1 files changed, 33 insertions, 8 deletions

diff --git a/absl/debugging/internal/stacktrace_x86-inl.inc b/absl/debugging/internal/stacktrace_x86-inl.inc
index 1b5d8235..7b26464e 100644
--- a/absl/debugging/internal/stacktrace_x86-inl.inc
+++ b/absl/debugging/internal/stacktrace_x86-inl.inc
@@ -29,14 +29,13 @@
 #include <cstdint>
 #include <limits>
 
+#include "absl/base/attributes.h"
 #include "absl/base/macros.h"
 #include "absl/base/port.h"
 #include "absl/debugging/internal/address_is_readable.h"
 #include "absl/debugging/internal/vdso_support.h"  // a no-op on non-elf or non-glibc systems
 #include "absl/debugging/stacktrace.h"
 
-#include "absl/base/internal/raw_logging.h"
-
 using absl::debugging_internal::AddressIsReadable;
 
 #if defined(__linux__) && defined(__i386__)
@@ -113,6 +112,10 @@ static int CountPushInstructions(const unsigned char *const addr) {
 
 // Assume stack frames larger than 100,000 bytes are bogus.
 static const int kMaxFrameBytes = 100000;
+// Stack end to use when we don't know the actual stack end
+// (effectively just the end of address space).
+constexpr uintptr_t kUnknownStackEnd =
+    std::numeric_limits<size_t>::max() - sizeof(void *);
 
 // Returns the stack frame pointer from signal context, 0 if unknown.
 // vuc is a ucontext_t *.  We use void* to avoid the use
@@ -140,13 +143,14 @@ static uintptr_t GetFP(const void *vuc) {
     // TODO(bcmills): -momit-leaf-frame-pointer is currently the default
     // behavior when building with clang.  Talk to the C++ toolchain team about
     // fixing that.
-    if (bp >= sp && bp - sp <= kMaxFrameBytes) return bp;
+    if (bp >= sp && bp - sp <= kMaxFrameBytes)
+      return static_cast<uintptr_t>(bp);
 
     // If bp isn't a plausible frame pointer, return the stack pointer instead.
     // If we're lucky, it points to the start of a stack frame; otherwise, we'll
     // get one frame of garbage in the stack trace and fail the sanity check on
     // the next iteration.
-    return sp;
+    return static_cast<uintptr_t>(sp);
   }
 #endif
   return 0;
@@ -258,8 +262,26 @@ static void **NextStackFrame(void **old_fp, const void *uc,
     // With the stack growing downwards, older stack frame must be
     // at a greater address that the current one.
     if (new_fp_u <= old_fp_u) return nullptr;
-    if (new_fp_u - old_fp_u > kMaxFrameBytes) return nullptr;
 
+    // If we get a very large frame size, it may be an indication that we
+    // guessed frame pointers incorrectly and now risk a paging fault
+    // dereferencing a wrong frame pointer. Or maybe not because large frames
+    // are possible as well. The main stack is assumed to be readable,
+    // so we assume the large frame is legit if we know the real stack bounds
+    // and are within the stack.
+    if (new_fp_u - old_fp_u > kMaxFrameBytes) {
+      if (stack_high < kUnknownStackEnd &&
+          static_cast<size_t>(getpagesize()) < stack_low) {
+        // Stack bounds are known.
+        if (!(stack_low < new_fp_u && new_fp_u <= stack_high)) {
+          // new_fp_u is not within the known stack.
+          return nullptr;
+        }
+      } else {
+        // Stack bounds are unknown, prefer truncated stack to possible crash.
+        return nullptr;
+      }
+    }
     if (stack_low < old_fp_u && old_fp_u <= stack_high) {
       // Old BP was in the expected stack region...
       if (!(stack_low < new_fp_u && new_fp_u <= stack_high)) {
@@ -310,8 +332,9 @@ static int UnwindImpl(void **result, int *sizes, int max_depth, int skip_count,
   int n = 0;
   void **fp = reinterpret_cast<void **>(__builtin_frame_address(0));
 
-  size_t stack_low = getpagesize();  // Assume that the first page is not stack.
-  size_t stack_high = std::numeric_limits<size_t>::max() - sizeof(void *);
+  // Assume that the first page is not stack.
+  size_t stack_low = static_cast<size_t>(getpagesize());
+  size_t stack_high = kUnknownStackEnd;
 
   while (fp && n < max_depth) {
     if (*(fp + 1) == reinterpret_cast<void *>(0)) {
@@ -327,7 +350,9 @@ static int UnwindImpl(void **result, int *sizes, int max_depth, int skip_count,
       result[n] = *(fp + 1);
       if (IS_STACK_FRAMES) {
         if (next_fp > fp) {
-          sizes[n] = (uintptr_t)next_fp - (uintptr_t)fp;
+          sizes[n] = static_cast<int>(
+              reinterpret_cast<uintptr_t>(next_fp) -
+              reinterpret_cast<uintptr_t>(fp));
         } else {
           // A frame-size of 0 is used to indicate unknown frame size.
           sizes[n] = 0;