Closed Bug 1584005 Opened 6 years ago Closed 6 years ago

undefined shift in modules/libjar/zipwriter/nsZipHeader.cpp

Categories

(Core :: Networking: JAR, defect, P3)

Product:
Core
Component:
Networking: JAR
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: tsmith, Assigned: CuveeHsu)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-undefined, testcase, Whiteboard: [necko-triaged])

Attachments

(2 files)

Bug 1584005 - P1 explicit failure for zip older than 1980
47 bytes, text/x-phabricator-request
Details | Review
Bug 1584005 - P2 fix tests with wrong parameter to ZipWriter
47 bytes, text/x-phabricator-request
Details | Review

This is triggered with an UBSan build. To enable this check add the following to your mozconfig:

ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="shift"
ac_add_options --disable-jemalloc

TEST-UNEXPECTED-FAIL | security/manager/ssl/tests/unit/test_signed_apps.js
...
src/modules/libjar/zipwriter/nsZipHeader.cpp:136:74: runtime error: left shift of negative value -10
    #0 0x7fd683abe2dd in nsZipHeader::Init(nsTSubstring<char> const&, long, unsigned int, unsigned int) src/modules/libjar/zipwriter/nsZipHeader.cpp:136:74
    #1 0x7fd683ac8956 in nsZipWriter::AddEntryStream(nsTSubstring<char> const&, long, int, nsIInputStream*, bool, unsigned int) src/modules/libjar/zipwriter/nsZipWriter.cpp:422:11
    #2 0x7fd683ac92c3 in nsZipWriter::AddEntryStream(nsTSubstring<char> const&, long, int, nsIInputStream*, bool) src/modules/libjar/zipwriter/nsZipWriter.cpp:394:10
    #3 0x7fd68212e941 in NS_InvokeByIndex src/xpcom/reflect/xptcall/md/unix/xptcinvoke_asm_x86_64_unix.S:106
    #4 0x7fd683a517a3 in Invoke src/js/xpconnect/src/XPCWrappedNative.cpp:1642:10
    #5 0x7fd683a517a3 in Call src/js/xpconnect/src/XPCWrappedNative.cpp:1183
    #6 0x7fd683a517a3 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) src/js/xpconnect/src/XPCWrappedNative.cpp:1149
    #7 0x7fd683a569e5 in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) src/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:943:10
    #8 0x7fd68c789554 in CallJSNative src/js/src/vm/Interpreter.cpp:458:13
    #9 0x7fd68c789554 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:551
    #10 0x7fd68c78b479 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:620:10
    #11 0x7fd68c770972 in CallFromStack src/js/src/vm/Interpreter.cpp:624:10
    #12 0x7fd68c770972 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3113
    #13 0x7fd68c7533d5 in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:424:10
    #14 0x7fd68c789656 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) src/js/src/vm/Interpreter.cpp:592:13
    #15 0x7fd68c78b479 in InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) src/js/src/vm/Interpreter.cpp:620:10
    #16 0x7fd68d5fc663 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) src/js/src/jit/BaselineIC.cpp:3229:10
    #17 0x3228a38c8797  (<unknown module>)

Hello Tyson,
Date() gives us 1970 in UBSAN build. Do you know if it's expected on top of your head?
https://searchfox.org/mozilla-central/rev/f1e99da78fe6c3c68696358dac06aed90f8112d3/security/manager/ssl/tests/unit/test_signed_apps.js#84

Currently ZipHeader support the date after 1980, I guess it's enough for now. It's 2019!

Moving to Security::PSM to see if we can assign a specific date for a signed app.

Component: Networking: JAR → Security: PSM
Flags: needinfo?(twsmith)

If nsZipHeader doesn't handle dates before 1980, it should check for that and return an error.

Looks like UBSAN is for undefined behavior, which has nothing to do with the environment

Flags: needinfo?(twsmith)
Assignee: nobody → juhsu
Component: Security: PSM → Networking: JAR
Priority: -- → P3
Whiteboard: [necko-triaged]

Would have easier life if libjar support 1970, which is the zero time offset.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=4a1a72183ff1251dfb77cc6e1994a82dd7869e2a

Pushed by juhsu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1d393c37e2e1 P1 explicit failure for zip older than 1980 r=michal https://hg.mozilla.org/integration/autoland/rev/0e9ba024c42e P2 fix tests with wrong parameter to ZipWriter r=michal

https://hg.mozilla.org/mozilla-central/rev/1d393c37e2e1
https://hg.mozilla.org/mozilla-central/rev/0e9ba024c42e

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox71: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: