Skip to content

Commit 3fa9637

Browse files
jmgaojmgao
committed
crasher: add close(fileno(FILE*)) and close(dirfd(DIR*)).
Add some cases to trigger fdsan aborts. Test: crasher fdsan_file; crasher fdsan_dir Change-Id: I48152d333dc25900f1c8d8e0f2e8728154643508
1 parent c954ec0 commit 3fa9637

File tree

1 file changed

+40
-32
lines changed

1 file changed

+40
-32
lines changed

debuggerd/crasher/crasher.cpp

Lines changed: 40 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,8 @@ static int usage() {
183183
fprintf(stderr, " exit call exit(1)\n");
184184
fprintf(stderr, "\n");
185185
fprintf(stderr, " fortify fail a _FORTIFY_SOURCE check\n");
186+
fprintf(stderr, " fdsan_file close a file descriptor that's owned by a FILE*\n");
187+
fprintf(stderr, " fdsan_dir close a file descriptor that's owned by a DIR*\n");
186188
fprintf(stderr, " seccomp fail a seccomp check\n");
187189
#if defined(__arm__)
188190
fprintf(stderr, " kuser_helper_version call kuser_helper_version\n");
@@ -236,39 +238,45 @@ noinline int do_action(const char* arg) {
236238

237239
// Actions.
238240
if (!strcasecmp(arg, "SIGSEGV-non-null")) {
239-
sigsegv_non_null();
241+
sigsegv_non_null();
240242
} else if (!strcasecmp(arg, "smash-stack")) {
241-
volatile int len = 128;
242-
return smash_stack(&len);
243+
volatile int len = 128;
244+
return smash_stack(&len);
243245
} else if (!strcasecmp(arg, "stack-overflow")) {
244-
overflow_stack(nullptr);
246+
overflow_stack(nullptr);
245247
} else if (!strcasecmp(arg, "nostack")) {
246-
crashnostack();
248+
crashnostack();
247249
} else if (!strcasecmp(arg, "exit")) {
248-
exit(1);
250+
exit(1);
249251
} else if (!strcasecmp(arg, "call-null")) {
250252
return crash_null();
251253
} else if (!strcasecmp(arg, "crash") || !strcmp(arg, "SIGSEGV")) {
252-
return crash(42);
254+
return crash(42);
253255
} else if (!strcasecmp(arg, "abort")) {
254-
maybe_abort();
256+
maybe_abort();
255257
} else if (!strcasecmp(arg, "assert")) {
256-
__assert("some_file.c", 123, "false");
258+
__assert("some_file.c", 123, "false");
257259
} else if (!strcasecmp(arg, "assert2")) {
258-
__assert2("some_file.c", 123, "some_function", "false");
260+
__assert2("some_file.c", 123, "some_function", "false");
259261
} else if (!strcasecmp(arg, "fortify")) {
260-
char buf[10];
261-
__read_chk(-1, buf, 32, 10);
262-
while (true) pause();
262+
char buf[10];
263+
__read_chk(-1, buf, 32, 10);
264+
while (true) pause();
265+
} else if (!strcasecmp(arg, "fdsan_file")) {
266+
FILE* f = fopen("/dev/null", "r");
267+
close(fileno(f));
268+
} else if (!strcasecmp(arg, "fdsan_dir")) {
269+
DIR* d = opendir("/dev/");
270+
close(dirfd(d));
263271
} else if (!strcasecmp(arg, "LOG(FATAL)")) {
264-
LOG(FATAL) << "hello " << 123;
272+
LOG(FATAL) << "hello " << 123;
265273
} else if (!strcasecmp(arg, "LOG_ALWAYS_FATAL")) {
266-
LOG_ALWAYS_FATAL("hello %s", "world");
274+
LOG_ALWAYS_FATAL("hello %s", "world");
267275
} else if (!strcasecmp(arg, "LOG_ALWAYS_FATAL_IF")) {
268-
LOG_ALWAYS_FATAL_IF(true, "hello %s", "world");
276+
LOG_ALWAYS_FATAL_IF(true, "hello %s", "world");
269277
} else if (!strcasecmp(arg, "SIGFPE")) {
270-
raise(SIGFPE);
271-
return EXIT_SUCCESS;
278+
raise(SIGFPE);
279+
return EXIT_SUCCESS;
272280
} else if (!strcasecmp(arg, "SIGILL")) {
273281
#if defined(__aarch64__)
274282
__asm__ volatile(".word 0\n");
@@ -280,28 +288,28 @@ noinline int do_action(const char* arg) {
280288
#error
281289
#endif
282290
} else if (!strcasecmp(arg, "SIGTRAP")) {
283-
raise(SIGTRAP);
284-
return EXIT_SUCCESS;
291+
raise(SIGTRAP);
292+
return EXIT_SUCCESS;
285293
} else if (!strcasecmp(arg, "fprintf-NULL")) {
286-
fprintf_null();
294+
fprintf_null();
287295
} else if (!strcasecmp(arg, "readdir-NULL")) {
288-
readdir_null();
296+
readdir_null();
289297
} else if (!strcasecmp(arg, "strlen-NULL")) {
290-
return strlen_null();
298+
return strlen_null();
291299
} else if (!strcasecmp(arg, "pthread_join-NULL")) {
292-
return pthread_join(0, nullptr);
300+
return pthread_join(0, nullptr);
293301
} else if (!strcasecmp(arg, "heap-usage")) {
294-
abuse_heap();
302+
abuse_heap();
295303
} else if (!strcasecmp(arg, "leak")) {
296-
leak();
304+
leak();
297305
} else if (!strcasecmp(arg, "SIGSEGV-unmapped")) {
298-
char* map = reinterpret_cast<char*>(mmap(nullptr, sizeof(int), PROT_READ | PROT_WRITE,
299-
MAP_SHARED | MAP_ANONYMOUS, -1, 0));
300-
munmap(map, sizeof(int));
301-
map[0] = '8';
306+
char* map = reinterpret_cast<char*>(
307+
mmap(nullptr, sizeof(int), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0));
308+
munmap(map, sizeof(int));
309+
map[0] = '8';
302310
} else if (!strcasecmp(arg, "seccomp")) {
303-
set_system_seccomp_filter();
304-
syscall(99999);
311+
set_system_seccomp_filter();
312+
syscall(99999);
305313
#if defined(__arm__)
306314
} else if (!strcasecmp(arg, "kuser_helper_version")) {
307315
return __kuser_helper_version;

0 commit comments

Comments
 (0)