Closed
Bug 1033076
Opened 10 years ago
Closed 9 years ago
ASAN webapprt-test-chrome runs fail on AddressSanitizer: global-buffer-overflow
Categories
(Core :: js-ctypes, defect, P1)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: myk, Unassigned)
References
Details
Attachments
(1 file)
|
(deleted),
text/plain
|
Details |
The webapprt-test-chrome test runs on the Linux ASAN builds all fail on "AddressSanitizer: global-buffer-overflow":
19:08:27 INFO - ==1794==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fbf1c1d9e28 at pc 0x7fbf09d0b050 bp 0x7fffe82fae30 sp 0x7fffe82fae28
19:08:27 INFO - READ of size 2 at 0x7fbf1c1d9e28 thread T0
19:08:28 INFO - #0 0x7fbf09d0b04f in InitTypeClasses /builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/typedefs.h:75
19:08:28 INFO - #1 0x7fbf09d0b04f in JS_InitCTypesClass(JSContext*, JS::Handle<JSObject*>) /builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/CTypes.cpp:1334
19:08:28 INFO - #2 0x7fbf08ba2973 in InitAndSealCTypesClass /builds/slave/ced-l64-asan-00000000000000000/build/source/toolkit/components/ctypes/ctypes.cpp:91
…
19:08:28 INFO - 0x7fbf1c1d9e28 is located 16 bytes to the right of global variable 'ffi_type_sint8' from '/builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/libffi/src/types.c' (0x7fbf1c1d9e00) of size 24
19:08:28 INFO - 0x7fbf1c1d9e28 is located 8 bytes inside of global variable 'ffi_type_uint8' from '/builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/libffi/src/types.c' (0x7fbf1c1d9e20) of size 24
19:08:28 INFO - 0x7fbf1c1d9e28 is located 24 bytes to the left of global variable 'ffi_type_void' from '/builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/libffi/src/types.c' (0x7fbf1c1d9e40) of size 24
19:08:28 INFO - SUMMARY: AddressSanitizer: global-buffer-overflow /builds/slave/ced-l64-asan-00000000000000000/build/source/js/src/ctypes/typedefs.h:75 InitTypeClasses
- https://tbpl.mozilla.org/php/getParsedLog.php?id=42813301&tree=Cedar
See the attachment for the full stack.
More examples:
https://tbpl.mozilla.org/php/getParsedLog.php?id=42410829&tree=Cedar
https://tbpl.mozilla.org/php/getParsedLog.php?id=42303147&tree=Cedar
|
||
Comment 1•10 years ago
|
||
Probably the same problem we run into with toolkit/webapps/ tests that execute the app: bug 989569.
|
|
||
Comment 2•10 years ago
|
||
Yes, the stack dump is the same.
|
Reporter | |
Updated•10 years ago
|
Priority: -- → P1
|
|
||
Updated•10 years ago
|
Component: Webapp Runtime → js-ctypes
Product: Firefox → Core
|
|
||
Comment 3•10 years ago
|
||
Looks like the problem is in js-ctypes, in particular I think it comes from osfile's usage of js-ctypes (because looks like it's the only module that uses js-ctypes on Linux).
|
|
Reporter | |
Comment 4•10 years ago
|
||
We're really close to being able to run runtime tests automatically. This is the only remaining blocker.
|
|
Reporter | |
Comment 5•10 years ago
|
||
Here's a recent log: https://tbpl.mozilla.org/php/getParsedLog.php?id=51164486&tree=Cedar.
Yoric: any chance you have an idea why this is happening and how to go about fixing it?
Flags: needinfo?(dteller)
|
||
Comment 6•10 years ago
|
||
I took a quick look at it, and I'm afraid I have no clue.
The stack trace is not very convincing, too. I have little to no experience with ASAN, but would a gdb/lldb run be able to pinpoint exactly when the overflow takes place?
Flags: needinfo?(dteller)
|
|
||
Comment 7•9 years ago
|
||
The web runtime has been removed in bug 1238079.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•