Closed Bug 1490828 Opened Last year Closed Last year

UBSan: load of value 228, which is not a valid value for type 'bool' in /builds/worker/workspace/build/src/docshell/shistory/nsSHEntry.cpp:1011:15

Categories

(Firefox :: Session Restore, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 64
Tracking Status
firefox64 --- fixed

People

(Reporter: tsmith, Assigned: njn)

References

Details

(Keywords: csectype-undefined)

Attachments

(1 file)

task 2018-09-11T07:55:15.998Z] 07:55:15     INFO - TEST-START | browser/components/sessionstore/test/browser_frame_history.js
[task 2018-09-11T07:55:16.583Z] 07:55:16     INFO - GECKO(1075) | /builds/worker/workspace/build/src/docshell/shistory/nsSHEntry.cpp:1011:15: runtime error: load of value 228, which is not a valid value for type 'bool'

This is triggered by a test (browser/components/sessionstore/test/browser_frame_history.js) when the browser is built with undefined behavior sanitizer, specifically the "bool" check (-fasanitize=bool). This is likely due to the use of uninitialized memory.
A temporary "fix" might be to add it to suppressions, which appears to be separate for testing.

https://dxr.mozilla.org/mozilla-central/source/testing/mozbase/mozrunner/mozrunner/utils.py#224
Nick do you know who might be able to help with this?
Flags: needinfo?(n.nethercote)
I can look at this.
Assignee: nobody → n.nethercote
Flags: needinfo?(n.nethercote)
Very likely to be caused by patch 5 in bug 1488321: https://hg.mozilla.org/mozilla-central/rev/afb85694d4ff. I will post a fix shortly.
Tyson, there's a good chance this will fix the problem.
Attachment #9008871 - Flags: review?(nika)
Attachment #9008871 - Flags: feedback?(twsmith)
I pushed a commit with this patch and the UBSan patches to try:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=48b05f6870797fc310ec51555b0878f1d3161401
Attachment #9008871 - Flags: feedback?(twsmith) → feedback+
Attachment #9008871 - Flags: review?(nika) → review+
Blocks: 1488321
Pushed by nnethercote@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/314994bc7f3f
Handle mPersist in the nsSHEntry copy constructor. r=nika
https://hg.mozilla.org/mozilla-central/rev/314994bc7f3f
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 64
You need to log in before you can comment on or make changes to this bug.