Open Bug 1585721 Opened 2 years ago Updated 1 year ago

null pointer passed as argument 2, which is declared to never be null in include/nsCharTraits.h:299

Categories

(Core :: XPCOM, defect, P3)

defect

Tracking

()

Tracking Status
firefox71 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-undefined)

This is triggered with an UBSan build. To enable this check add the following to your mozconfig:

ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"
ac_add_options --disable-jemalloc

To trigger the issue run gtests.

*** You are running in headless mode.
Running GTest tests...
objdir-ff-ubsan/dist/include/nsCharTraits.h:299:23: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7fd4caba2473 in nsCharTraits<char>::copy(char*, char const*, unsigned long) objdir-ff-ubsan/dist/include/nsCharTraits.h:299:9
    #1 0x7fd4caba19fd in nsTSubstring<char>::StartBulkWriteImpl(unsigned int, unsigned int, bool, unsigned int, unsigned int, unsigned int) xpcom/string/nsTSubstring.cpp:245:5
    #2 0x7fd4cabb068d in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&, std::nothrow_t const&) xpcom/string/nsTSubstring.cpp:561:43
    #3 0x7fd4cab9e269 in nsTSubstring<char>::Assign(nsTSubstringTuple<char> const&) xpcom/string/nsTSubstring.cpp:546:8
    #4 0x7fd4cae7cae6 in nsChromeRegistryChrome::OverrideLocalePackage(nsTSubstring<char> const&, nsTSubstring<char>&) chrome/nsChromeRegistryChrome.cpp:182:7
    #5 0x7fd4cae7ffbf in nsChromeRegistryChrome::ManifestLocale(nsChromeRegistry::ManifestProcessingContext&, int, char* const*, int) chrome/nsChromeRegistryChrome.cpp:539:7
    #6 0x7fd4cadcab5e in ParseManifest(NSLocationType, mozilla::FileLocation&, char*, bool) xpcom/components/ManifestParser.cpp:653:7
    #7 0x7fd4cadd4abb in DoRegisterManifest(NSLocationType, mozilla::FileLocation&, bool) xpcom/components/nsComponentManager.cpp:760:5
    #8 0x7fd4cadd4cf8 in nsComponentManagerImpl::ManifestManifest(nsComponentManagerImpl::ManifestProcessingContext&, int, char* const*) xpcom/components/nsComponentManager.cpp:778:3
    #9 0x7fd4cadcacb2 in ParseManifest(NSLocationType, mozilla::FileLocation&, char*, bool) xpcom/components/ManifestParser.cpp:656:7
    #10 0x7fd4cadd4abb in DoRegisterManifest(NSLocationType, mozilla::FileLocation&, bool) xpcom/components/nsComponentManager.cpp:760:5
    #11 0x7fd4cadd3b34 in nsComponentManagerImpl::RereadChromeManifests(bool) xpcom/components/nsComponentManager.cpp:875:5
    #12 0x7fd4cadd2ba6 in nsComponentManagerImpl::Init() xpcom/components/nsComponentManager.cpp:533:5
    #13 0x7fd4cae9c624 in NS_InitXPCOM xpcom/build/XPCOMInit.cpp:445:51
    #14 0x7fd4c9e9d1bd in ScopedXPCOM::ScopedXPCOM(char const*, nsIDirectoryServiceProvider*) objdir-ff-ubsan/dist/include/testing/TestHarness.h:85:19
    #15 0x7fd4c9e9ca66 in mozilla::RunGTestFunc(int*, char**) testing/gtest/mozilla/GTestRunner.cpp:113:15
    #16 0x7fd4d7274a82 in XREMain::XRE_mainStartup(bool*) toolkit/xre/nsAppRunner.cpp:3788:16
    #17 0x7fd4d727e570 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4722:12
    #18 0x7fd4d727f2b3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4816:21
    #19 0x5642d9ac6cbc in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:218:22
    #20 0x5642d9ac639d in main browser/app/nsBrowserApp.cpp:300:16
    #21 0x7fd4f48e5b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #22 0x5642d99e8029 in _start (objdir-ff-ubsan/dist/bin/firefox+0x229029)

Another can be trigger by launching the browser normally.

objdir-ff-ubsan/dist/include/mozilla/Printf.h:181:23: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7fa26304f5f3 in mozilla::SprintfState<mozilla::MallocAllocPolicy>::append(char const*, unsigned long) objdir-ff-ubsan/dist/include/mozilla/Printf.h:181:7
    #1 0x56070c692052 in mozilla::PrintfTarget::fill2(char const*, int, int, int) mozglue/misc/Printf.cpp:92:8
    #2 0x56070c6948be in mozilla::PrintfTarget::vprint(char const*, __va_list_tag*) mozglue/misc/Printf.cpp:872:16
    #3 0x7fa26304f072 in mozilla::SprintfState<mozilla::MallocAllocPolicy>::vprint(char const*, __va_list_tag*) objdir-ff-ubsan/dist/include/mozilla/Printf.h:157:35
    #4 0x7fa26312d9c6 in mozilla::UniquePtr<char, mozilla::detail::AllocPolicyBasedFreePolicy<mozilla::MallocAllocPolicy> > mozilla::Smprintf<mozilla::MallocAllocPolicy>(char const*, ...) objdir-ff-ubsan/dist/include/mozilla/Printf.h:212:15
    #5 0x7fa26f9c5e88 in nsProfileLock::LockWithSymlink(nsIFile*, bool) toolkit/profile/nsProfileLock.cpp:306:7
    #6 0x7fa26f9c6f68 in nsProfileLock::Lock(nsIFile*, nsIProfileUnlocker**) toolkit/profile/nsProfileLock.cpp:489:10
    #7 0x7fa26f9c98b4 in nsToolkitProfileLock::Init(nsIFile*, nsIFile*, nsIProfileUnlocker**) toolkit/profile/nsToolkitProfileService.cpp:312:14
    #8 0x7fa26f9c7ad2 in NS_LockProfilePath(nsIFile*, nsIFile*, nsIProfileUnlocker**, nsIProfileLock**) toolkit/profile/nsToolkitProfileService.cpp:1639:23
    #9 0x7fa26f9ed75c in LockProfile(nsINativeAppSupport*, nsIFile*, nsIFile*, nsIToolkitProfile*, nsIProfileLock**) toolkit/xre/nsAppRunner.cpp:1936:12
    #10 0x7fa26f9ea8ac in XREMain::XRE_mainStartup(bool*) toolkit/xre/nsAppRunner.cpp:4060:8
    #11 0x7fa26f9f33e0 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4722:12
    #12 0x7fa26f9f4123 in XRE_main(int, char**, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4816:21
    #13 0x56070c5bfcbc in do_main(int, char**, char**) browser/app/nsBrowserApp.cpp:218:22
    #14 0x56070c5bf39d in main browser/app/nsBrowserApp.cpp:300:16
Component: Startup and Profile System → String
Priority: -- → P3
Product: Toolkit → Core

(In reply to Tyson Smith [:tsmith] from comment #0)

To trigger the issue run gtests.

Can you share which gtest this is?

The second one is likely to be unrelated, it might be better to have separate bugs.

(In reply to :dmajor from comment #2)

Can you share which gtest this is?

It is triggered immediately during startup. ./mach gtest and boom.

The second one is likely to be unrelated, it might be better to have separate bugs.

OK I'll open another bug and CC you.

The issue in comment #1 has been logged as bug 1589527

Summary: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h → null pointer passed as argument 2, which is declared to never be null in include/nsCharTraits.h:299
Blocks: 1640253
Component: String → XPCOM
You need to log in before you can comment on or make changes to this bug.