processor: Bound number of exception parameters read

Bug: 1074532
Change-Id: I769074d7cbe0a47c8c8b716275d815e4b7f6dd63
Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/2168816
Reviewed-by: Ivan Penkov <ivanpe@chromium.org>
This commit is contained in:
Joshua Peraza 2020-04-27 14:58:17 -07:00
parent a2d3e8b2d5
commit a7b621f810
3 changed files with 7 additions and 4 deletions

View File

@ -529,7 +529,7 @@ static const size_t MDRawMemoryList_minsize = offsetof(MDRawMemoryList,
memory_ranges[0]); memory_ranges[0]);
#define MD_EXCEPTION_MAXIMUM_PARAMETERS 15 #define MD_EXCEPTION_MAXIMUM_PARAMETERS 15u
typedef struct { typedef struct {
uint32_t exception_code; /* Windows: MDExceptionCodeWin, uint32_t exception_code; /* Windows: MDExceptionCodeWin,

View File

@ -31,6 +31,7 @@
#include <assert.h> #include <assert.h>
#include <algorithm>
#include <string> #include <string>
#include "common/scoped_ptr.h" #include "common/scoped_ptr.h"
@ -128,8 +129,10 @@ ProcessResult MinidumpProcessor::Process(
process_state->exception_record_.set_nested_exception_record_address( process_state->exception_record_.set_nested_exception_record_address(
exception->exception()->exception_record.exception_record); exception->exception()->exception_record.exception_record);
process_state->exception_record_.set_address(process_state->crash_address_); process_state->exception_record_.set_address(process_state->crash_address_);
for (uint32_t i = 0; const uint32_t num_parameters =
i < exception->exception()->exception_record.number_parameters; i++) { std::min(exception->exception()->exception_record.number_parameters,
MD_EXCEPTION_MAXIMUM_PARAMETERS);
for (uint32_t i = 0; i < num_parameters; ++i) {
process_state->exception_record_.add_parameter( process_state->exception_record_.add_parameter(
exception->exception()->exception_record.exception_information[i], exception->exception()->exception_record.exception_information[i],
// TODO(ivanpe): Populate description. // TODO(ivanpe): Populate description.

View File

@ -332,7 +332,7 @@ Exception::Exception(const Dump &dump,
D64(exception_address); D64(exception_address);
D32(0); // number_parameters D32(0); // number_parameters
D32(0); // __align D32(0); // __align
for (int i = 0; i < MD_EXCEPTION_MAXIMUM_PARAMETERS; ++i) for (size_t i = 0; i < MD_EXCEPTION_MAXIMUM_PARAMETERS; ++i)
D64(0); // exception_information D64(0); // exception_information
context.CiteLocationIn(this); context.CiteLocationIn(this);
assert(Size() == sizeof(MDRawExceptionStream)); assert(Size() == sizeof(MDRawExceptionStream));