1414046 - UBSan: null pointer passed as argument declared to never be null [@ mozilla::net::CacheFileMetadata::WriteMetadata]

Status: RESOLVED FIXED

(Core :: Networking: Cache, defect, P3)

Description

[Tyson Smith [:tsmith]]

This error is triggered on startup when Firefox is built with: -fsanitize=nonnull-attribute

/mozilla-central/netwerk/cache2/CacheFileMetadata.cpp:266:13: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7f15c4f28823 in mozilla::net::CacheFileMetadata::WriteMetadata(unsigned int, mozilla::net::CacheFileMetadataListener*) /mozilla-central/netwerk/cache2/CacheFileMetadata.cpp:266:3
    #1 0x7f15c4f178af in mozilla::net::CacheFile::WriteMetadataIfNeededLocked(bool) /mozilla-central/netwerk/cache2/CacheFile.cpp:2436:19
    #2 0x7f15c4f265a4 in mozilla::net::CacheFile::RemoveOutput(mozilla::net::CacheFileOutputStream*, nsresult) /mozilla-central/netwerk/cache2/CacheFile.cpp:2164:5
    #3 0x7f15c4f63490 in mozilla::net::CacheFileOutputStream::Release() /mozilla-central/netwerk/cache2/CacheFileOutputStream.cpp:30:14
    #4 0x7f15c449c1f7 in nsCOMPtr<nsIOutputStream>::operator=(decltype(nullptr)) /mozilla-central/objdir-ff-ubsan/dist/include/nsCOMPtr.h:631:5
    #5 0x7f15c47c8f72 in mozilla::net::nsStreamListenerTee::OnStopRequest(nsIRequest*, nsISupports*, nsresult) /mozilla-central/netwerk/base/nsStreamListenerTee.cpp:49:15
    #6 0x7f15c519a60d in mozilla::net::nsHttpChannel::OnStopRequest(nsIRequest*, nsISupports*, nsresult) /mozilla-central/netwerk/protocol/http/nsHttpChannel.cpp:7427:20
    #7 0x7f15c472354a in nsInputStreamPump::OnStateStop() /mozilla-central/netwerk/base/nsInputStreamPump.cpp:704:20
    #8 0x7f15c4721f21 in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) /mozilla-central/netwerk/base/nsInputStreamPump.cpp:428:25
    #9 0x7f15c44ce26d in nsInputStreamReadyEvent::Run() /mozilla-central/xpcom/io/nsStreamUtils.cpp:97:20
    #10 0x7f15c4542f7f in nsThread::ProcessNextEvent(bool, bool*) /mozilla-central/xpcom/threads/nsThread.cpp:1037:14
    #11 0x7f15c4574b09 in NS_ProcessNextEvent(nsIThread*, bool) /mozilla-central/xpcom/threads/nsThreadUtils.cpp:513:10
    #12 0x7f15c5702468 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /mozilla-central/ipc/glue/MessagePump.cpp:97:21
    #13 0x7f15c5590589 in RunHandler /mozilla-central/ipc/chromium/src/base/message_loop.cc:319:3
    #14 0x7f15c5590589 in MessageLoop::Run() /mozilla-central/ipc/chromium/src/base/message_loop.cc:299
    #15 0x7f15cb507164 in nsBaseAppShell::Run() /mozilla-central/widget/nsBaseAppShell.cpp:158:27
    #16 0x7f15d04356d5 in nsAppStartup::Run() /mozilla-central/toolkit/components/startup/nsAppStartup.cpp:288:30
    #17 0x7f15d06157aa in XREMain::XRE_mainRun() /mozilla-central/toolkit/xre/nsAppRunner.cpp:4675:22
    #18 0x7f15d0617133 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4837:8
    #19 0x7f15d0617fc1 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4932:21
    #20 0x516ffa in do_main /mozilla-central/browser/app/nsBrowserApp.cpp:231:22
    #21 0x516ffa in main /mozilla-central/browser/app/nsBrowserApp.cpp:304
    #22 0x7f15f365e1c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #23 0x41f789 in _start (firefox+0x41f789)

Comment 1

[Michal Novotny [:michal]]

Attachment: fix

Comment 2

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/eabded1b884a
Skip copying mHashArray in CacheFileMetadata::WriteMetadata if it's empty. r=valentin

Comment 3

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/mozilla-central/rev/eabded1b884a