am 910b7a8b: am 17361134: Merge "Add a "smash-stack" option to crasher."
# Via Android Git Automerger (1) and others
* commit '910b7a8b88b29ee16c6014630b450dda56c5d578':
Add a "smash-stack" option to crasher.
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index e48b9af..3fca64f 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -37,6 +37,7 @@
LOCAL_MODULE := crasher
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS += -fstack-protector-all
#LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_SHARED_LIBRARIES := libcutils libc
include $(BUILD_EXECUTABLE)
diff --git a/debuggerd/crasher.c b/debuggerd/crasher.c
index 74eaa49..134fe80 100644
--- a/debuggerd/crasher.c
+++ b/debuggerd/crasher.c
@@ -35,6 +35,18 @@
}
}
+int smash_stack(int i) {
+ printf("crasher: deliberately corrupting stack...\n");
+ // Unless there's a "big enough" buffer on the stack, gcc
+ // doesn't bother inserting checks.
+ char buf[8];
+ // If we don't write something relatively unpredicatable
+ // into the buffer and then do something with it, gcc
+ // optimizes everything away and just returns a constant.
+ *(int*)(&buf[7]) = (uintptr_t) &buf[0];
+ return *(int*)(&buf[0]);
+}
+
void test_call1()
{
*((int*) 32) = 1;
@@ -95,6 +107,7 @@
return do_action_on_thread(arg + strlen("thread-"));
}
+ if(!strcmp(arg,"smash-stack")) return smash_stack(42);
if(!strcmp(arg,"nostack")) crashnostack();
if(!strcmp(arg,"ctest")) return ctest();
if(!strcmp(arg,"exit")) exit(1);