diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-06 15:55:28 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-06 15:55:28 +0000 |
| commit | 66d30508be18969ae4b398d2c319808edb34a750 (patch) | |
| tree | 4ede61df5efea55fd0efc34a2ae60e3a519ea2ee | |
| parent | b59162e1a722e72d29e48c67938f27fe051ffd15 (diff) | |
| download | chromium_src-66d30508be18969ae4b398d2c319808edb34a750.zip chromium_src-66d30508be18969ae4b398d2c319808edb34a750.tar.gz chromium_src-66d30508be18969ae4b398d2c319808edb34a750.tar.bz2 | |
Linux: fix a couple of libc calls in a compromised context.
We shouldn't call memset nor socketpair once we have crashed.
BUG=39292
TEST=none
http://codereview.chromium.org/1210006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43717 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/app/breakpad_linux.cc | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/chrome/app/breakpad_linux.cc b/chrome/app/breakpad_linux.cc index d1b5961..970a12e 100644 --- a/chrome/app/breakpad_linux.cc +++ b/chrome/app/breakpad_linux.cc @@ -62,6 +62,14 @@ static uint64_t timeval_to_ms(struct timeval *tv) { return ret; } +// Converts a struct timeval to milliseconds. +static uint64_t kernel_timeval_to_ms(struct kernel_timeval *tv) { + uint64_t ret = tv->tv_sec; // Avoid overflow by explicitly using a uint64_t. + ret *= 1000; + ret += tv->tv_usec / 1000; + return ret; +} + // uint64_t version of my_int_len() from // breakpad/src/common/linux/linux_libc_support.h. Return the length of the // given, non-negative integer when expressed in base 10. @@ -137,7 +145,7 @@ pid_t HandleCrashDump(const BreakpadInfo& info) { for (unsigned i = 0; i < 10; ++i) { uint64_t t; - read(ufd, &t, sizeof(t)); + sys_read(ufd, &t, sizeof(t)); write_uint64_hex(temp_file + sizeof(temp_file) - (16 + 1), t); fd = sys_open(temp_file, O_WRONLY | O_CREAT | O_EXCL, 0600); @@ -308,9 +316,9 @@ pid_t HandleCrashDump(const BreakpadInfo& info) { sys_writev(fd, iov, 29); if (uptime >= 0) { - struct timeval tv; - if (!gettimeofday(&tv, NULL)) { - uint64_t time = timeval_to_ms(&tv); + struct kernel_timeval tv; + if (!sys_gettimeofday(&tv, NULL)) { + uint64_t time = kernel_timeval_to_ms(&tv); if (time > uptime) { time -= uptime; char time_str[21]; @@ -526,7 +534,8 @@ pid_t HandleCrashDump(const BreakpadInfo& info) { if (child) { sys_close(fds[1]); char id_buf[17]; - const int len = HANDLE_EINTR(read(fds[0], id_buf, sizeof(id_buf) - 1)); + const int len = HANDLE_EINTR(sys_read(fds[0], id_buf, + sizeof(id_buf) - 1)); if (len > 0) { id_buf[len] = 0; static const char msg[] = "\nCrash dump id: "; @@ -552,7 +561,7 @@ pid_t HandleCrashDump(const BreakpadInfo& info) { NULL, }; - execv(kWgetBinary, const_cast<char**>(args)); + execve(kWgetBinary, const_cast<char**>(args), environ); static const char msg[] = "Cannot upload crash dump: cannot exec " "/usr/bin/wget\n"; sys_write(2, msg, sizeof(msg) - 1); @@ -656,7 +665,7 @@ NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size, void* context) { const int fd = reinterpret_cast<intptr_t>(context); int fds[2]; - socketpair(AF_UNIX, SOCK_STREAM, 0, fds); + sys_socketpair(AF_UNIX, SOCK_STREAM, 0, fds); char guid[kGuidSize + 1] = {0}; char crash_url[kMaxActiveURLSize + 1] = {0}; char distro[kDistroSize + 1] = {0}; @@ -688,7 +697,7 @@ NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size, msg.msg_iov = iov; msg.msg_iovlen = 4; char cmsg[kControlMsgSize]; - memset(cmsg, 0, kControlMsgSize); + my_memset(cmsg, 0, kControlMsgSize); msg.msg_control = cmsg; msg.msg_controllen = sizeof(cmsg); |