content/browser/frame_host/debug_urls.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/browser/frame_host/debug_urls.h"
   6
   7 #if defined(SYZYASAN)
   8 #include <windows.h>
   9 #endif
  10
  11 #include <vector>
  12
  13 #include "base/command_line.h"
  14 #include "base/debug/asan_invalid_access.h"
  15 #include "base/debug/profiler.h"
  16 #include "base/strings/utf_string_conversions.h"
  17 #include "cc/base/switches.h"
  18 #include "content/browser/gpu/gpu_process_host_ui_shim.h"
  19 #include "content/public/browser/browser_thread.h"
  20 #include "content/public/common/content_constants.h"
  21 #include "content/public/common/url_constants.h"
  22 #include "ppapi/proxy/ppapi_messages.h"
  23 #include "url/gurl.h"
  24
  25 #if defined(ENABLE_PLUGINS)
  26 #include "content/browser/ppapi_plugin_process_host.h"
  27 #endif
  28
  29 namespace content {
  30
  31 namespace {
  32
  33 // Define the Asan debug URLs.
  34 const char kAsanCrashDomain[] = "crash";
  35 const char kAsanHeapOverflow[] = "/browser-heap-overflow";
  36 const char kAsanHeapUnderflow[] = "/browser-heap-underflow";
  37 const char kAsanUseAfterFree[] = "/browser-use-after-free";
  38 #if defined(SYZYASAN)
  39 const char kAsanCorruptHeapBlock[] = "/browser-corrupt-heap-block";
  40 const char kAsanCorruptHeap[] = "/browser-corrupt-heap";
  41
  42 // Define the Kasko debug URLs.
  43 const char kKaskoCrashDomain[] = "kasko";
  44 const char kKaskoSendReport[] = "/send-report";
  45 #endif
  46
  47 void HandlePpapiFlashDebugURL(const GURL& url) {
  48 #if defined(ENABLE_PLUGINS)
  49   bool crash = url == GURL(kChromeUIPpapiFlashCrashURL);
  50
  51   std::vector<PpapiPluginProcessHost*> hosts;
  52   PpapiPluginProcessHost::FindByName(
  53       base::UTF8ToUTF16(kFlashPluginName), &hosts);
  54   for (std::vector<PpapiPluginProcessHost*>::iterator iter = hosts.begin();
  55        iter != hosts.end(); ++iter) {
  56     if (crash)
  57       (*iter)->Send(new PpapiMsg_Crash());
  58     else
  59       (*iter)->Send(new PpapiMsg_Hang());
  60   }
  61 #endif
  62 }
  63
  64 bool IsKaskoDebugURL(const GURL& url) {
  65 #if defined(SYZYASAN)
  66   return (url.is_valid() && url.SchemeIs(kChromeUIScheme) &&
  67           url.DomainIs(kKaskoCrashDomain, sizeof(kKaskoCrashDomain) - 1) &&
  68           url.path() == kKaskoSendReport);
  69 #else
  70   return false;
  71 #endif
  72 }
  73
  74 void HandleKaskoDebugURL() {
  75 #if defined(SYZYASAN)
  76   // Signature of an enhanced crash reporting function.
  77   typedef void(__cdecl * ReportCrashWithProtobufPtr)(EXCEPTION_POINTERS*,
  78                                                      const char*);
  79
  80   HMODULE exe_hmodule = ::GetModuleHandle(NULL);
  81   ReportCrashWithProtobufPtr report_crash_with_protobuf =
  82       reinterpret_cast<ReportCrashWithProtobufPtr>(
  83           ::GetProcAddress(exe_hmodule, "ReportCrashWithProtobuf"));
  84   if (report_crash_with_protobuf)
  85     report_crash_with_protobuf(NULL, "Invoked from debug url.");
  86   else
  87     NOTREACHED();
  88 #else
  89   NOTIMPLEMENTED();
  90 #endif
  91 }
  92
  93 bool IsAsanDebugURL(const GURL& url) {
  94 #if defined(SYZYASAN)
  95   if (!base::debug::IsBinaryInstrumented())
  96     return false;
  97 #endif
  98
  99   if (!(url.is_valid() && url.SchemeIs(kChromeUIScheme) &&
 100         url.DomainIs(kAsanCrashDomain, sizeof(kAsanCrashDomain) - 1) &&
 101         url.has_path())) {
 102     return false;
 103   }
 104
 105   if (url.path() == kAsanHeapOverflow || url.path() == kAsanHeapUnderflow ||
 106       url.path() == kAsanUseAfterFree) {
 107     return true;
 108   }
 109
 110 #if defined(SYZYASAN)
 111   if (url.path() == kAsanCorruptHeapBlock || url.path() == kAsanCorruptHeap)
 112     return true;
 113 #endif
 114
 115   return false;
 116 }
 117
 118 bool HandleAsanDebugURL(const GURL& url) {
 119 #if defined(SYZYASAN)
 120   if (!base::debug::IsBinaryInstrumented())
 121     return false;
 122
 123   if (url.path() == kAsanCorruptHeapBlock) {
 124     base::debug::AsanCorruptHeapBlock();
 125     return true;
 126   } else if (url.path() == kAsanCorruptHeap) {
 127     base::debug::AsanCorruptHeap();
 128     return true;
 129   }
 130 #endif
 131
 132 #if defined(ADDRESS_SANITIZER) || defined(SYZYASAN)
 133   if (url.path() == kAsanHeapOverflow) {
 134     base::debug::AsanHeapOverflow();
 135   } else if (url.path() == kAsanHeapUnderflow) {
 136     base::debug::AsanHeapUnderflow();
 137   } else if (url.path() == kAsanUseAfterFree) {
 138     base::debug::AsanHeapUseAfterFree();
 139   } else {
 140     return false;
 141   }
 142 #endif
 143
 144   return true;
 145 }
 146
 147
 148 }  // namespace
 149
 150 bool HandleDebugURL(const GURL& url, ui::PageTransition transition) {
 151   // Ensure that the user explicitly navigated to this URL, unless
 152   // kEnableGpuBenchmarking is enabled by Telemetry.
 153   bool is_telemetry_navigation =
 154       base::CommandLine::ForCurrentProcess()->HasSwitch(
 155           cc::switches::kEnableGpuBenchmarking) &&
 156       (transition & ui::PAGE_TRANSITION_TYPED);
 157
 158   if (!(transition & ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) &&
 159       !is_telemetry_navigation)
 160     return false;
 161
 162   if (IsAsanDebugURL(url))
 163     return HandleAsanDebugURL(url);
 164
 165   if (IsKaskoDebugURL(url)) {
 166     HandleKaskoDebugURL();
 167     return true;
 168   }
 169
 170   if (url == GURL(kChromeUIBrowserCrashURL)) {
 171     // Induce an intentional crash in the browser process.
 172     CHECK(false);
 173     return true;
 174   }
 175
 176   if (url == GURL(kChromeUIGpuCleanURL)) {
 177     GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
 178     if (shim)
 179       shim->SimulateRemoveAllContext();
 180     return true;
 181   }
 182
 183   if (url == GURL(kChromeUIGpuCrashURL)) {
 184     GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
 185     if (shim)
 186       shim->SimulateCrash();
 187     return true;
 188   }
 189
 190   if (url == GURL(kChromeUIGpuHangURL)) {
 191     GpuProcessHostUIShim* shim = GpuProcessHostUIShim::GetOneInstance();
 192     if (shim)
 193       shim->SimulateHang();
 194     return true;
 195   }
 196
 197   if (url == GURL(kChromeUIPpapiFlashCrashURL) ||
 198       url == GURL(kChromeUIPpapiFlashHangURL)) {
 199     BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
 200                             base::Bind(&HandlePpapiFlashDebugURL, url));
 201     return true;
 202   }
 203
 204   return false;
 205 }
 206
 207 bool IsRendererDebugURL(const GURL& url) {
 208   if (!url.is_valid())
 209     return false;
 210
 211   if (url.SchemeIs(url::kJavaScriptScheme))
 212     return true;
 213
 214   return url == GURL(kChromeUICrashURL) ||
 215          url == GURL(kChromeUIDumpURL) ||
 216          url == GURL(kChromeUIKillURL) ||
 217          url == GURL(kChromeUIHangURL) ||
 218          url == GURL(kChromeUIShorthangURL);
 219 }
 220
 221 }  // namespace content