[sandbox] Fix non-canonical address detection in sandbox crash filter

The check for non-canonical address access must come before the check for nullptr access as the faultaddr will be 0x0 in the former case. Bug: v8:12878 Change-Id: I6f141d08862879ec9ccb13c081aa6c75a3707530 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875904 Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82994}

[sandbox] Fix non-canonical address detection in sandbox crash filter
The check for non-canonical address access must come before the check for nullptr access as the faultaddr will be 0x0 in the former case. Bug: v8:12878 Change-Id: I6f141d08862879ec9ccb13c081aa6c75a3707530 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875904 Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#82994}
003f5608 · Samuel Groß · V8 LUCI CQ · 0472d5a5 · 003f5608
Commit 003f5608 authored Sep 06, 2022 by Samuel Groß Committed by V8 LUCI CQ Sep 06, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 10 deletions

testing.cc src/sandbox/testing.cc +11 -10

No files found.
--- a/src/sandbox/testing.cc
+++ b/src/sandbox/testing.cc
@@ -236,16 +236,6 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
    _exit(0);
  }

-  if (faultaddr < 0x1000) {
-    // Nullptr dereferences are harmless as nothing can be mapped there. We use
-    // the typical page size (which is also the default value of mmap_min_addr
-    // on Linux) to determine what counts as a nullptr dereference here.
-    PrintToStderr(
-        "Caught harmless memory access violaton (nullptr dereference). Exiting "
-        "process...\n");
-    _exit(0);
-  }
-
  if (info->si_code == SI_KERNEL && faultaddr == 0) {
    // This combination appears to indicate a crash at a non-canonical address
    // on Linux. Crashes at non-canonical addresses are for example caused by
@@ -259,6 +249,17 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
    _exit(0);
  }

+  if (faultaddr < 0x1000) {
+    printf("Faultaddr: 0x%lx\n", faultaddr);
+    // Nullptr dereferences are harmless as nothing can be mapped there. We use
+    // the typical page size (which is also the default value of mmap_min_addr
+    // on Linux) to determine what counts as a nullptr dereference here.
+    PrintToStderr(
+        "Caught harmless memory access violaton (nullptr dereference). Exiting "
+        "process...\n");
+    _exit(0);
+  }
+
  if (info->si_code == SEGV_ACCERR) {
    // This indicates an access to a (valid) mapping but with insufficient
    // permissions (e.g. accessing a region mapped with PROT_NONE). Some