From 3d687a1e3e31773d7e72a327f65d94b9bc788bc2 Mon Sep 17 00:00:00 2001
From: Magnus Jedvert <magjed@webrtc.org>
Date: Wed, 15 Apr 2020 15:16:19 +0200
Subject: [PATCH] Add null checks in stacktrace.cc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We have seen crashes originating from derefencing nullptrs in this code,
for unknown reasons. This CL adds null checks to protect against this.
The stacktraces will be missing or truncated when this happens.


Bug: b/147338449
Change-Id: Ieb006f0f8dec4f9621e4df2e2c1a9641f086df86
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/173593
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Commit-Queue: Magnus Jedvert <magjed@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#31079}
---
 sdk/android/native_api/stacktrace/stacktrace.cc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/sdk/android/native_api/stacktrace/stacktrace.cc b/sdk/android/native_api/stacktrace/stacktrace.cc
index df1ee6435a..6350acaacf 100644
--- a/sdk/android/native_api/stacktrace/stacktrace.cc
+++ b/sdk/android/native_api/stacktrace/stacktrace.cc
@@ -105,6 +105,10 @@ _Unwind_Reason_Code UnwindBacktrace(struct _Unwind_Context* unwind_context,
   SignalHandlerOutputState* const output_state =
       static_cast<SignalHandlerOutputState*>(unwind_output_state);
 
+  // Abort if output state is corrupt.
+  if (output_state == nullptr)
+    return _URC_END_OF_STACK;
+
   // Avoid overflowing the stack trace array.
   if (output_state->stack_size_counter >= kMaxStackSize)
     return _URC_END_OF_STACK;
@@ -121,8 +125,13 @@ _Unwind_Reason_Code UnwindBacktrace(struct _Unwind_Context* unwind_context,
 
 // This signal handler is exectued on the interrupted thread.
 void SignalHandler(int signum, siginfo_t* info, void* ptr) {
-  _Unwind_Backtrace(&UnwindBacktrace, g_signal_handler_output_state);
-  g_signal_handler_output_state->signal_handler_finish_event.Signal();
+  // This should have been set by the thread requesting the stack trace.
+  SignalHandlerOutputState* signal_handler_output_state =
+      g_signal_handler_output_state;
+  if (signal_handler_output_state != nullptr) {
+    _Unwind_Backtrace(&UnwindBacktrace, signal_handler_output_state);
+    signal_handler_output_state->signal_handler_finish_event.Signal();
+  }
 }
 
 // Temporarily change the signal handler to a function that records a raw stack