Closed
Bug 741258
Opened 12 years ago
Closed 12 years ago
ASAN: unresolved symbols in libnssutil3.dylib
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla15
People
(Reporter: posidron, Assigned: decoder)
Details
(Whiteboard: [asan][asan-build-blocker])
Attachments
(1 file)
|
881 bytes,
patch
|
ted
:
review+
gkw
:
checkin+
|
Details | Diff | Splinter Review |
As discussed in IRC one possible solution would be to add the flag -undefined dynamic_lookup to DSO_LDOPTS in security/coreconf/Darwin.mk Example: DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names -undefined dynamic_lookup
|
Assignee | |
Comment 1•12 years ago
|
||
I reached out to the ASan developers to first ensure that -undefined dynamic_lookup is the right way to do it. Once we are sure about that, I'll take a look where exactly we can add it with best (preferably outside NSS).
|
|
Assignee | |
Comment 2•12 years ago
|
||
According to the ASan developers, we are not supposed to pass -undefined dynamic_lookup ourselves, but instead it's likely that for the linker call here -faddress-sanitizer is not passed (which it should). I'm currently investigating why this flag is dropped at some point in NSS and how to force it.
|
|
Assignee | |
Comment 3•12 years ago
|
||
The proper solution here is to ensure that NSS builds dylibs with -faddress-sanitizer, i.e. that LDFLAGS are correctly passed to NSS dylibs when MOZ_CFLAGS_NSS is set. I haven't found a good solution to do this without touching NSS itself, but overriding DARWIN_DYLIB_VERSIONS seemed the least intrusive way and it works :) These changes are only active when building with the --enable-address-sanitizer build option.
Attachment #613682 -
Flags: review?(khuey)
Comment on attachment 613682 [details] [diff] [review] Patch Review of attachment 613682 [details] [diff] [review]: ----------------------------------------------------------------- Not a mac person.
Attachment #613682 -
Flags: review?(khuey) → review?(ted.mielczarek)
|
||
Comment 5•12 years ago
|
||
Comment on attachment 613682 [details] [diff] [review] Patch Review of attachment 613682 [details] [diff] [review]: ----------------------------------------------------------------- This feels like the wrong way to fix this. Can you patch NSS instead? I know that's more of a hassle, but I don't like wedging things in where they don't belong.
Attachment #613682 -
Flags: review?(ted.mielczarek) → review-
|
|
||
Comment 6•12 years ago
|
||
Comment on attachment 613682 [details] [diff] [review] Patch In light of the fact that this code is only hit in a non-default configuration, I'll r+ this. However, I want you to file an NSS bug on adding a way to pass this info down in a more correct way, and mention the bug number in a comment here.
Attachment #613682 -
Flags: review- → review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
Filed follow-up bug 748423 to discuss and resolve the situation more properly in NSS. I also emailed wtc to ask about the right solution here.
|
|
Assignee | |
Updated•12 years ago
|
Attachment #613682 -
Flags: checkin?(gary)
|
||
Comment 8•12 years ago
|
||
Comment on attachment 613682 [details] [diff] [review] Patch http://hg.mozilla.org/integration/mozilla-inbound/rev/c45e97eaba18
Attachment #613682 -
Flags: checkin?(gary) → checkin+
|
|
||
Updated•12 years ago
|
Target Milestone: --- → mozilla15
|
||
Comment 9•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/c45e97eaba18
|
|
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [asan] → [asan][asan-build-blocker]
You need to log in
before you can comment on or make changes to this bug.
Description
•