Closed
Bug 1459961
Opened 6 years ago
Closed 6 years ago
AddressSanitizer: SEGV on unknown address 0x7f32422961bf in IPC URI deserialization
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
DUPLICATE
of bug 1392739
Tracking | Status | |
---|---|---|
firefox62 | --- | affected |
People
(Reporter: Alex_Gaynor, Assigned: valentin)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
160 bytes,
application/octet-stream
|
Details |
Found at revision f877359308b1. osboxes@osboxes:~/mozilla-central$ (cd obj-x86_64-pc-linux-gnu/dist/bin/; MOZ_RUN_GTEST=1 LIBFUZZER=1 FUZZER=ContentParentIPC ./firefox -artifact_prefix=/home/osboxes/content-parent/artifacts ~/content-parent-artifacts/minimized-from-49bf89b45ecf881cf561260b3bd13588e24d3187 ) Running Fuzzer tests... INFO: Seed: 1476400753 INFO: Loaded 1 modules (1630287 guards): 1630287 [0x7f3146519d80, 0x7f3146b51ebc), ./firefox: Running 1 inputs 1 time(s) each. Running: /home/osboxes/content-parent-artifacts/minimized-from-49bf89b45ecf881cf561260b3bd13588e24d3187 AddressSanitizer:DEADLYSIGNAL ================================================================= ==3395==ERROR: AddressSanitizer: SEGV on unknown address 0x7f32422961bf (pc 0x7f312da148bc bp 0x7ffd1dbe6c30 sp 0x7ffd1dbe6aa0 T0) ==3395==The signal is caused by a READ memory access. #0 0x7f312da148bb in CharAt /home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsTString.h:211:12 #1 0x7f312da148bb in Host /home/osboxes/mozilla-central/netwerk/base/nsStandardURL.h:566 #2 0x7f312da148bb in mozilla::net::nsStandardURL::CheckIfHostIsAscii() /home/osboxes/mozilla-central/netwerk/base/nsStandardURL.cpp:1287 #3 0x7f312da3a971 in mozilla::net::nsStandardURL::Deserialize(mozilla::ipc::URIParams const&) /home/osboxes/mozilla-central/netwerk/base/nsStandardURL.cpp:3645:19 #4 0x7f312da522b9 in InitFromIPCParams /home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsIURIMutator.h:69:21 #5 0x7f312da522b9 in mozilla::net::nsStandardURL::TemplatedMutator<mozilla::net::nsStandardURL>::Deserialize(mozilla::ipc::URIParams const&) /home/osboxes/mozilla-central/netwerk/base/nsStandardURL.h:339 #6 0x7f312eba372c in mozilla::ipc::DeserializeURI(mozilla::ipc::URIParams const&) /home/osboxes/mozilla-central/ipc/glue/URIUtils.cpp:121:26 #7 0x7f3136d1d016 in mozilla::dom::ContentParent::RecvPLoginReputationConstructor(mozilla::dom::PLoginReputationParent*, mozilla::ipc::URIParams const&) /home/osboxes/mozilla-central/dom/ipc/ContentParent.cpp:5550:26 #8 0x7f312eea2734 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/ipc/ipdl/PContentParent.cpp:4341:20 #9 0x7f313e41ded8 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, std::unordered_set<unsigned int, std::hash<unsigned int>, std::equal_to<unsigned int>, std::allocator<unsigned int> >&) /home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/ProtocolFuzzer.h:48:18 #10 0x7f313e41d1d6 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) /home/osboxes/mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:61:3 #11 0x5e7184 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/osboxes/mozilla-central/tools/fuzzing/libfuzzer/FuzzerLoop.cpp:517:13 #12 0x5bfb3f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/osboxes/mozilla-central/tools/fuzzing/libfuzzer/FuzzerDriver.cpp:280:6 #13 0x5cbc81 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/osboxes/mozilla-central/tools/fuzzing/libfuzzer/FuzzerDriver.cpp:703:9 #14 0x7f313ca077a1 in mozilla::FuzzerRunner::Run(int*, char***) /home/osboxes/mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:60:10 #15 0x7f313c91a398 in XREMain::XRE_mainStartup(bool*) /home/osboxes/mozilla-central/toolkit/xre/nsAppRunner.cpp:4023:35 #16 0x7f313c92ef98 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/osboxes/mozilla-central/toolkit/xre/nsAppRunner.cpp:4959:12 #17 0x7f313c930c2d in XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/osboxes/mozilla-central/toolkit/xre/nsAppRunner.cpp:5066:21 #18 0x51eaac in do_main /home/osboxes/mozilla-central/browser/app/nsBrowserApp.cpp:231:22 #19 0x51eaac in main /home/osboxes/mozilla-central/browser/app/nsBrowserApp.cpp:304 #20 0x7f3152806b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #21 0x421bc9 in _start (/home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/dist/bin/firefox+0x421bc9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/osboxes/mozilla-central/obj-x86_64-pc-linux-gnu/dist/include/nsTString.h:211:12 in CharAt ==3395==ABORTING
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → valentin.gosu
Whiteboard: [necko-triaged]
Updated•6 years ago
|
Group: core-security → network-core-security
Comment 1•6 years ago
|
||
What format is the attachment? Is that a testcase or a log?
Flags: needinfo?(agaynor)
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Updated•6 years ago
|
Blocks: libfuzzer-ipc
Updated•4 years ago
|
Group: network-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•