Open Bug 1585721 Opened 5 years ago Updated 2 years ago

null pointer passed as argument 2, which is declared to never be null in include/nsCharTraits.h:299

Categories

(Core :: XPCOM, defect, P3)

defect

Tracking

()

Tracking Status
firefox-esr91 --- wontfix
firefox-esr102 --- affected
firefox71 --- wontfix
firefox104 --- wontfix
firefox105 --- wontfix
firefox106 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-undefined)

This is triggered with an UBSan build. To enable this check add the following to your mozconfig:

ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"
ac_add_options --disable-jemalloc

To trigger the issue run gtests.

*** You are running in headless mode.
Running GTest tests...
objdir-ff-ubsan/dist/include/nsCharTraits.h:299:23: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7fd4caba2473 in nsCharTraits<char>::copy(char*, char const*, unsigned long) objdir-ff-ubsan/dist/include/nsCharTraits.h:299:9
    #1 0x7fd4caba19fd in nsTSubstring<char>::StartBulkWriteImpl(unsigned int, unsigned int, bool, unsigned int, unsigned int, unsigned int) xpcom/string/nsTSubstring.cpp:245:5
    #2 0x7fd4cabb068d in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&, std::nothrow_t const&) xpcom/string/nsTSubstring.cpp:561:43
    #3 0x7fd4cab9e269 in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&) xpcom/string/nsTSubstring.cpp:546:8
    #4 0x7fd4cae7cae6 in nsChromeRegistryChrome::OverrideLocalePackage(nsTSubstring<char> const&, nsTSubstring<char>&) chrome/nsChromeRegistryChrome.cpp:182:7
    #5 0x7fd4cae7ffbf in nsChromeRegistryChrome::ManifestLocale(nsChromeRegistry::ManifestProcessingContext&, int, char* const*, int) chrome/nsChromeRegistryChrome.cpp:539:7
    #6 0x7fd4cadcab5e in ParseManifest(NSLocationType, mozilla::FileLocation&, char*, bool) xpcom/components/ManifestParser.cpp:653:7
    #7 0x7fd4cadd4abb in DoRegisterManifest(NSLocationType, mozilla::FileLocation&, bool) xpcom/components/nsComponentManager.cpp:760:5
    #8 0x7fd4cadd4cf8 in nsComponentManagerImpl::ManifestManifest(nsComponentManagerImpl::ManifestProcessingContext&, int, char* const*) xpcom/components/nsComponentManager.cpp:778:3
    #9 0x7fd4cadcacb2 in ParseManifest(NSLocationType, mozilla::FileLocation&, char*, bool) xpcom/components/ManifestParser.cpp:656:7
    #10 0x7fd4cadd4abb in DoRegisterManifest(NSLocationType, mozilla::FileLocation&, bool) xpcom/components/nsComponentManager.cpp:760:5
    #11 0x7fd4cadd3b34 in nsComponentManagerImpl::RereadChromeManifests(bool) xpcom/components/nsComponentManager.cpp:875:5
    #12 0x7fd4cadd2ba6 in nsComponentManagerImpl::Init() xpcom/components/nsComponentManager.cpp:533:5
    #13 0x7fd4cae9c624 in NS_InitXPCOM xpcom/build/XPCOMInit.cpp:445:51
    #14 0x7fd4c9e9d1bd in ScopedXPCOM::ScopedXPCOM(char const*, nsIDirectoryServiceProvider*) objdir-ff-ubsan/dist/include/testing/TestHarness.h:85:19
    #15 0x7fd4c9e9ca66 in mozilla::RunGTestFunc(int*, char**) testing/gtest/mozilla/GTestRunner.cpp:113:15
    #16 0x7fd4d7274a82 in XREMain::XRE_mainStartup(bool*) toolkit/xre/nsAppRunner.cpp:3788:16
    #17 0x7fd4d727e570 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4722:12
    #18 0x7fd4d727f2b3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4816:21
    #19 0x5642d9ac6cbc in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:218:22
    #20 0x5642d9ac639d in main browser/app/nsBrowserApp.cpp:300:16
    #21 0x7fd4f48e5b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #22 0x5642d99e8029 in _start (objdir-ff-ubsan/dist/bin/firefox+0x229029)

Another can be trigger by launching the browser normally.

objdir-ff-ubsan/dist/include/mozilla/Printf.h:181:23: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7fa26304f5f3 in mozilla::SprintfState<mozilla::MallocAllocPolicy>::append(char const*, unsigned long) objdir-ff-ubsan/dist/include/mozilla/Printf.h:181:7
    #1 0x56070c692052 in mozilla::PrintfTarget::fill2(char const*, int, int, int) mozglue/misc/Printf.cpp:92:8
    #2 0x56070c6948be in mozilla::PrintfTarget::vprint(char const*, __va_list_tag*) mozglue/misc/Printf.cpp:872:16
    #3 0x7fa26304f072 in mozilla::SprintfState<mozilla::MallocAllocPolicy>::vprint(char const*, __va_list_tag*) objdir-ff-ubsan/dist/include/mozilla/Printf.h:157:35
    #4 0x7fa26312d9c6 in mozilla::UniquePtr<char, mozilla::detail::AllocPolicyBasedFreePolicy<mozilla::MallocAllocPolicy> > mozilla::Smprintf<mozilla::MallocAllocPolicy>(char const*, ...) objdir-ff-ubsan/dist/include/mozilla/Printf.h:212:15
    #5 0x7fa26f9c5e88 in nsProfileLock::LockWithSymlink(nsIFile*, bool) toolkit/profile/nsProfileLock.cpp:306:7
    #6 0x7fa26f9c6f68 in nsProfileLock::Lock(nsIFile*, nsIProfileUnlocker**) toolkit/profile/nsProfileLock.cpp:489:10
    #7 0x7fa26f9c98b4 in nsToolkitProfileLock::Init(nsIFile*, nsIFile*, nsIProfileUnlocker**) toolkit/profile/nsToolkitProfileService.cpp:312:14
    #8 0x7fa26f9c7ad2 in NS_LockProfilePath(nsIFile*, nsIFile*, nsIProfileUnlocker**, nsIProfileLock**) toolkit/profile/nsToolkitProfileService.cpp:1639:23
    #9 0x7fa26f9ed75c in LockProfile(nsINativeAppSupport*, nsIFile*, nsIFile*, nsIToolkitProfile*, nsIProfileLock**) toolkit/xre/nsAppRunner.cpp:1936:12
    #10 0x7fa26f9ea8ac in XREMain::XRE_mainStartup(bool*) toolkit/xre/nsAppRunner.cpp:4060:8
    #11 0x7fa26f9f33e0 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4722:12
    #12 0x7fa26f9f4123 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4816:21
    #13 0x56070c5bfcbc in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:218:22
    #14 0x56070c5bf39d in main browser/app/nsBrowserApp.cpp:300:16
Component: Startup and Profile System → String
Priority: -- → P3
Product: Toolkit → Core

(In reply to Tyson Smith [:tsmith] from comment #0)

To trigger the issue run gtests.

Can you share which gtest this is?

The second one is likely to be unrelated, it might be better to have separate bugs.

(In reply to :dmajor from comment #2)

Can you share which gtest this is?

It is triggered immediately during startup. ./mach gtest and boom.

The second one is likely to be unrelated, it might be better to have separate bugs.

OK I'll open another bug and CC you.

The issue in comment #1 has been logged as bug 1589527

Summary: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h → null pointer passed as argument 2, which is declared to never be null in include/nsCharTraits.h:299
Blocks: 1640253
Component: String → XPCOM

Updated stack from m-c 20220908-5caa044a10b8. Triggered by launching the browser.

src/xpcom/string/nsCharTraits.h:314:23: runtime error: null pointer passed as argument 2, which is declared to never be null
.mozbuild/sysroot-x86_64-linux-gnu/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0x7fb0fab696b1 in nsCharTraits<char>::copy(char*, char const*, unsigned long) src/xpcom/string/nsCharTraits.h:314:9
    #1 0x7fb0fab696b1 in nsTSubstring<char>::StartBulkWriteImpl(unsigned long, unsigned long, bool, unsigned long, unsigned long, unsigned long) src/xpcom/string/nsTSubstring.cpp:272:5
    #2 0x7fb0fab7ef27 in nsTSubstring<char>::AssignNonDependent(nsTSubstringTuple<char> const&, unsigned long, std::nothrow_t const&) src/xpcom/string/nsTSubstring.cpp:592:12
    #3 0x7fb0fab7e2e0 in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&, std::nothrow_t const&) src/xpcom/string/nsTSubstring.cpp:618:10
    #4 0x7fb0fab731c4 in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&) src/xpcom/string/nsTSubstring.cpp:581:8
    #5 0x7fb0fcd3e12f in nsTSubstring<char>::nsTSubstring(nsTSubstringTuple<char> const&) src/objdir-ff-ubsan/dist/include/nsTSubstring.h:1160:5
    #6 0x7fb0fcd3e12f in mozilla::NullPrincipal::CreateURI(nsIPrincipal*, nsID const*) src/caps/NullPrincipal.cpp:109:19
    #7 0x7fb0fcd3cd1b in mozilla::NullPrincipal::CreateInternal(mozilla::OriginAttributes const&, bool, nsIURI*, nsIPrincipal*) src/caps/NullPrincipal.cpp:161:11
    #8 0x7fb0fcd3d7cb in mozilla::NullPrincipal::Create(mozilla::OriginAttributes const&, nsIURI*) src/caps/NullPrincipal.cpp:71:10
    #9 0x7fb0fcd3d7cb in mozilla::NullPrincipal::CreateWithoutOriginAttributes() src/caps/NullPrincipal.cpp:76:10
    #10 0x7fb0fdf8241a in nsContentUtils::Init() src/dom/base/nsContentUtils.cpp:759:7
    #11 0x7fb104da2419 in nsLayoutStatics::Initialize() src/layout/build/nsLayoutStatics.cpp:163:8
    #12 0x7fb104da2259 in nsLayoutModuleInitialize() src/layout/build/nsLayoutModule.cpp:104:7
    #13 0x7fb0faddf437 in nsComponentManagerImpl::Init() src/xpcom/components/nsComponentManager.cpp:371:5
    #14 0x7fb0faec5668 in NS_InitXPCOM src/xpcom/build/XPCOMInit.cpp:430:51
    #15 0x7fb10904ec46 in ScopedXPCOMStartup::Initialize(bool) src/toolkit/xre/nsAppRunner.cpp:2078:8
    #16 0x7fb109063511 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5909:22
    #17 0x7fb1090642db in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:5969:21
    #18 0x7fb109084b10 in mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/Bootstrap.cpp:45:12
    #19 0x55f08dfb3657 in do_main(int, char**, char**) src/browser/app/nsBrowserApp.cpp:226:22
    #20 0x55f08dfb287e in main src/browser/app/nsBrowserApp.cpp:430:16
    #21 0x7fb127adfc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #22 0x55f08def2728 in _start (src/objdir-ff-ubsan/dist/bin/firefox+0x117728) (BuildId: dfd02774109ad47e1b0ced44c046944e0b435745)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.