diff options
| author | Christopher Ferris <cferris@google.com> | 2016-02-05 11:07:12 -0800 |
|---|---|---|
| committer | Christopher Ferris <cferris@google.com> | 2016-02-05 15:22:34 -0800 |
| commit | d4c884330c384bbb06f9a0d1fee2d2ae2086521c (patch) | |
| tree | 2bcbc13b5dd0c2dc91e2f16f26a0a8c97da61e30 /libbacktrace | |
| parent | 718625010d839481cdef5f0305f2622a0aa87cd8 (diff) | |
| download | system_core-d4c884330c384bbb06f9a0d1fee2d2ae2086521c.tar.gz system_core-d4c884330c384bbb06f9a0d1fee2d2ae2086521c.tar.bz2 system_core-d4c884330c384bbb06f9a0d1fee2d2ae2086521c.zip | |
Fix use of uninitialized memory.
When creating an UnwindMapLocal fails in the Build() function call,
the destructor for UnwindMap is called. Unfortunately, the map_cursor_
member variable has not been initialized, so the call to destroy it
winds up operating on garbage data.
Part of this is a result of a bad class hierarchy, so this refactors
the classes slightly, and properly initializes the map_cursor_ member
variable in the base class.
Bug: 26931578
Change-Id: I885596bf65e4ef63559cee2c56cd41576d5ecc1b
Diffstat (limited to 'libbacktrace')
| -rw-r--r-- | libbacktrace/UnwindMap.cpp | 13 | ||||
| -rw-r--r-- | libbacktrace/UnwindMap.h | 24 |
2 files changed, 24 insertions, 13 deletions
diff --git a/libbacktrace/UnwindMap.cpp b/libbacktrace/UnwindMap.cpp index 879fea5eb..34d79f970 100644 --- a/libbacktrace/UnwindMap.cpp +++ b/libbacktrace/UnwindMap.cpp @@ -33,14 +33,18 @@ // of maps using the same map cursor. //------------------------------------------------------------------------- UnwindMap::UnwindMap(pid_t pid) : BacktraceMap(pid) { + unw_map_cursor_clear(&map_cursor_); +} + +UnwindMapRemote::UnwindMapRemote(pid_t pid) : UnwindMap(pid) { } -UnwindMap::~UnwindMap() { +UnwindMapRemote::~UnwindMapRemote() { unw_map_cursor_destroy(&map_cursor_); unw_map_cursor_clear(&map_cursor_); } -bool UnwindMap::GenerateMap() { +bool UnwindMapRemote::GenerateMap() { // Use the map_cursor information to construct the BacktraceMap data // rather than reparsing /proc/self/maps. unw_map_cursor_reset(&map_cursor_); @@ -63,7 +67,7 @@ bool UnwindMap::GenerateMap() { return true; } -bool UnwindMap::Build() { +bool UnwindMapRemote::Build() { return (unw_map_cursor_create(&map_cursor_, pid_) == 0) && GenerateMap(); } @@ -84,6 +88,7 @@ bool UnwindMapLocal::GenerateMap() { for (int i = 0; i < 3; i++) { maps_.clear(); + // Save the map data retrieved so we can tell if it changes. unw_map_local_cursor_get(&map_cursor_); unw_map_t unw_map; @@ -142,7 +147,7 @@ BacktraceMap* BacktraceMap::Create(pid_t pid, bool uncached) { } else if (pid == getpid()) { map = new UnwindMapLocal(); } else { - map = new UnwindMap(pid); + map = new UnwindMapRemote(pid); } if (!map->Build()) { delete map; diff --git a/libbacktrace/UnwindMap.h b/libbacktrace/UnwindMap.h index e2920168b..111401ffa 100644 --- a/libbacktrace/UnwindMap.h +++ b/libbacktrace/UnwindMap.h @@ -29,29 +29,35 @@ class UnwindMap : public BacktraceMap { public: UnwindMap(pid_t pid); - virtual ~UnwindMap(); - - virtual bool Build(); unw_map_cursor_t* GetMapCursor() { return &map_cursor_; } protected: - virtual bool GenerateMap(); - unw_map_cursor_t map_cursor_; }; +class UnwindMapRemote : public UnwindMap { +public: + UnwindMapRemote(pid_t pid); + virtual ~UnwindMapRemote(); + + bool Build() override; + +private: + bool GenerateMap(); +}; + class UnwindMapLocal : public UnwindMap { public: UnwindMapLocal(); virtual ~UnwindMapLocal(); - virtual bool Build(); + bool Build() override; - virtual void FillIn(uintptr_t addr, backtrace_map_t* map); + void FillIn(uintptr_t addr, backtrace_map_t* map) override; -protected: - virtual bool GenerateMap(); +private: + bool GenerateMap(); bool map_created_; }; |