Debuggerd now outputs the offset of libc.so on the device as a separate item.
Change-Id: I350c9ddb496a76d1ee897ae84893bf0e86abd45c
This commit is contained in:
parent
fa5a26885c
commit
c031a3b006
|
@ -40,6 +40,7 @@
|
|||
|
||||
#include <private/android_filesystem_config.h>
|
||||
|
||||
#include <byteswap.h>
|
||||
#include "utility.h"
|
||||
|
||||
#ifdef WITH_VFP
|
||||
|
@ -354,6 +355,73 @@ void dump_crash_banner(int tfd, unsigned pid, unsigned tid, int sig)
|
|||
if(sig) dump_fault_addr(tfd, tid, sig);
|
||||
}
|
||||
|
||||
/* After randomization (ASLR), stack contents that point to randomized
|
||||
* code become uninterpretable (e.g. can't be resolved to line numbers).
|
||||
* Here, we bundle enough information so that stack analysis on the
|
||||
* server side can still be performed. This means we are leaking some
|
||||
* information about the device (its randomization base). We have to make
|
||||
* sure an attacker has no way of intercepting the tombstone.
|
||||
*/
|
||||
|
||||
typedef struct {
|
||||
int32_t mmap_addr;
|
||||
char tag[4]; /* 'P', 'R', 'E', ' ' */
|
||||
} prelink_info_t __attribute__((packed));
|
||||
|
||||
static inline void set_prelink(long *prelink_addr,
|
||||
prelink_info_t *info)
|
||||
{
|
||||
// We will assume the binary is little-endian, and test the
|
||||
// host endianness here.
|
||||
unsigned long test_endianness = 0xFF;
|
||||
|
||||
if (sizeof(prelink_info_t) == 8 && prelink_addr) {
|
||||
if (*(unsigned char *)&test_endianness)
|
||||
*prelink_addr = info->mmap_addr;
|
||||
else
|
||||
*prelink_addr = bswap_32(info->mmap_addr);
|
||||
}
|
||||
}
|
||||
|
||||
static int check_prelinked(const char *fname,
|
||||
long *prelink_addr)
|
||||
{
|
||||
*prelink_addr = 0;
|
||||
if (sizeof(prelink_info_t) != 8) return 0;
|
||||
|
||||
int fd = open(fname, O_RDONLY);
|
||||
if (fd < 0) return 0;
|
||||
off_t end = lseek(fd, 0, SEEK_END);
|
||||
int nr = sizeof(prelink_info_t);
|
||||
|
||||
off_t sz = lseek(fd, -nr, SEEK_CUR);
|
||||
if ((long)(end - sz) != (long)nr) return 0;
|
||||
if (sz == (off_t)-1) return 0;
|
||||
|
||||
prelink_info_t info;
|
||||
int num_read = read(fd, &info, nr);
|
||||
if (num_read < 0) return 0;
|
||||
if (num_read != sizeof(info)) return 0;
|
||||
|
||||
int prelinked = 0;
|
||||
if (!strncmp(info.tag, "PRE ", 4)) {
|
||||
set_prelink(prelink_addr, &info);
|
||||
prelinked = 1;
|
||||
}
|
||||
if (close(fd) < 0) return 0;
|
||||
return prelinked;
|
||||
}
|
||||
|
||||
void dump_randomization_base(int tfd, bool at_fault) {
|
||||
bool only_in_tombstone = !at_fault;
|
||||
long prelink_addr;
|
||||
check_prelinked("/system/lib/libc.so", &prelink_addr);
|
||||
_LOG(tfd, only_in_tombstone,
|
||||
"\nlibc base address: %08x\n", prelink_addr);
|
||||
}
|
||||
|
||||
/* End of ASLR-related logic. */
|
||||
|
||||
static void parse_elf_info(mapinfo *milist, pid_t pid)
|
||||
{
|
||||
mapinfo *mi;
|
||||
|
@ -439,6 +507,7 @@ void dump_crash_report(int tfd, unsigned pid, unsigned tid, bool at_fault)
|
|||
dump_pc_and_lr(tfd, tid, milist, stack_depth, at_fault);
|
||||
}
|
||||
|
||||
dump_randomization_base(tfd, at_fault);
|
||||
dump_stack_and_code(tfd, tid, milist, stack_depth, sp_list, at_fault);
|
||||
|
||||
while(milist) {
|
||||
|
|
Loading…
Reference in New Issue