Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

fix: potential crash in crashReporter.getUploadedReports #20428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 8, 2019
Merged

fix: potential crash in crashReporter.getUploadedReports #20428

merged 1 commit into from
Oct 8, 2019

Conversation

nornagon
Copy link
Contributor

@nornagon nornagon commented Oct 4, 2019
edited
Loading

Description of Change

This fixes a buffer overflow that could occur when calling crashReporter.getUploadedReports in certain situations. std::sort requires that its comparator meet the Compare requirements, one of which is that:

For all a, comp(a,a)==false

I found this crash by running the crashReporter tests with ASan. Report:

==67882==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100055b2c0 at pc 0x00010de7a807 bp 0x7ffeebfa4310 sp 0x7ffeebfa4308
READ of size 4 at 0x61100055b2c0 thread T0
    #0 0x10de7a806 in void std::__1::__sort<crash_reporter::CrashReporterCrashpad::GetUploadedReports(base::FilePath const&)::$_0&, std::__1::pair<int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >*>(std::__1::pair<int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >*, std::__1::pair<int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >*, crash_reporter::CrashReporterCrashpad::GetUploadedReports(base::FilePath const&)::$_0&) crash_reporter_crashpad.cc:112
    #1 0x10de76a8f in crash_reporter::CrashReporterCrashpad::GetUploadedReports(base::FilePath const&) crash_reporter_crashpad.cc:114
[...]

I think the violation of the Compare rules was causing std::sort to access memory beyond the end of the array in certain situations.

Checklist

Release Notes

Notes: Fixed a crash that could occur when calling crashReporter.getUploadedReports.

@electron-cation electron-cation bot added new-pr 🌱 PR opened recently and removed new-pr 🌱 PR opened recently labels Oct 4, 2019
@nornagon nornagon changed the title fix: fix crash in crashReporter.getUploadedReports fix: potential crash in crashReporter.getUploadedReports Oct 6, 2019
@nornagon nornagon merged commit ebd55c1 into master Oct 8, 2019
@release-clerk
Copy link

release-clerk bot commented Oct 8, 2019

Release Notes Persisted

Fixed a crash that could occur when calling crashReporter.getUploadedReports.

@nornagon nornagon deleted the fix-crash-reporter-crash branch October 8, 2019 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

@miniak miniak miniak approved these changes

@codebytere codebytere codebytere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nornagon @jkleinsc @miniak @codebytere
Morty Proxy This is a proxified and sanitized view of the page, visit original site.