Closed
Bug 1586170
Opened 5 years ago
Closed 4 years ago
reference binding to null pointer of type 'const unsigned char' in [@ mozilla::NrIceTurnServer::ToNicerTurnStruct]
Categories
(Core :: WebRTC, defect, P3)
Core
WebRTC
Tracking
()
RESOLVED
FIXED
mozilla73
People
(Reporter: tsmith, Assigned: away)
References
(Blocks 1 open bug)
Details
(Keywords: csectype-undefined)
Attachments
(1 file)
This is triggered with an UBSan build. To enable this check add the following to your mozconfig:
ac_add_options --enable-address-sanitizer
ac_add_options --enable-undefined-sanitizer="null"
ac_add_options --disable-jemalloc
TEST-START | /webrtc/RTCConfiguration-bundlePolicy.html
...
/builds/worker/fetches/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/6.4.0/../../../../include/c++/6.4.0/bits/stl_vector.h:796:16: runtime error: reference binding to null pointer of type 'const unsigned char'
#0 0x7f5e184f10da in operator[] /builds/worker/fetches/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/6.4.0/../../../../include/c++/6.4.0/bits/stl_vector.h:796:9
#1 0x7f5e184f10da in mozilla::NrIceTurnServer::ToNicerTurnStruct(nr_ice_turn_server_*) const src/media/mtransport/nricectx.cpp:259
#2 0x7f5e184fc73a in mozilla::NrIceCtx::SetTurnServers(std::vector<mozilla::NrIceTurnServer, std::allocator<mozilla::NrIceTurnServer> > const&) src/media/mtransport/nricectx.cpp:821:35
#3 0x7f5e1838c7d4 in operator() src/media/webrtc/signaling/src/peerconnection/MediaTransportHandler.cpp:406:15
#4 0x7f5e1838c7d4 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaTransportHandlerSTS::CreateIceCtx(std::string const&, nsTArray<mozilla::dom::RTCIceServer> const&, mozilla::dom::RTCIceTransportPolicy)::$_0, mozilla::MozPromise<bool, std::string, false> >::Run() src/obj-firefox/dist/include/mozilla/MozPromise.h:1450
#5 0x7f5e164cd79f in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1225:14
#6 0x7f5e164d6de6 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:486:10
#7 0x7f5e1760ec0f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#8 0x7f5e1752c617 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#9 0x7f5e1752c617 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#10 0x7f5e1752c617 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#11 0x7f5e1dc746e1 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#12 0x7f5e2181df7d in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:934:20
#13 0x7f5e1752c617 in RunInternal src/ipc/chromium/src/base/message_loop.cc:315:10
#14 0x7f5e1752c617 in RunHandler src/ipc/chromium/src/base/message_loop.cc:308
#15 0x7f5e1752c617 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290
#16 0x7f5e2181d4ad in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:769:34
#17 0x562dde02de79 in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#18 0x562dde02e1b9 in main src/browser/app/nsBrowserApp.cpp:272:18
#19 0x7f5e385a382f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
#20 0x562dddf4fe38 in _start (application/firefox/firefox+0x95e38)
Updated•5 years ago
|
Priority: -- → P3
ekr, is this still your turf these days? UBSan isn't happy about taking &password_[0]
if the vector's size is zero; it may not have any storage allocated.
Flags: needinfo?(ekr)
UBSan was complaining about taking &password_[0]
when the vector had zero capacity, because its STL's implementation of operator[]
used a reference in an intermediate step, and putting null into a reference is prohibited.
While I'm here, I dropped the const_cast
, since the callee was changed to accept const UCHAR*
years ago.
Updated•4 years ago
|
Assignee: nobody → dmajor
Status: NEW → ASSIGNED
Pushed by dmajor@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7373e508deee Fix ubsan issue in NrIceTurnServer::ToNicerTurnStruct r=bwc
Comment 5•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox73:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla73
Comment 6•4 years ago
|
||
Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.
status-firefox72:
--- → ?
Updated•4 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•