Closed Bug 1456952 Opened 6 years ago Closed 6 years ago

ASan complains about cairo-win32-surface.c printf format

Categories

(Core :: Graphics, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla61
Tracking Status
firefox61 --- fixed

People

(Reporter: away, Assigned: away)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

15:40:04    ERROR -  GECKO(3104) | ==3104==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fffdb3b6b56 at pc 0x7fffdf6aed11 bp 0x00aee4dfa080 sp 0x00aee4dfa0c0
15:40:04     INFO -  GECKO(3104) | READ of size 24 at 0x7fffdb3b6b56 thread T0
...
15:40:04     INFO -  GECKO(3104) | 0x7fffdb3b6b56 is located 42 bytes to the left of global variable 'cairo_win32_surface_backend' defined in 'z:/build/build/src/gfx/cairo/cairo/src/cairo-win32-surface.c:3854:38' (0x7fffdb3b6b80) of size 272
15:40:04     INFO -  GECKO(3104) | 0x7fffdb3b6b56 is located 0 bytes to the right of global variable '<string literal>' defined in 'z:/build/build/src/gfx/cairo/cairo/src/cairo-win32-surface.c:337:44' (0x7fffdb3b6b40) of size 22
15:40:04     INFO -  GECKO(3104) |   '<string literal>' is ascii string '_create_dc_and_bitmap'

Our copy of cairo-win32-surface.c contains:
>  fwprintf (stderr, L"%s: %S", context, (wchar_t *)lpMsgBuf);
where `context` is a narrow-character string.

The format here is wrong; in the context of fwprintf, %s means wide strings: https://msdn.microsoft.com/en-us/library/hf4y5e3w.aspx
Jeff, cairo fixed this in https://cgit.freedesktop.org/cairo/commit/src/cairo-win32-surface.c?id=47d14586f5d56b2c926a2ddbca6cfbd284c3b3f1 by changing to narrow-character fprintf. What's the procedure for pulling in the fix?
Flags: needinfo?(jmuizelaar)
We can just apply the fix ourselves. We've effectively forked cairo at this point.
Flags: needinfo?(jmuizelaar)
Oh no! This was fixed in bug 624198 and clobbered by bug 562746.
Attached patch fwprintfSplinter Review
Assignee: nobody → dmajor
Attachment #8971034 - Flags: review?(jmuizelaar)
Attachment #8971034 - Flags: review?(jmuizelaar) → review+
Pushed by dmajor@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/37fc9c4f9a21
Reapply bug 624198 fix that got lost in an upstream update. r=jrmuizel
https://hg.mozilla.org/mozilla-central/rev/37fc9c4f9a21
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.