Update Crashpad to 6225d7890687204fdd4b69eb2646e16e98739d41

e163efb37210 Added CPU revision implementation for ARM64
63782c8333c9 Added Windows on ARM support to SystemSnapshot::CPUVendor
8b8066297c2a [fuchsia] remove obsolete FIDL string.cc include
2faae40e8e63 Fuchsia: Update docs to mention target_os in .gclient
1b2f448720ee Fuchsia: de-port generate_dump
da3384a7088a Fuchsia: remove fuchsia.net.SocketProvider from cmx
70d10eb6296b client_win: Switch Release Load/Acq Store->Rel Store/Acq
             Load
08f070325eb7 Fix the build with NDK r20
a34bca8611b6 Disable warning when building gmock tests
5a0e18e41761 Refactor 'whitelist' -> 'annotations whitelist'
bde5196af508 Add ProcessMemorySanitized
6225d7890687 Don't use a regex to test the CPU vendor string

Bug: 891999, 973167
Change-Id: I0a397eee4f48612f656cd07ba6785e64612f2f9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1755011
Commit-Queue: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#687384}

third_party/crashpad/README.chromium

@@ -2,7 +2,7 @@ Name: Crashpad
 Short Name: crashpad
 URL: https://crashpad.chromium.org/
 Version: unknown
-Revision: 2fb8f98d675ee177fb15731b08a02027d83615da
+Revision: 6225d7890687204fdd4b69eb2646e16e98739d41
 License: Apache 2.0
 License File: crashpad/LICENSE
 Security Critical: yes

third_party/crashpad/crashpad/client/crashpad_client_win.cc

@@ -96,7 +96,7 @@ CRITICAL_SECTION g_critical_section_with_debug_info;
 
 void SetHandlerStartupState(StartupState state) {
   DCHECK(state == StartupState::kSucceeded || state == StartupState::kFailed);
-  base::subtle::Acquire_Store(&g_handler_startup_state,
+  base::subtle::Release_Store(&g_handler_startup_state,
                               static_cast<base::subtle::AtomicWord>(state));
 }
 
@@ -104,7 +104,7 @@ StartupState BlockUntilHandlerStartedOrFailed() {
   // Wait until we know the handler has either succeeded or failed to start.
   base::subtle::AtomicWord startup_state;
   while (
-      (startup_state = base::subtle::Release_Load(&g_handler_startup_state)) ==
+      (startup_state = base::subtle::Acquire_Load(&g_handler_startup_state)) ==
       static_cast<int>(StartupState::kNotReady)) {
     Sleep(1);
   }

third_party/crashpad/crashpad/compat/android/android/api-level.cc

@@ -21,7 +21,7 @@
 
 #include "dlfcn_internal.h"
 
-#if __ANDROID_API__ < 29
+#if __NDK_MAJOR__ < 20
 
 extern "C" {
 
@@ -47,4 +47,4 @@ int android_get_device_api_level() {
 
 }  // extern "C"
 
-#endif  // __ANDROID_API__ < 29
+#endif  // __NDK_MAJOR__ < 20

third_party/crashpad/crashpad/compat/android/android/api-level.h

@@ -16,23 +16,24 @@
 #define CRASHPAD_COMPAT_ANDROID_ANDROID_API_LEVEL_H_
 
 #include_next <android/api-level.h>
+#include <android/ndk-version.h>
 
 #include <sys/cdefs.h>
 
-#if __ANDROID_API__ < 29
+#if __NDK_MAJOR__ < 20
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 // Returns the API level of the device or -1 if it can't be determined. This
-// function is provided by Bionic at API 29.
+// function is provided by NDK r20.
 int android_get_device_api_level();
 
 #ifdef __cplusplus
 }  // extern "C"
 #endif
 
-#endif  // __ANDROID_API__ < 29
+#endif  // __NDK_MAJOR__ < 20
 
 #endif  // CRASHPAD_COMPAT_ANDROID_ANDROID_API_LEVEL_H_

third_party/crashpad/crashpad/doc/developing.md

@@ -106,6 +106,18 @@ GN and Ninja are part of the
 [depot_tools](https://www.chromium.org/developers/how-tos/depottools). There’s
 no need to install them separately.
 
+#### Fuchsia
+
+In order to instruct gclient to download the Fuchsia SDK, you need to add the
+following to `~/crashpad/.gclient`.
+
+```
+target_os=["fuchsia"]
+```
+
+If you're using this tree to develop for multiple targets, you can also add
+other entries to the the list (e.g. `target_os=["fuchsia", "mac"]`).
+
 #### Optional Linux Configs
 
 To pull and use Crashpad's version of clang and sysroot, make the following

third_party/crashpad/crashpad/handler/linux/crash_report_exception_handler.cc

@@ -140,7 +140,7 @@ bool CrashReportExceptionHandler::HandleExceptionWithConnection(
 
     ProcessSnapshot* snapshot = nullptr;
     ProcessSnapshotSanitized sanitized;
-    std::vector<std::string> whitelist;
+    std::vector<std::string> annotations_whitelist;
     if (info.sanitization_information_address) {
       SanitizationInformation sanitization_info;
       ProcessMemoryRange range;
@@ -157,7 +157,7 @@ bool CrashReportExceptionHandler::HandleExceptionWithConnection(
           !ReadAnnotationsWhitelist(
               range,
               sanitization_info.annotations_whitelist_address,
-              &whitelist)) {
+              &annotations_whitelist)) {
         Metrics::ExceptionCaptureResult(
             Metrics::CaptureResult::kSanitizationInitializationFailed);
         return false;
@@ -165,7 +165,7 @@ bool CrashReportExceptionHandler::HandleExceptionWithConnection(
 
       if (!sanitized.Initialize(&process_snapshot,
                                 sanitization_info.annotations_whitelist_address
-                                    ? &whitelist
+                                    ? &annotations_whitelist
                                     : nullptr,
                                 sanitization_info.target_module_address,
                                 sanitization_info.sanitize_stacks)) {

third_party/crashpad/crashpad/snapshot/sanitized/process_snapshot_sanitized_test.cc

@@ -252,12 +252,12 @@ class SanitizeTest : public MultiprocessExec {
     ExpectAnnotations(&snapshot, /* sanitized= */ false);
     ExpectStackData(&snapshot, addrs, /* sanitized= */ false);
 
-    std::vector<std::string> whitelist;
-    whitelist.push_back(kWhitelistedAnnotationName);
+    std::vector<std::string> annotations_whitelist;
+    annotations_whitelist.push_back(kWhitelistedAnnotationName);
 
     ProcessSnapshotSanitized sanitized;
     ASSERT_TRUE(sanitized.Initialize(
-        &snapshot, &whitelist, addrs.module_address, true));
+        &snapshot, &annotations_whitelist, addrs.module_address, true));
 
     ExpectAnnotations(&sanitized, /* sanitized= */ true);
     ExpectStackData(&sanitized, addrs, /* sanitized= */ true);

third_party/crashpad/crashpad/snapshot/sanitized/sanitization_information.cc

@@ -21,9 +21,9 @@ namespace crashpad {
 namespace {
 
 template <typename Pointer>
-bool ReadWhitelist(const ProcessMemoryRange& memory,
-                   VMAddress whitelist_address,
-                   std::vector<std::string>* whitelist) {
+bool ReadAnnotationsWhitelist(const ProcessMemoryRange& memory,
+                              VMAddress whitelist_address,
+                              std::vector<std::string>* whitelist) {
   if (!whitelist_address) {
     return true;
   }
@@ -53,9 +53,10 @@ bool ReadWhitelist(const ProcessMemoryRange& memory,
 bool ReadAnnotationsWhitelist(const ProcessMemoryRange& memory,
                               VMAddress whitelist_address,
                               std::vector<std::string>* whitelist) {
-  return memory.Is64Bit()
-             ? ReadWhitelist<uint64_t>(memory, whitelist_address, whitelist)
-             : ReadWhitelist<uint32_t>(memory, whitelist_address, whitelist);
+  return memory.Is64Bit() ? ReadAnnotationsWhitelist<uint64_t>(
+                                memory, whitelist_address, whitelist)
+                          : ReadAnnotationsWhitelist<uint32_t>(
+                                memory, whitelist_address, whitelist);
 }
 
 }  // namespace crashpad

third_party/crashpad/crashpad/snapshot/win/system_snapshot_win.cc

@@ -28,6 +28,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "util/win/module_version.h"
+#include "util/win/scoped_registry_key.h"
 
 namespace crashpad {
 
@@ -76,11 +77,9 @@ SystemSnapshotWin::SystemSnapshotWin()
       os_version_minor_(0),
       os_version_bugfix_(0),
       os_server_(false),
-      initialized_() {
-}
+      initialized_() {}
 
-SystemSnapshotWin::~SystemSnapshotWin() {
-}
+SystemSnapshotWin::~SystemSnapshotWin() {}
 
 void SystemSnapshotWin::Initialize(ProcessReaderWin* process_reader) {
   INITIALIZATION_STATE_SET_INITIALIZING(initialized_);
@@ -158,9 +157,10 @@ uint32_t SystemSnapshotWin::CPURevision() const {
   uint8_t adjusted_model = model + (extended_model << 4);
   return (adjusted_family << 16) | (adjusted_model << 8) | stepping;
 #elif defined(ARCH_CPU_ARM64)
-  // TODO(jperaza): do this. https://crashpad.chromium.org/bug/30
-  // This is the same as SystemSnapshotLinux::CPURevision.
-  return 0;
+  SYSTEM_INFO system_info;
+  GetSystemInfo(&system_info);
+
+  return system_info.wProcessorRevision;
 #else
 #error Unsupported Windows Arch
 #endif
@@ -190,9 +190,38 @@ std::string SystemSnapshotWin::CPUVendor() const {
   *reinterpret_cast<int*>(vendor + 8) = cpu_info[2];
   return std::string(vendor, sizeof(vendor));
 #elif defined(ARCH_CPU_ARM64)
-  // TODO(jperaza): do this. https://crashpad.chromium.org/bug/30
-  // This is the same as SystemSnapshotLinux::CPURevision.
-  return std::string();
+  HKEY key;
+
+  if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                   L"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
+                   0,
+                   KEY_QUERY_VALUE,
+                   &key) != ERROR_SUCCESS) {
+    return std::string();
+  }
+
+  crashpad::ScopedRegistryKey scoped_key(key);
+  DWORD type;
+  wchar_t vendor_identifier[1024];
+  DWORD vendor_identifier_size = sizeof(vendor_identifier);
+
+  if (RegQueryValueEx(key,
+                      L"VendorIdentifier",
+                      nullptr,
+                      &type,
+                      reinterpret_cast<BYTE*>(vendor_identifier),
+                      &vendor_identifier_size) != ERROR_SUCCESS ||
+      type != REG_SZ) {
+    return std::string();
+  }
+
+  std::string return_value;
+  DCHECK_EQ(vendor_identifier_size % sizeof(wchar_t), 0u);
+  base::UTF16ToUTF8(vendor_identifier,
+                    vendor_identifier_size / sizeof(wchar_t),
+                    &return_value);
+
+  return return_value.c_str();
 #else
 #error Unsupported Windows Arch
 #endif

third_party/crashpad/crashpad/snapshot/win/system_snapshot_win_test.cc

@@ -73,10 +73,13 @@ TEST_F(SystemSnapshotWinTest, CPUCount) {
 
 TEST_F(SystemSnapshotWinTest, CPUVendor) {
   std::string cpu_vendor = system_snapshot().CPUVendor();
-
-  // There are a variety of other values, but we don't expect to run our tests
-  // on them.
+#if defined(ARCH_CPU_X86_FAMILY)
   EXPECT_TRUE(cpu_vendor == "GenuineIntel" || cpu_vendor == "AuthenticAMD");
+#elif defined(ARCH_CPU_ARM64)
+  EXPECT_FALSE(cpu_vendor.empty());
+#else
+#error Unsupported Windows Arch
+#endif
 }
 
 #if defined(ARCH_CPU_X86_FAMILY)

third_party/crashpad/crashpad/test/fuchsia_crashpad_tests.cmx

@@ -2,9 +2,8 @@
     "facets": {
         "fuchsia.test": {
             "system-services": [
-                "fuchsia.posix.socket.Provider",
                 "fuchsia.net.NameLookup",
-                "fuchsia.net.SocketProvider"
+                "fuchsia.posix.socket.Provider"
             ]
         }
     },
@@ -17,9 +16,8 @@
             "deprecated-ambient-replace-as-executable"
         ],
         "services": [
-            "fuchsia.posix.socket.Provider",
             "fuchsia.net.NameLookup",
-            "fuchsia.net.SocketProvider",
+            "fuchsia.posix.socket.Provider",
             "fuchsia.process.Launcher"
         ]
     }

third_party/crashpad/crashpad/third_party/fuchsia/BUILD.gn

@@ -102,7 +102,6 @@ if (crashpad_is_in_fuchsia) {
       "$sdk_pkg_path/fidl_cpp_base/clone.cc",
       "$sdk_pkg_path/fidl_cpp_base/decoder.cc",
       "$sdk_pkg_path/fidl_cpp_base/encoder.cc",
-      "$sdk_pkg_path/fidl_cpp_base/string.cc",
     ]
 
     public_configs = [

third_party/crashpad/crashpad/third_party/gtest/BUILD.gn

@@ -267,6 +267,17 @@ if (crashpad_is_in_chromium) {
   config("gmock_private_config") {
     visibility = [ ":*" ]
     include_dirs = [ "gtest/googlemock" ]
+    if (crashpad_is_clang && (crashpad_is_linux || crashpad_is_fuchsia)) {
+      cflags_cc = [
+        # This seems a bit questionable:
+        #   https://github.com/google/googletest/blob/bf6df7eaee5cfaafe2655fab143f348eba98c9af/googlemock/include/gmock/internal/gmock-internal-utils.h#L109
+        # and causes a warning/error on recent clangs (Linux/Fuchsia currently
+        # have this, other platforms don't yet).
+        # Temporarily disable this warning for building gmock tests until
+        # internal CL 263406158 lands and rolls.
+        "-Wno-signed-unsigned-wchar",
+      ]
+    }
   }
 
   config("gmock_public_config") {

third_party/crashpad/crashpad/tools/BUILD.gn

@@ -56,38 +56,40 @@ crashpad_executable("crashpad_http_upload") {
   ]
 }
 
-crashpad_executable("generate_dump") {
-  sources = [
-    "generate_dump.cc",
-  ]
-
-  deps = [
-    ":tool_support",
-    "../build:default_exe_manifest_win",
-    "../compat",
-    "../minidump",
-    "../snapshot",
-    "../third_party/mini_chromium:base",
-    "../util",
-  ]
-
-  if (crashpad_is_mac) {
-    # This would be better as a config so that it could be shared with
-    # exception_port_tool, but configs can’t alter “inputs”.
-    # https://crbug.com/781858.
-    inputs = [
-      "mac/sectaskaccess_info.plist",
+if (!crashpad_is_fuchsia) {
+  crashpad_executable("generate_dump") {
+    sources = [
+      "generate_dump.cc",
     ]
-    ldflags = [
-      "-sectcreate",
-      "__TEXT",
-      "__info_plist",
-      rebase_path(inputs[0], root_build_dir),
+
+    deps = [
+      ":tool_support",
+      "../build:default_exe_manifest_win",
+      "../compat",
+      "../minidump",
+      "../snapshot",
+      "../third_party/mini_chromium:base",
+      "../util",
     ]
-  }
 
-  if (crashpad_is_win) {
-    cflags = [ "/wd4201" ]  # nonstandard extension used : nameless struct/union
+    if (crashpad_is_mac) {
+      # This would be better as a config so that it could be shared with
+      # exception_port_tool, but configs can’t alter “inputs”.
+      # https://crbug.com/781858.
+      inputs = [
+        "mac/sectaskaccess_info.plist",
+      ]
+      ldflags = [
+        "-sectcreate",
+        "__TEXT",
+        "__info_plist",
+        rebase_path(inputs[0], root_build_dir),
+      ]
+    }
+
+    if (crashpad_is_win) {
+      cflags = [ "/wd4201" ]  # nonstandard extension used : nameless struct/union
+    }
   }
 }
 

third_party/crashpad/crashpad/tools/generate_dump.cc

@@ -47,12 +47,6 @@
 #include "snapshot/win/process_snapshot_win.h"
 #include "util/win/scoped_process_suspend.h"
 #include "util/win/xp_compat.h"
-#elif defined(OS_FUCHSIA)
-#include <lib/zx/process.h>
-
-#include "snapshot/fuchsia/process_snapshot_fuchsia.h"
-#include "util/fuchsia/koid_utilities.h"
-#include "util/fuchsia/scoped_task_suspend.h"
 #elif defined(OS_LINUX) || defined(OS_ANDROID)
 #include "snapshot/linux/process_snapshot_linux.h"
 #endif  // OS_MACOSX
@@ -167,12 +161,6 @@ int GenerateDumpMain(int argc, char* argv[]) {
     PLOG(ERROR) << "could not open process " << options.pid;
     return EXIT_FAILURE;
   }
-#elif defined(OS_FUCHSIA)
-  zx::process process = GetProcessFromKoid(options.pid);
-  if (!process.is_valid()) {
-    LOG(ERROR) << "could not open process " << options.pid;
-    return EXIT_FAILURE;
-  }
 #endif  // OS_MACOSX
 
   if (options.dump_path.empty()) {
@@ -191,11 +179,6 @@ int GenerateDumpMain(int argc, char* argv[]) {
     if (options.suspend) {
       suspend.reset(new ScopedProcessSuspend(process.get()));
     }
-#elif defined(OS_FUCHSIA)
-    std::unique_ptr<ScopedTaskSuspend> suspend;
-    if (options.suspend) {
-      suspend.reset(new ScopedTaskSuspend(process));
-    }
 #endif  // OS_MACOSX
 
 #if defined(OS_MACOSX)
@@ -213,11 +196,6 @@ int GenerateDumpMain(int argc, char* argv[]) {
                                      0)) {
       return EXIT_FAILURE;
     }
-#elif defined(OS_FUCHSIA)
-    ProcessSnapshotFuchsia process_snapshot;
-    if (!process_snapshot.Initialize(process)) {
-      return EXIT_FAILURE;
-    }
 #elif defined(OS_LINUX) || defined(OS_ANDROID)
     // TODO(jperaza): https://crashpad.chromium.org/bug/30.
     ProcessSnapshotLinux process_snapshot;

third_party/crashpad/crashpad/util/BUILD.gn

@@ -329,6 +329,8 @@ static_library("util") {
       "posix/process_info_linux.cc",
       "process/process_memory_linux.cc",
       "process/process_memory_linux.h",
+      "process/process_memory_sanitized.cc",
+      "process/process_memory_sanitized.h",
     ]
   }
 
@@ -651,6 +653,7 @@ source_set("util_test") {
       "linux/scoped_ptrace_attach_test.cc",
       "linux/socket_test.cc",
       "misc/capture_context_test_util_linux.cc",
+      "process/process_memory_sanitized_test.cc",
     ]
   }
 

third_party/crashpad/crashpad/util/fuchsia/koid_utilities.cc

@@ -48,33 +48,6 @@ T CastHandle(zx::handle handle) {
   return T(std::move(handle));
 }
 
-zx::job GetRootJob() {
-  ScopedFileHandle sysinfo(
-      LoggingOpenFileForRead(base::FilePath("/dev/misc/sysinfo")));
-  if (!sysinfo.is_valid())
-    return zx::job();
-
-  zx::channel channel;
-  zx_status_t status = fdio_get_service_handle(sysinfo.release(),
-                                               channel.reset_and_get_address());
-  if (status != ZX_OK) {
-    ZX_LOG(ERROR, status) << "fdio_get_service_handle";
-    return zx::job();
-  }
-
-  zx::handle root_job;
-  zx_status_t fidl_status = fuchsia_sysinfo_DeviceGetRootJob(
-      channel.get(), &status, root_job.reset_and_get_address());
-  if (fidl_status != ZX_OK) {
-    ZX_LOG(ERROR, fidl_status) << "fuchsia_sysinfo_DeviceGetRootJob";
-    return zx::job();
-  } else if (status != ZX_OK) {
-    ZX_LOG(ERROR, status) << "fuchsia_sysinfo_DeviceGetRootJob";
-    return zx::job();
-  }
-  return CastHandle<zx::job>(std::move(root_job));
-}
-
 // Returns null handle if |koid| is not found or an error occurs. If |was_found|
 // is non-null then it will be set, to distinguish not-found from other errors.
 template <typename T, typename U>
@@ -92,35 +65,6 @@ T GetChildHandleByKoid(const U& parent, zx_koid_t child_koid, bool* was_found) {
   return CastHandle<T>(std::move(handle));
 }
 
-// Returns an invalid handle if the |koid| was found, but was of the wrong
-// type, or we could not open a handle to it.
-zx::process FindProcess(const zx::job& job, zx_koid_t koid, bool* was_found) {
-  DCHECK(!*was_found);
-
-  // Look for |koid| as a direct descendent of |job|.
-  auto process = GetChildHandleByKoid<zx::process>(job, koid, was_found);
-  if (*was_found) {
-    // |koid| was found. |process| may still be null, e.g. if a handle could not
-    // be opened to it.
-    return process;
-  }
-
-  // |koid| was not found under |job|, so search child jobs, if any.
-  // Since we only hold a handle to the job we are currently enumerating, child
-  // jobs may go away mid-enumeration.
-  for (auto child_koid : GetChildKoids(job, ZX_INFO_JOB_CHILDREN)) {
-    zx::job child_job = GetChildHandleByKoid<zx::job>(job, child_koid, nullptr);
-    if (!child_job.is_valid())
-      continue;
-    zx::process process = FindProcess(child_job, koid, was_found);
-    if (*was_found)
-      return process;
-  }
-
-  DCHECK(!*was_found);
-  return zx::process();
-}
-
 }  // namespace
 
 std::vector<zx_koid_t> GetChildKoids(const zx::object_base& parent_object,
@@ -195,16 +139,4 @@ zx_koid_t GetKoidForHandle(const zx::object_base& object) {
   return info.koid;
 }
 
-// TODO(scottmg): This implementation uses some debug/temporary/hacky APIs and
-// ioctls that are currently the only way to go from pid to handle. This should
-// hopefully eventually be replaced by more or less a single
-// zx_debug_something() syscall.
-zx::process GetProcessFromKoid(zx_koid_t koid) {
-  bool was_found = false;
-  zx::process result = FindProcess(GetRootJob(), koid, &was_found);
-  if (!result.is_valid())
-    LOG(ERROR) << "process " << koid << " not found";
-  return result;
-}
-
 }  // namespace crashpad

third_party/crashpad/crashpad/util/fuchsia/koid_utilities.h

@@ -71,13 +71,6 @@ std::vector<zx::thread> GetHandlesForThreadKoids(
 zx::thread GetThreadHandleByKoid(const zx::process& parent,
                                  zx_koid_t child_koid);
 
-//! \brief Gets a process handle given the process' koid.
-//!
-//! \param[in] koid The process id.
-//! \return A zx_handle_t (owned by a base::ScopedZxHandle) for the process. If
-//!     the handle is invalid, an error will have been logged.
-zx::process GetProcessFromKoid(zx_koid_t koid);
-
 //! \brief Retrieves the koid for a given object handle.
 //!
 //! \param[in] object The handle for which the koid is to be retrieved.

third_party/crashpad/crashpad/util/process/process_memory.h

@@ -126,6 +126,9 @@ class ProcessMemory {
                                    bool has_size,
                                    VMSize size,
                                    std::string* string) const;
+
+  // Allow ProcessMemorySanitized to call ReadUpTo.
+  friend class ProcessMemorySanitized;
 };
 
 }  // namespace crashpad

third_party/crashpad/crashpad/util/process/process_memory_sanitized.cc

+// Copyright 2019 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "util/process/process_memory_sanitized.h"
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <algorithm>
+#include <limits>
+
+#include "base/logging.h"
+#include "base/posix/eintr_wrapper.h"
+
+namespace crashpad {
+
+ProcessMemorySanitized::ProcessMemorySanitized()
+    : ProcessMemory(), memory_(nullptr), whitelist_() {}
+
+ProcessMemorySanitized::~ProcessMemorySanitized() {}
+
+bool ProcessMemorySanitized::Initialize(
+    const ProcessMemory* memory,
+    const std::vector<std::pair<VMAddress, VMAddress>>* whitelist) {
+  INITIALIZATION_STATE_SET_INITIALIZING(initialized_);
+  memory_ = memory;
+  if (whitelist)
+    whitelist_ = *whitelist;
+  INITIALIZATION_STATE_SET_VALID(initialized_);
+  return true;
+}
+
+ssize_t ProcessMemorySanitized::ReadUpTo(VMAddress address,
+                                         size_t size,
+                                         void* buffer) const {
+  INITIALIZATION_STATE_DCHECK_VALID(initialized_);
+
+  VMAddress end = address + size;
+  for (auto&& entry : whitelist_) {
+    if (address >= entry.first && address < entry.second &&
+        end >= entry.first && end <= entry.second) {
+      return memory_->ReadUpTo(address, size, buffer);
+    }
+  }
+
+  DLOG(ERROR)
+      << "ProcessMemorySanitized failed to read unwhitelisted region. address="
+      << address << " size=" << size;
+  return 0;
+}
+
+}  // namespace crashpad

third_party/crashpad/crashpad/util/process/process_memory_sanitized.h

+// Copyright 2019 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_UTIL_PROCESS_PROCESS_MEMORY_SANITIZED_H_
+#define CRASHPAD_UTIL_PROCESS_PROCESS_MEMORY_SANITIZED_H_
+
+#include <sys/types.h>
+
+#include <utility>
+#include <vector>
+
+#include "base/macros.h"
+#include "util/misc/address_types.h"
+#include "util/misc/initialization_state_dcheck.h"
+#include "util/process/process_memory.h"
+
+namespace crashpad {
+
+//! \brief Sanitized access to the memory of another process.
+class ProcessMemorySanitized final : public ProcessMemory {
+ public:
+  ProcessMemorySanitized();
+  ~ProcessMemorySanitized();
+
+  //! \brief Initializes this object to read memory from the underlying
+  //!     \a memory object if the memory range is in the provided \a whitelist.
+  //!
+  //! This method must be called successfully prior to calling any other method
+  //! in this class.
+  //!
+  //! \param[in] memory The memory object to read whitelisted regions from.
+  //! \param[in] whitelist A whitelist of memory regions.
+  //!
+  //! \return `true` on success, `false` on failure with a message logged.
+  bool Initialize(
+      const ProcessMemory* memory,
+      const std::vector<std::pair<VMAddress, VMAddress>>* whitelist);
+
+ private:
+  ssize_t ReadUpTo(VMAddress address, size_t size, void* buffer) const override;
+
+  const ProcessMemory* memory_;
+  InitializationStateDcheck initialized_;
+  std::vector<std::pair<VMAddress, VMAddress>> whitelist_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProcessMemorySanitized);
+};
+
+}  // namespace crashpad
+
+#endif  // CRASHPAD_UTIL_PROCESS_PROCESS_MEMORY_SANITIZED_H_

third_party/crashpad/crashpad/util/process/process_memory_sanitized_test.cc

+// Copyright 2019 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "util/process/process_memory_sanitized.h"
+
+#include "gtest/gtest.h"
+#include "test/process_type.h"
+#include "util/misc/from_pointer_cast.h"
+#include "util/process/process_memory_native.h"
+
+namespace crashpad {
+namespace test {
+namespace {
+
+TEST(ProcessMemorySanitized, DenyOnEmptyWhitelist) {
+  ProcessMemoryNative memory;
+  ASSERT_TRUE(memory.Initialize(GetSelfProcess()));
+
+  char c = 42;
+  char out;
+
+  ProcessMemorySanitized san_null;
+  san_null.Initialize(&memory, nullptr);
+  EXPECT_FALSE(san_null.Read(FromPointerCast<VMAddress>(&c), 1, &out));
+
+  std::vector<std::pair<VMAddress, VMAddress>> whitelist;
+  ProcessMemorySanitized san_blank;
+  san_blank.Initialize(&memory, &whitelist);
+  EXPECT_FALSE(san_blank.Read(FromPointerCast<VMAddress>(&c), 1, &out));
+}
+
+TEST(ProcessMemorySanitized, WhitelistingWorks) {
+  ProcessMemoryNative memory;
+  ASSERT_TRUE(memory.Initialize(GetSelfProcess()));
+
+  char str[4] = "ABC";
+  char out[4];
+
+  std::vector<std::pair<VMAddress, VMAddress>> whitelist;
+  whitelist.push_back(std::make_pair(FromPointerCast<VMAddress>(str + 1),
+                                     FromPointerCast<VMAddress>(str + 2)));
+
+  ProcessMemorySanitized sanitized;
+  sanitized.Initialize(&memory, &whitelist);
+
+  EXPECT_FALSE(sanitized.Read(FromPointerCast<VMAddress>(str), 1, &out));
+  EXPECT_TRUE(sanitized.Read(FromPointerCast<VMAddress>(str + 1), 1, &out));
+  EXPECT_FALSE(sanitized.Read(FromPointerCast<VMAddress>(str + 2), 1, &out));
+}
+
+}  // namespace
+}  // namespace test
+}  // namespace crashpad

third_party/crashpad/crashpad/util/util.gyp

@@ -395,6 +395,8 @@
         ['OS=="linux" or OS=="android"', {
           'sources': [
             'net/http_transport_socket.cc',
+            'util/process_memory_sanitized.cc',
+            'util/process_memory_sanitized.h',
           ],
         }, {  # else: OS!="linux"
           'sources!': [

third_party/crashpad/crashpad/util/util_test.gyp

@@ -154,6 +154,11 @@
             ['exclude', '^net/http_transport_test\\.cc$'],
           ]
         }],
+        ['OS=="linux" or OS=="android"', {
+          'sources': [
+            'util/process_memory_sanitized_test.cc',
+          ],
+        }],
         ['OS!="linux" and OS!="android"', {
           'sources/': [
             ['exclude', '^process/'],

third_party/crashpad/crashpad/util/win/process_info_test.cc

@@ -38,6 +38,7 @@
 #include "util/win/get_function.h"
 #include "util/win/handle.h"
 #include "util/win/scoped_handle.h"
+#include "util/win/scoped_registry_key.h"
 
 namespace crashpad {
 namespace test {
@@ -528,18 +529,6 @@ TEST(ProcessInfo, ReadableRanges) {
                                  &bytes_read));
 }
 
-struct ScopedRegistryKeyCloseTraits {
-  static HKEY InvalidValue() {
-    return nullptr;
-  }
-  static void Free(HKEY key) {
-    RegCloseKey(key);
-  }
-};
-
-using ScopedRegistryKey =
-    base::ScopedGeneric<HKEY, ScopedRegistryKeyCloseTraits>;
-
 TEST(ProcessInfo, Handles) {
   ScopedTempDir temp_dir;
 

third_party/crashpad/crashpad/util/win/scoped_registry_key.h

+// Copyright 2019 The Crashpad Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef CRASHPAD_UTIL_WIN_SCOPED_REGISTRY_KEY_H_
+#define CRASHPAD_UTIL_WIN_SCOPED_REGISTRY_KEY_H_
+
+#include <windows.h>
+
+#include "base/scoped_generic.h"
+
+namespace crashpad {
+
+struct ScopedRegistryKeyCloseTraits {
+  static HKEY InvalidValue() { return nullptr; }
+  static void Free(HKEY key) { RegCloseKey(key); }
+};
+
+using ScopedRegistryKey =
+    base::ScopedGeneric<HKEY, ScopedRegistryKeyCloseTraits>;
+
+}  // namespace crashpad
+
+#endif  // CRASHPAD_UTIL_WIN_SCOPED_REGISTRY_KEY_H_
\ No newline at end of file