am 17361134: Merge "Add a "smash-stack" option to crasher."

# Via Elliott Hughes (1) and Gerrit Code Review (1) * commit '17361134180b178531979897f9c9867346a57f10': Add a "smash-stack" option to crasher.
2013-02-14 16:16:26 -08:00 · 2013-02-14 16:16:26 -08:00 · 910b7a8b88
commit 910b7a8b88
parent 1b69da3ef0 1736113418
2 changed files with 14 additions and 0 deletions
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@ -37,6 +37,7 @@ LOCAL_SRC_FILES += $(TARGET_ARCH)/crashglue.S
 LOCAL_MODULE := crasher
 LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
 LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS += -fstack-protector-all
 #LOCAL_FORCE_STATIC_EXECUTABLE := true
 LOCAL_SHARED_LIBRARIES := libcutils libc
 include $(BUILD_EXECUTABLE)
--- a/debuggerd/crasher.c
+++ b/debuggerd/crasher.c
@ -35,6 +35,18 @@ static void debuggerd_connect()
    }
 }

+int smash_stack(int i) {
+    printf("crasher: deliberately corrupting stack...\n");
+    // Unless there's a "big enough" buffer on the stack, gcc
+    // doesn't bother inserting checks.
+    char buf[8];
+    // If we don't write something relatively unpredicatable
+    // into the buffer and then do something with it, gcc
+    // optimizes everything away and just returns a constant.
+    *(int*)(&buf[7]) = (uintptr_t) &buf[0];
+    return *(int*)(&buf[0]);
+}
+
 void test_call1()
 {
    *((int*) 32) = 1;
@ -95,6 +107,7 @@ int do_action(const char* arg)
        return do_action_on_thread(arg + strlen("thread-"));
    }

+    if(!strcmp(arg,"smash-stack")) return smash_stack(42);
    if(!strcmp(arg,"nostack")) crashnostack();
    if(!strcmp(arg,"ctest")) return ctest();
    if(!strcmp(arg,"exit")) exit(1);