I managed to break backtrace(). I so happend that I can’t trace some program crashes like so:
void backtrace_init() {
struct sigaction sigact;
sigact.sa_sigaction = crit_err_hdlr;
sigact.sa_flags = SA_RESTART | SA_SIGINFO;
sigaction(SIGSEGV, &sigact, (struct sigaction *)NULL);
}
void breakMe() {
uint8_t * buffer1 = new uint8_t[1024];
uint8_t * buffer2 = new uint8_t[1024];
memcpy(buffer1, buffer2, -1); // code breaks and crit_err_hdlr() called
}
void main() {
backtrace_init();
breakMe();
}
void crit_err_hdlr(int sig_num, siginfo_t * info, void * ucontext)
{
enum {
ARRAY_SIZE = 10,
};
void * array[ARRAY_SIZE];
size = backtrace(array, ARRAY_SIZE); // code breaks second time
...
}
Second crash looks like because of malloc() call:
"malloc(): invalid size (unsorted)"
and I can’t save my program crash to log file. How can I make backetrace() call secure?
I tried to backtrace() other bugs like write to nullptr and it works with no problems. backtrace() worked fine, I get call stack array and write it to log file. But with memcpy() crash it fail.
You need to sign in to view this answers