Closed Bug 1741760 Opened 6 months ago Closed 6 months ago

breakpad-client writes random garbage into invalid code_ids

Categories

(Toolkit :: Crash Reporting, defect)

All
Linux
defect

Tracking

()

RESOLVED FIXED
96 Branch
Tracking Status
firefox96 --- fixed

People

(Reporter: Gankra, Assigned: gsvelto)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

See https://github.com/luser/rust-minidump/issues/283#issuecomment-965625837 for details.

According to Ted's description, this reads uninitialized memory from breakpad-client's stack, so, not great! But not really a security concern in this context. Just annoying/sloppy.

Presumably not an issue with the rust-based rewrites.

(Ted describes the issue for Linux, but every module on macos gets similarly "weird" code_ids. Not sure if it's the same root cause or if macos is just trying to provide some other piece of information that breakpad doesn't understand. All I know is that both platforms get the "haunted" code_ids described in the issue.)

Assignee: nobody → gsvelto
Status: NEW → ASSIGNED

Note: this should only affect main process crashes ATM but given the fix is simple let's do it here before we move crash generation entirely OOP.

I'm being extra-defensive here: we're not resizing the vector that is supposed
to hold the UUID until we're sure we can fill it and we're also explicitly
clearing it in case LinuxDumper::ElfFileIdentifierForMapping() returns
false. This should cover all possible cases.

Pushed by gsvelto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ab49951226fa
Don't write garbage code IDs for modules that aren't ELF files r=Gankra
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
OS: All → Linux
Blocks: 1743091
You need to log in before you can comment on or make changes to this bug.