Skip to content

GitLab

T
tangled
Commit d9283ebf authored by Matthew Denton's avatar Matthew Denton Committed by Commit Bot
Browse files
Options

Fix browser OOB read in breakpad 

Fix breakpad crash key deserialization if the crashing process sends
strings without the null terminator.

Bug: 984778
Change-Id: Ib77e584467c54413caaaef80ee8ef6e91a6b176e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1935168Reviewed-by: default avatarRobert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#719347}
parent a1db8da9
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 1 deletion
components/crash/content/app/breakpad_linux.cc
View file @ d9283ebf
......@@ -1867,7 +1867,16 @@ void HandleCrashDump(const BreakpadInfo& info) {
while ((entry = crash_key_iterator.Next())) {
if (g_use_crash_key_white_list && !IsInWhiteList(entry->key))
continue;
writer.AddPairString(entry->key, entry->value);
size_t key_size, value_size;
// Check for malformed messages.
key_size = entry->key[CrashKeyStorage::key_size - 1] != '\0'
? CrashKeyStorage::key_size - 1
: my_strlen(entry->key);
value_size = entry->value[CrashKeyStorage::value_size - 1] != '\0'
? CrashKeyStorage::value_size - 1
: my_strlen(entry->value);
writer.AddPairData(entry->key, key_size, entry->value, value_size);
writer.AddBoundary();
writer.Flush();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment