diff options
author | Elliott Hughes <enh@google.com> | 2013-02-14 16:21:04 -0800 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2013-02-14 16:21:04 -0800 |
commit | 3b7c584fe90a5ea1d14d3e45c4c117d7ce46d39b (patch) | |
tree | b1eabd79ee0add5f3509ae69a906624641929b8b | |
parent | 4869a68d56aaf3fefd2c1022bdab8571077e063c (diff) | |
parent | 910b7a8b88b29ee16c6014630b450dda56c5d578 (diff) | |
download | system_core-3b7c584fe90a5ea1d14d3e45c4c117d7ce46d39b.zip system_core-3b7c584fe90a5ea1d14d3e45c4c117d7ce46d39b.tar.gz system_core-3b7c584fe90a5ea1d14d3e45c4c117d7ce46d39b.tar.bz2 |
am 910b7a8b: am 17361134: Merge "Add a "smash-stack" option to crasher."
# Via Android Git Automerger (1) and others
* commit '910b7a8b88b29ee16c6014630b450dda56c5d578':
Add a "smash-stack" option to crasher.
-rw-r--r-- | debuggerd/Android.mk | 1 | ||||
-rw-r--r-- | debuggerd/crasher.c | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk index e48b9af..3fca64f 100644 --- a/debuggerd/Android.mk +++ b/debuggerd/Android.mk @@ -37,6 +37,7 @@ LOCAL_SRC_FILES += $(TARGET_ARCH)/crashglue.S LOCAL_MODULE := crasher LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) LOCAL_MODULE_TAGS := optional +LOCAL_CFLAGS += -fstack-protector-all #LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_SHARED_LIBRARIES := libcutils libc include $(BUILD_EXECUTABLE) diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c index 74eaa49..134fe80 100644 --- a/debuggerd/crasher.c +++ b/debuggerd/crasher.c @@ -35,6 +35,18 @@ static void debuggerd_connect() } } +int smash_stack(int i) { + printf("crasher: deliberately corrupting stack...\n"); + // Unless there's a "big enough" buffer on the stack, gcc + // doesn't bother inserting checks. + char buf[8]; + // If we don't write something relatively unpredicatable + // into the buffer and then do something with it, gcc + // optimizes everything away and just returns a constant. + *(int*)(&buf[7]) = (uintptr_t) &buf[0]; + return *(int*)(&buf[0]); +} + void test_call1() { *((int*) 32) = 1; @@ -95,6 +107,7 @@ int do_action(const char* arg) return do_action_on_thread(arg + strlen("thread-")); } + if(!strcmp(arg,"smash-stack")) return smash_stack(42); if(!strcmp(arg,"nostack")) crashnostack(); if(!strcmp(arg,"ctest")) return ctest(); if(!strcmp(arg,"exit")) exit(1); |