deprecated libva-vdpau-driver: Crash in [@ _xcb_socket]
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox109 | --- | disabled |
People
(Reporter: mccr8, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/54358815-429b-443d-8472-0dcdb0221205
Reason: SIGSYS / SYS_SECCOMP
Top 10 frames of crashing thread:
0 libc.so.6 __GI___socket /usr/src/debug/glibc-2.36/sysdeps/unix/syscall-template.S:120
1 libxcb.so.1 _xcb_socket /usr/src/debug/libxcb-1.15-1.4.x86_64/src/xcb_util.c:317
2 libxcb.so.1 xcb_connect_to_display_with_auth_info /usr/src/debug/libxcb-1.15-1.4.x86_64/src/xcb_util.c:521
3 libX11.so.6 libX11.so.6@0x44201
4 libX11.so.6 libX11.so.6@0x35d32
5 libX11.so.6 libX11.so.6@0x4143f
6 libX11.so.6 libX11.so.6@0x4143f
7 libX11.so.6 libX11.so.6@0x4140f
8 libX11.so.6 libX11.so.6@0x4140f
9 firefox-bin memset /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/x86_64-linux-gnu/bits/string3.h:84
There aren't a ton of these crashes, so maybe it is just a user with some odd settings, but I figured I'd file it.
Comment 1•2 years ago
|
||
10 vdpau_drv_video.so __vaDriverInit_1_15 /usr/src/debug/libva-vdpau-driver-0.7.4-7.10.x86_64/src/vdpau_driver.c:317
We don't want to run this code.
IIRC legacy dri2 wants an X11 auth cookie while dri3 works with an fd.
vaGetDisplayDRM uses dri3 (bug 1580166 comment 6).
vdpau_drv_video.so background:
Deprecated libva-vdpau-driver doesn't support vaGetDisplayDRM and crashes.
Therefore the VAAPI test has been moved into the glxtest process (bug 1787182, bug 1758473/bug 1777927) to disable VAAPI in case vdpau_drv_video.so is present.
Could a sandbox rule just block vdpau_drv_video.so from being loaded in RDD and glxtest?
(Darkspirit from bug 1758473 comment #9)
It might be this one: https://salsa.debian.org/multimedia-team/attic/vdpau-video/-/blob/63450ffea86143d418c6e83cb8d2828d3a7beb25/src/vdpau_driver.c#L188
const char * const x11_dpy_name = XDisplayString(driver_data->x11_dpy);
https://bugs.archlinux.org/task/72241#comments
vaGetDisplayDRM() doesn't fill ->x11_dpy
VAAPI should be blocked for vdpau_drv_video.so.
vdpau_drv_video.so is deprecated and has been removed from Debian.
Debian Buster (oldstable) was the last release that had a package for it: https://packages.debian.org/oldstable/vdpau-va-driver
https://tracker.debian.org/pkg/vdpau-video
https://salsa.debian.org/multimedia-team/attic/vdpau-video
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Unfortunately we don't have anything that could block a specific library at the sandbox level, but it'd be pretty simple for glxtest to use dl_iterate_phdr
to see if a library with a given name was loaded.
Updated•2 years ago
|
Comment hidden (obsolete) |
Updated•2 years ago
|
Comment hidden (obsolete) |
Comment 5•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 desktop browser crashes on nightly
:gcp, could you consider increasing the severity of this top-crash bug?
For more information, please visit auto_nag documentation.
Comment 6•2 years ago
|
||
This is still disabled-by-default AFAIK so no reason to do that.
Comment 7•2 years ago
|
||
Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.
For more information, please visit auto_nag documentation.
Description
•