breakpad-client writes random garbage into invalid code_ids
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox96 | --- | fixed |
People
(Reporter: Gankra, Assigned: gsvelto)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
See https://github.com/luser/rust-minidump/issues/283#issuecomment-965625837 for details.
According to Ted's description, this reads uninitialized memory from breakpad-client's stack, so, not great! But not really a security concern in this context. Just annoying/sloppy.
Presumably not an issue with the rust-based rewrites.
(Ted describes the issue for Linux, but every module on macos gets similarly "weird" code_ids. Not sure if it's the same root cause or if macos is just trying to provide some other piece of information that breakpad doesn't understand. All I know is that both platforms get the "haunted" code_ids described in the issue.)
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Note: this should only affect main process crashes ATM but given the fix is simple let's do it here before we move crash generation entirely OOP.
Assignee | ||
Comment 2•3 years ago
|
||
I'm being extra-defensive here: we're not resizing the vector that is supposed
to hold the UUID until we're sure we can fill it and we're also explicitly
clearing it in case LinuxDumper::ElfFileIdentifierForMapping()
returns
false. This should cover all possible cases.
Comment 4•3 years ago
|
||
bugherder |
Assignee | ||
Updated•3 years ago
|
Description
•