[sandbox] Treat nullptr dereferences as harmless in sandbox crash filter

Bug: v8:12878 Change-Id: I79ca182fcf59f520cdf8f25dd0daac9ced07881a Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707283 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#81222}
2022-06-17 16:32:54 +02:00 · 2022-06-17 16:32:54 +02:00 · d500b7b853
commit d500b7b853
parent 5f914d92f4
1 changed files with 10 additions and 0 deletions
--- a/src/sandbox/testing.cc
+++ b/src/sandbox/testing.cc
@ -236,6 +236,16 @@ void SandboxSignalHandler(int signal, siginfo_t* info, void* void_context) {
    _exit(0);
  }

+  if (faultaddr < 0x1000) {
+    // Nullptr dereferences are harmless as nothing can be mapped there. We use
+    // the typical page size (which is also the default value of mmap_min_addr
+    // on Linux) to determine what counts as a nullptr dereference here.
+    PrintToStderr(
+        "Caught harmless memory access violaton (nullptr dereference). Exiting "
+        "process...\n");
+    _exit(0);
+  }
+
  if (info->si_code == SI_KERNEL && faultaddr == 0) {
    // This combination appears to indicate a crash at a non-canonical address
    // on Linux. Crashes at non-canonical addresses are for example caused by