Pid computation for breakpad had a race condition that could cause the

dumper to fail. We now send two file descriptors from the crashing process
to the dumper. One of these is used solely to identify the pid. We guarantee
that this file descriptor is open in the crashing process by the time the
dumper scans for it. And we also no longer play any tricks with guessing
the inode number based on the inode of the other descriptor in the socket
pair.

BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2856092

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55464 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 3 deletions

diff --git a/chrome/app/breakpad_linux.cc b/chrome/app/breakpad_linux.cc
index 28b69ba..1624e6c 100644
--- a/chrome/app/breakpad_linux.cc
+++ b/chrome/app/breakpad_linux.cc
@@ -684,7 +684,7 @@ NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size,
                             // browser to convert namespace tids.
 
   // The length of the control message:
-  static const unsigned kControlMsgSize = CMSG_SPACE(sizeof(int));
+  static const unsigned kControlMsgSize = CMSG_SPACE(2*sizeof(int));
 
   struct kernel_msghdr msg;
   my_memset(&msg, 0, sizeof(struct kernel_msghdr));
@@ -712,8 +712,9 @@ NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size,
   struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
   hdr->cmsg_level = SOL_SOCKET;
   hdr->cmsg_type = SCM_RIGHTS;
-  hdr->cmsg_len = CMSG_LEN(sizeof(int));
-  *((int*) CMSG_DATA(hdr)) = fds[1];
+  hdr->cmsg_len = CMSG_LEN(2*sizeof(int));
+  ((int*) CMSG_DATA(hdr))[0] = fds[0];
+  ((int*) CMSG_DATA(hdr))[1] = fds[1];
 
   HANDLE_EINTR(sys_sendmsg(fd, &msg, 0));
   sys_close(fds[1]);