{static_,}range_map: fix overflows under ubsan

Explicitly call out where overflows are expected, and add appropriate checking for them. BUG=b:235999011 TEST=Unittests on CrOS and Linux Change-Id: I999a6996183c2f4afc16a1c0188dee3bd64d7f09 Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3759630 Reviewed-by: Mike Frysinger <vapier@chromium.org>
2026-01-06 06:28:15 +01:00 · 2022-07-12 21:35:52 -07:00 · 2022-07-12 21:35:52 -07:00 · 335e61656f
commit 335e61656f
parent eb087c3383
8 changed files with 242 additions and 15 deletions
--- a/src/processor/range_map-inl.h
+++ b/src/processor/range_map-inl.h
@ -39,6 +39,7 @@

 #include <assert.h>

+#include "common/safe_math.h"
 #include "processor/range_map.h"
 #include "processor/linked_ptr.h"
 #include "processor/logging.h"
@ -57,10 +58,15 @@ template<typename AddressType, typename EntryType>
 bool RangeMap<AddressType, EntryType>::StoreRangeInternal(
    const AddressType& base, const AddressType& delta,
    const AddressType& size, const EntryType& entry) {
-  AddressType high = base + (size - 1);
-
+  AddressType high;
+  bool high_ok = false;
+  if (size > 0) {
+    std::pair<AddressType, bool> result = AddWithOverflowCheck(base, size - 1);
+    high = result.first;
+    high_ok = !result.second;
+  }
  // Check for undersize or overflow.
-  if (size <= 0 || high < base) {
+  if (!high_ok) {
    // The processor will hit this case too frequently with common symbol
    // files in the size == 0 case, which is more suited to a DEBUG channel.
    // Filter those out since there's no DEBUG channel at the moment.