Closed
Bug 1359097
Opened 7 years ago
Closed 7 years ago
AddressSanitizer: heap-use-after-free @ mozilla_dump_image
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
INCOMPLETE
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | affected |
People
(Reporter: bc, Unassigned)
References
()
Details
Attachments
(3 files)
Windows 10 64bit asan opt Nightly build 1. https://www.visual-paradigm.com/download/?platform=windows&arch=64bit 2. ==5800==ERROR: AddressSanitizer: heap-use-after-free on address 0x1216c249d618 at pc 0x7ffef5fa4421 bp 0x00f2a8ffeba0 sp 0x00f2a8ffebe8 READ of size 1 at 0x1216c249d618 thread T0 #0 0x7ffef5fa4420 in mozilla_dump_image+0x84439c0 (C:\mozilla\builds\nightly-asan\mozilla\firefox-opt\dist\bin\xul.dll+0x18b0b4420) ...
|
||
Updated•7 years ago
|
status-firefox55:
--- → affected
status-firefox57:
affected → ---
|
||
Comment 1•7 years ago
|
||
The stacks don't look to be property symbolized. Could you look at fixing that, Bob? These stacks also look like the bug is happening in mozilla_dump_image, which looks to be some debugging utility we don't call anywhere. I don't know how that is getting triggered, but that probably reduces the severity.
Flags: needinfo?(bob)
|
||
Updated•7 years ago
|
Group: core-security → gfx-core-security
|
|
||
Comment 2•7 years ago
|
||
Maybe the automation harness is triggering the dump_image somehow?
|
Reporter | |
Comment 3•7 years ago
|
||
I'm not sure. I'm trying to reproduce manually so I can get the symbolizer to work for sure. There is another crash for that url on Windows but it isn't obviously related to the asan issue. Attaching the crash report. I'm still trying to get the Windows asan report symbolized. I also realized the windows 64bit asan builds are a couple of weeks old.
|
|
Reporter | |
Comment 4•7 years ago
|
||
I've failed to get the packaged llvm-symbolizer to produce anything other than references to xul.dll. The asan build is problematic I think. The fact that no new builds are being produced is probably a sign that I jumped the gun on starting asan testing on windows. We can revisit this once windows asan builds are in better shape and the llvm-symbolizer works. In the mean time I will cease using windows asan builds.
Flags: needinfo?(bob)
|
|
||
Comment 5•7 years ago
|
||
Nathan, is it expected that we're not producing Windows ASan builds any more? And that llvm-symbolizer doesn't work?
Flags: needinfo?(nfroyd)
|
||
Comment 6•7 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #5) > Nathan, is it expected that we're not producing Windows ASan builds any > more? And that llvm-symbolizer doesn't work? I don't know about the Windows ASan builds...I thought those were being generated automatically now? As far as llvm-symbolizer not working, I know that when I initially tried Windows ASan builds, I could get llvm-symbolizer working on my local build, but it did not want to work with packaged builds. I did not investigate much further than that. Our Linux builds have actual symbols in libxul.so, but I suspect our Windows builds relegate everything to .pdb files...
Flags: needinfo?(nfroyd)
|
||
Comment 7•7 years ago
|
||
There is a bug logged to get symbols packaged with the windows asan builds.
Depends on: 1360650
|
|
||
Updated•7 years ago
|
Flags: needinfo?(twsmith)
|
|
||
Comment 8•7 years ago
|
||
We can reopen this one once we can start making progress.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
With bug 1360650 fixed, WinASan builds on Try should be producing xul.pdb's inside the target.zip now. Care to give this another try, Bob? Note that you'll need to disable stylo on WinASan builds until bug 1417504 is fixed.
Flags: needinfo?(bob)
|
|
Reporter | |
Comment 10•6 years ago
|
||
Wow! I have been waiting for this for some time. I'm right in the first part of retesting the 43,000 urls where I found crashes this last year, but I will definitely see about trying to get this ready for production. I've got a couple of things going on but I will get to it very very soon. Thanks!
|
|
Reporter | |
Comment 11•6 years ago
|
||
used build from https://treeherder.mozilla.org/#/jobs?repo=try&revision=e5515e5beffe4d814877341f339087937f69bd38&filter-tier=1&filter-tier=2&filter-tier=3&selectedJob=151359165 I didn't crash on this url but on a different one it does look like I got symbols! Do they look alright?
Flags: needinfo?(bob)
|
|
||
Comment 12•6 years ago
|
||
> I didn't crash on this url but on a different one it does look like I got > symbols! Do they look alright? Hmm, mostly! The topmost frame is bogus because it looks like we don't upload symbols for the ASan runtime DLL -- I'll file a separate bug. But the remainder of the stack, AddSizeOfExcludingThis etc., looks valid and suggests that you hit the stylo issue from bug 1417504.
|
|
||
Updated•6 years ago
|
Flags: needinfo?(twsmith)
|
|
||
Updated•4 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•