diff options
Diffstat (limited to 'debuggerd/crasher.c')
| -rw-r--r-- | debuggerd/crasher.c | 127 |
1 files changed, 74 insertions, 53 deletions
diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c index 5ecb1a5..9df3c64 100644 --- a/debuggerd/crasher.c +++ b/debuggerd/crasher.c @@ -1,21 +1,24 @@ - -//#include <cutils/misc.h> - -#include <unistd.h> +#include <assert.h> +#include <errno.h> +#include <pthread.h> +#include <sched.h> +#include <signal.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sched.h> -#include <errno.h> - -#include <signal.h> +#include <sys/cdefs.h> +#include <sys/mman.h> #include <sys/ptrace.h> -#include <sys/wait.h> #include <sys/socket.h> - -#include <pthread.h> +#include <sys/wait.h> +#include <unistd.h> #include <cutils/sockets.h> +#include <log/log.h> + +#ifndef __unused +#define __unused __attribute__((__unused__)) +#endif extern const char* __progname; @@ -23,26 +26,13 @@ void crash1(void); void crashnostack(void); static int do_action(const char* arg); -static void debuggerd_connect() -{ - char tmp[1]; - int s; - sprintf(tmp, "%d", gettid()); - s = socket_local_client("android:debuggerd", - ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); - if(s >= 0) { - read(s, tmp, 1); - close(s); - } -} - -static void maybeabort() { - if(time(0) != 42) { +static void maybe_abort() { + if (time(0) != 42) { abort(); } } -static int smash_stack(int i) { +static int smash_stack(int i __unused) { printf("crasher: deliberately corrupting stack...\n"); // Unless there's a "big enough" buffer on the stack, gcc // doesn't bother inserting checks. @@ -63,20 +53,15 @@ __attribute__((noinline)) static void overflow_stack(void* p) { overflow_stack(&buf); } -static void test_call1() -{ - *((int*) 32) = 1; -} - static void *noisy(void *x) { - char c = (unsigned) x; + char c = (uintptr_t) x; for(;;) { usleep(250*1000); write(2, &c, 1); if(c == 'C') *((unsigned*) 0) = 42; } - return 0; + return NULL; } static int ctest() @@ -94,7 +79,7 @@ static int ctest() static void* thread_callback(void* raw_arg) { - return (void*) do_action((const char*) raw_arg); + return (void*) (uintptr_t) do_action((const char*) raw_arg); } static int do_action_on_thread(const char* arg) @@ -103,7 +88,7 @@ static int do_action_on_thread(const char* arg) pthread_create(&t, NULL, thread_callback, (void*) arg); void* result = NULL; pthread_join(t, &result); - return (int) result; + return (int) (uintptr_t) result; } __attribute__((noinline)) static int crash3(int a) { @@ -126,41 +111,77 @@ static void abuse_heap() { free((void*) buf); // GCC is smart enough to warn about this, but we're doing it deliberately. } +static void sigsegv_non_null() { + int* a = (int *)(&do_action); + *a = 42; +} + static int do_action(const char* arg) { fprintf(stderr,"crasher: init pid=%d tid=%d\n", getpid(), gettid()); if (!strncmp(arg, "thread-", strlen("thread-"))) { return do_action_on_thread(arg + strlen("thread-")); - } else if (!strcmp(arg,"smash-stack")) { + } else if (!strcmp(arg, "SIGSEGV-non-null")) { + sigsegv_non_null(); + } else if (!strcmp(arg, "smash-stack")) { return smash_stack(42); - } else if (!strcmp(arg,"stack-overflow")) { + } else if (!strcmp(arg, "stack-overflow")) { overflow_stack(NULL); - } else if (!strcmp(arg,"nostack")) { + } else if (!strcmp(arg, "nostack")) { crashnostack(); - } else if (!strcmp(arg,"ctest")) { + } else if (!strcmp(arg, "ctest")) { return ctest(); - } else if (!strcmp(arg,"exit")) { + } else if (!strcmp(arg, "exit")) { exit(1); - } else if (!strcmp(arg,"crash")) { + } else if (!strcmp(arg, "crash") || !strcmp(arg, "SIGSEGV")) { return crash(42); - } else if (!strcmp(arg,"abort")) { - maybeabort(); + } else if (!strcmp(arg, "abort")) { + maybe_abort(); + } else if (!strcmp(arg, "assert")) { + __assert("some_file.c", 123, "false"); + } else if (!strcmp(arg, "assert2")) { + __assert2("some_file.c", 123, "some_function", "false"); + } else if (!strcmp(arg, "LOG_ALWAYS_FATAL")) { + LOG_ALWAYS_FATAL("hello %s", "world"); + } else if (!strcmp(arg, "LOG_ALWAYS_FATAL_IF")) { + LOG_ALWAYS_FATAL_IF(true, "hello %s", "world"); + } else if (!strcmp(arg, "SIGPIPE")) { + int pipe_fds[2]; + pipe(pipe_fds); + close(pipe_fds[0]); + write(pipe_fds[1], "oops", 4); + return EXIT_SUCCESS; + } else if (!strcmp(arg, "SIGTRAP")) { + raise(SIGTRAP); + return EXIT_SUCCESS; } else if (!strcmp(arg, "heap-usage")) { abuse_heap(); + } else if (!strcmp(arg, "SIGSEGV-unmapped")) { + char* map = mmap(NULL, sizeof(int), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); + munmap(map, sizeof(int)); + map[0] = '8'; } fprintf(stderr, "%s OP\n", __progname); fprintf(stderr, "where OP is:\n"); - fprintf(stderr, " smash-stack overwrite a stack-guard canary\n"); - fprintf(stderr, " stack-overflow recurse until the stack overflows\n"); - fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n"); - fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n"); - fprintf(stderr, " nostack crash with a NULL stack pointer\n"); - fprintf(stderr, " ctest (obsoleted by thread-crash?)\n"); - fprintf(stderr, " exit call exit(1)\n"); - fprintf(stderr, " crash cause a SIGSEGV\n"); - fprintf(stderr, " abort call abort()\n"); + fprintf(stderr, " smash-stack overwrite a stack-guard canary\n"); + fprintf(stderr, " stack-overflow recurse until the stack overflows\n"); + fprintf(stderr, " heap-corruption cause a libc abort by corrupting the heap\n"); + fprintf(stderr, " heap-usage cause a libc abort by abusing a heap function\n"); + fprintf(stderr, " nostack crash with a NULL stack pointer\n"); + fprintf(stderr, " ctest (obsoleted by thread-crash?)\n"); + fprintf(stderr, " exit call exit(1)\n"); + fprintf(stderr, " abort call abort()\n"); + fprintf(stderr, " assert call assert() without a function\n"); + fprintf(stderr, " assert2 call assert() with a function\n"); + fprintf(stderr, " LOG_ALWAYS_FATAL call LOG_ALWAYS_FATAL\n"); + fprintf(stderr, " LOG_ALWAYS_FATAL_IF call LOG_ALWAYS_FATAL\n"); + fprintf(stderr, " SIGPIPE cause a SIGPIPE\n"); + fprintf(stderr, " SIGSEGV cause a SIGSEGV at address 0x0 (synonym: crash)\n"); + fprintf(stderr, " SIGSEGV-non-null cause a SIGSEGV at a non-zero address\n"); + fprintf(stderr, " SIGSEGV-unmapped mmap/munmap a region of memory and then attempt to access it\n"); + fprintf(stderr, " SIGTRAP cause a SIGTRAP\n"); fprintf(stderr, "prefix any of the above with 'thread-' to not run\n"); fprintf(stderr, "on the process' main thread.\n"); return EXIT_SUCCESS; |