diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-05 21:04:02 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-05 21:04:02 +0000 |
| commit | 027f2fb27b6c2840feb15a3ee8964473075122bb (patch) | |
| tree | 205e514cd633095f252762a44e5bb100eeb362ed /breakpad/linux/exception_handler.h | |
| parent | 5093d683a15b9a754e833e0564185ae21edcb510 (diff) | |
| download | chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.zip chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.tar.gz chromium_src-027f2fb27b6c2840feb15a3ee8964473075122bb.tar.bz2 | |
Linux: Dumping a renderer can traverse an invalid pointer.
A ucontext isn't a POD datatype, so we can end up sending it to the
browser and then walking an embedded pointer which is only valid in
the renderer context.
This fix sends the floating point registers (which were at the other
end of said pointer) in the context and stops using the pointer in the
ucontext.
BUG=13465
http://codereview.chromium.org/119249
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17771 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'breakpad/linux/exception_handler.h')
| -rw-r--r-- | breakpad/linux/exception_handler.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/breakpad/linux/exception_handler.h b/breakpad/linux/exception_handler.h index 6176c94..b579a6a 100644 --- a/breakpad/linux/exception_handler.h +++ b/breakpad/linux/exception_handler.h @@ -146,6 +146,7 @@ class ExceptionHandler { siginfo_t siginfo; pid_t tid; // the crashing thread. struct ucontext context; + struct _libc_fpstate float_state; }; private: |