Merge "libsnapshot: Move ImageManager creation to DeviceInfo."
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index eb3738e..5b04111 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -514,6 +514,38 @@
#endif
}
+TEST_P(SizeParamCrasherTest, mte_oob_uaf) {
+#if defined(__aarch64__)
+ if (!mte_supported()) {
+ GTEST_SKIP() << "Requires MTE";
+ }
+
+ int intercept_result;
+ unique_fd output_fd;
+ StartProcess([&]() {
+ SetTagCheckingLevelSync();
+ volatile int* p = (volatile int*)malloc(GetParam());
+ free((void *)p);
+ p[-1] = 42;
+ });
+
+ StartIntercept(&output_fd);
+ FinishCrasher();
+ AssertDeath(SIGSEGV);
+ FinishIntercept(&intercept_result);
+
+ ASSERT_EQ(1, intercept_result) << "tombstoned reported failure";
+
+ std::string result;
+ ConsumeFd(std::move(output_fd), &result);
+
+ ASSERT_MATCH(result, R"(signal 11 \(SIGSEGV\))");
+ ASSERT_NOT_MATCH(result, R"(Cause: \[MTE\]: Use After Free, 4 bytes left)");
+#else
+ GTEST_SKIP() << "Requires aarch64";
+#endif
+}
+
TEST_P(SizeParamCrasherTest, mte_overflow) {
#if defined(__aarch64__)
if (!mte_supported()) {
diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp
index e0cc662..ad903ce 100644
--- a/debuggerd/libdebuggerd/tombstone.cpp
+++ b/debuggerd/libdebuggerd/tombstone.cpp
@@ -106,9 +106,9 @@
unwindstack::MapInfo* map_info = maps->Find(sp);
if (map_info == nullptr) {
return "stack pointer is in a non-existent map; likely due to stack overflow.";
- } else if ((map_info->flags & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE)) {
+ } else if ((map_info->flags() & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE)) {
return "stack pointer is not in a rw map; likely due to stack overflow.";
- } else if ((sp - map_info->start) <= kMaxDifferenceBytes) {
+ } else if ((sp - map_info->start()) <= kMaxDifferenceBytes) {
return "stack pointer is close to top of stack; likely stack overflow.";
}
}
@@ -137,7 +137,7 @@
} else if (si->si_signo == SIGSEGV && si->si_code == SEGV_ACCERR) {
uint64_t fault_addr = reinterpret_cast<uint64_t>(si->si_addr);
unwindstack::MapInfo* map_info = maps->Find(fault_addr);
- if (map_info != nullptr && map_info->flags == PROT_EXEC) {
+ if (map_info != nullptr && map_info->flags() == PROT_EXEC) {
cause = "execute-only (no-read) memory access error; likely due to data in .text.";
} else {
cause = get_stack_overflow_cause(fault_addr, regs->sp(), maps);
@@ -244,7 +244,7 @@
"memory map (%zu entr%s):",
maps->Total(), maps->Total() == 1 ? "y" : "ies");
if (print_fault_address_marker) {
- if (maps->Total() != 0 && addr < maps->Get(0)->start) {
+ if (maps->Total() != 0 && addr < maps->Get(0)->start()) {
_LOG(log, logtype::MAPS, "\n--->Fault address falls at %s before any mapped regions\n",
get_addr_string(addr).c_str());
print_fault_address_marker = false;
@@ -261,37 +261,37 @@
for (auto const& map_info : *maps) {
line = " ";
if (print_fault_address_marker) {
- if (addr < map_info->start) {
+ if (addr < map_info->start()) {
_LOG(log, logtype::MAPS, "--->Fault address falls at %s between mapped regions\n",
get_addr_string(addr).c_str());
print_fault_address_marker = false;
- } else if (addr >= map_info->start && addr < map_info->end) {
+ } else if (addr >= map_info->start() && addr < map_info->end()) {
line = "--->";
print_fault_address_marker = false;
}
}
- line += get_addr_string(map_info->start) + '-' + get_addr_string(map_info->end - 1) + ' ';
- if (map_info->flags & PROT_READ) {
+ line += get_addr_string(map_info->start()) + '-' + get_addr_string(map_info->end() - 1) + ' ';
+ if (map_info->flags() & PROT_READ) {
line += 'r';
} else {
line += '-';
}
- if (map_info->flags & PROT_WRITE) {
+ if (map_info->flags() & PROT_WRITE) {
line += 'w';
} else {
line += '-';
}
- if (map_info->flags & PROT_EXEC) {
+ if (map_info->flags() & PROT_EXEC) {
line += 'x';
} else {
line += '-';
}
- line += StringPrintf(" %8" PRIx64 " %8" PRIx64, map_info->offset,
- map_info->end - map_info->start);
+ line += StringPrintf(" %8" PRIx64 " %8" PRIx64, map_info->offset(),
+ map_info->end() - map_info->start());
bool space_needed = true;
- if (!map_info->name.empty()) {
+ if (!map_info->name().empty()) {
space_needed = false;
- line += " " + map_info->name;
+ line += " " + map_info->name();
std::string build_id = map_info->GetPrintableBuildID();
if (!build_id.empty()) {
line += " (BuildId: " + build_id + ")";
@@ -369,8 +369,8 @@
std::string label{"memory near "s + reg_name};
if (maps) {
unwindstack::MapInfo* map_info = maps->Find(untag_address(reg_value));
- if (map_info != nullptr && !map_info->name.empty()) {
- label += " (" + map_info->name + ")";
+ if (map_info != nullptr && !map_info->name().empty()) {
+ label += " (" + map_info->name() + ")";
}
}
dump_memory(log, memory, reg_value, label);
diff --git a/debuggerd/libdebuggerd/tombstone_proto.cpp b/debuggerd/libdebuggerd/tombstone_proto.cpp
index d4a35b3..abd1f12 100644
--- a/debuggerd/libdebuggerd/tombstone_proto.cpp
+++ b/debuggerd/libdebuggerd/tombstone_proto.cpp
@@ -102,9 +102,9 @@
unwindstack::MapInfo* map_info = maps->Find(sp);
if (map_info == nullptr) {
return "stack pointer is in a non-existent map; likely due to stack overflow.";
- } else if ((map_info->flags & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE)) {
+ } else if ((map_info->flags() & (PROT_READ | PROT_WRITE)) != (PROT_READ | PROT_WRITE)) {
return "stack pointer is not in a rw map; likely due to stack overflow.";
- } else if ((sp - map_info->start) <= kMaxDifferenceBytes) {
+ } else if ((sp - map_info->start()) <= kMaxDifferenceBytes) {
return "stack pointer is close to top of stack; likely stack overflow.";
}
}
@@ -221,7 +221,7 @@
}
} else if (si->si_signo == SIGSEGV && si->si_code == SEGV_ACCERR) {
unwindstack::MapInfo* map_info = maps->Find(fault_addr);
- if (map_info != nullptr && map_info->flags == PROT_EXEC) {
+ if (map_info != nullptr && map_info->flags() == PROT_EXEC) {
cause = "execute-only (no-read) memory access error; likely due to data in .text.";
} else {
cause = get_stack_overflow_cause(fault_addr, main_thread.registers->sp(), maps);
@@ -359,7 +359,7 @@
dump.set_register_name(name);
unwindstack::MapInfo* map_info = maps->Find(untag_address(value));
if (map_info) {
- dump.set_mapping_name(map_info->name);
+ dump.set_mapping_name(map_info->name());
}
char buf[256];
@@ -426,21 +426,21 @@
for (const auto& map_info : *maps) {
auto* map = tombstone->add_memory_mappings();
- map->set_begin_address(map_info->start);
- map->set_end_address(map_info->end);
- map->set_offset(map_info->offset);
+ map->set_begin_address(map_info->start());
+ map->set_end_address(map_info->end());
+ map->set_offset(map_info->offset());
- if (map_info->flags & PROT_READ) {
+ if (map_info->flags() & PROT_READ) {
map->set_read(true);
}
- if (map_info->flags & PROT_WRITE) {
+ if (map_info->flags() & PROT_WRITE) {
map->set_write(true);
}
- if (map_info->flags & PROT_EXEC) {
+ if (map_info->flags() & PROT_EXEC) {
map->set_execute(true);
}
- map->set_mapping_name(map_info->name);
+ map->set_mapping_name(map_info->name());
std::string build_id = map_info->GetPrintableBuildID();
if (!build_id.empty()) {
diff --git a/libutils/String16.cpp b/libutils/String16.cpp
index e3e5f11..faf90c2 100644
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -411,36 +411,4 @@
return OK;
}
-status_t String16::remove(size_t len, size_t begin)
-{
- const size_t N = size();
- if (begin >= N) {
- release();
- mString = getEmptyString();
- return OK;
- }
- if (len > N || len > N - begin) len = N - begin;
- if (begin == 0 && len == N) {
- return OK;
- }
-
- if (begin > 0) {
- SharedBuffer* buf = static_cast<SharedBuffer*>(editResize((N + 1) * sizeof(char16_t)));
- if (!buf) {
- return NO_MEMORY;
- }
- char16_t* str = (char16_t*)buf->data();
- memmove(str, str+begin, (N-begin+1)*sizeof(char16_t));
- mString = str;
- }
- SharedBuffer* buf = static_cast<SharedBuffer*>(editResize((len + 1) * sizeof(char16_t)));
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- str[len] = 0;
- mString = str;
- return OK;
- }
- return NO_MEMORY;
-}
-
}; // namespace android
diff --git a/libutils/String16_fuzz.cpp b/libutils/String16_fuzz.cpp
index defa0f5..d7e5ec7 100644
--- a/libutils/String16_fuzz.cpp
+++ b/libutils/String16_fuzz.cpp
@@ -72,12 +72,6 @@
char16_t replaceChar = dataProvider.ConsumeIntegral<char16_t>();
str1.replaceAll(findChar, replaceChar);
}),
- ([](FuzzedDataProvider& dataProvider, android::String16 str1,
- android::String16) -> void {
- size_t len = dataProvider.ConsumeIntegral<size_t>();
- size_t begin = dataProvider.ConsumeIntegral<size_t>();
- str1.remove(len, begin);
- }),
};
void callFunc(uint8_t index, FuzzedDataProvider& dataProvider, android::String16 str1,
@@ -111,7 +105,5 @@
callFunc(op, dataProvider, str_one_utf16, str_two_utf16);
}
- str_one_utf16.remove(0, str_one_utf16.size());
- str_two_utf16.remove(0, str_two_utf16.size());
return 0;
}
diff --git a/libutils/String16_test.cpp b/libutils/String16_test.cpp
index c2e9b02..54662ac 100644
--- a/libutils/String16_test.cpp
+++ b/libutils/String16_test.cpp
@@ -90,13 +90,6 @@
EXPECT_STR16EQ(u"VerifyInsert me", tmp);
}
-TEST(String16Test, Remove) {
- String16 tmp("Verify me");
- tmp.remove(2, 6);
- EXPECT_EQ(2U, tmp.size());
- EXPECT_STR16EQ(u" m", tmp);
-}
-
TEST(String16Test, ReplaceAll) {
String16 tmp("Verify verify Verify");
tmp.replaceAll(u'r', u'!');
@@ -161,14 +154,6 @@
EXPECT_FALSE(tmp.isStaticString());
}
-TEST(String16Test, StaticStringRemove) {
- StaticString16 tmp(u"Verify me");
- tmp.remove(2, 6);
- EXPECT_EQ(2U, tmp.size());
- EXPECT_STR16EQ(u" m", tmp);
- EXPECT_FALSE(tmp.isStaticString());
-}
-
TEST(String16Test, StaticStringReplaceAll) {
StaticString16 tmp(u"Verify verify Verify");
tmp.replaceAll(u'r', u'!');
diff --git a/libutils/include/utils/String16.h b/libutils/include/utils/String16.h
index 5ce48c6..60d523a 100644
--- a/libutils/include/utils/String16.h
+++ b/libutils/include/utils/String16.h
@@ -88,8 +88,6 @@
status_t replaceAll(char16_t replaceThis,
char16_t withThis);
- status_t remove(size_t len, size_t begin=0);
-
inline int compare(const String16& other) const;
inline bool operator<(const String16& other) const;