[sandbox] Treat nullptr dereferences as harmless in sandbox crash filter

Bug: v8:12878 Change-Id: I79ca182fcf59f520cdf8f25dd0daac9ced07881a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707283 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81222}

[sandbox] Treat nullptr dereferences as harmless in sandbox crash filter
Bug: v8:12878 Change-Id: I79ca182fcf59f520cdf8f25dd0daac9ced07881a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707283 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81222}
d500b7b8 · Samuel Groß · V8 LUCI CQ · 5f914d92 · d500b7b8
Commit d500b7b8 authored Jun 17, 2022 by Samuel Groß Committed by V8 LUCI CQ Jun 17, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

testing.cc src/sandbox/testing.cc +10 -0

No files found.
--- a/src/sandbox/testing.cc
+++ b/src/sandbox/testing.cc
@@ -236,6 +236,16 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
    _exit(0);
  }

+  if (faultaddr < 0x1000) {
+    // Nullptr dereferences are harmless as nothing can be mapped there. We use
+    // the typical page size (which is also the default value of mmap_min_addr
+    // on Linux) to determine what counts as a nullptr dereference here.
+    PrintToStderr(
+        "Caught harmless memory access violaton (nullptr dereference). Exiting "
+        "process...\n");
+    _exit(0);
+  }
+
  if (info->si_code == SI_KERNEL && faultaddr == 0) {
    // This combination appears to indicate a crash at a non-canonical address
    // on Linux. Crashes at non-canonical addresses are for example caused by