODO(crashpad:458) These are not working when launched from python.
if (False and Win32_20H1()):