Closed Bug 1632830 Opened 4 years ago Closed 4 years ago

libFuzzer triggers assertion when exiting in debug builds

Categories

(Firefox Build System :: General, defect)

Product:
Firefox Build System
Component:
General
Platform:
x86_64
Linux
Type:
defect

Tracking

(firefox77 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: decoder, Assigned: decoder)

Details

Attachments

(1 file)

Bug 1632830 - Properly shutdown ScopedXPCOM instance with libFuzzer. r?truber
47 bytes, text/x-phabricator-request
Details | Review

In debug builds, libFuzzer triggers the following assertion in debug builds when it exits:

Assertion failure: isEmpty() (failing this assertion means this LinkedList's creator is buggy: it should have removed all this list's elements before the list's destruction), at dist/include/mozilla/LinkedList.h:440

This is because libFuzzer uses exit() for leaving it's main runtime loop rather than returning, causing our ScopedXPCOM instance to not be teared down properly. We can fix this however by allocating it on the heap and properly tearing it down in an atexit handler.

Pushed by choller@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f3c8de49902a
Properly shutdown ScopedXPCOM instance with libFuzzer. r=truber

https://hg.mozilla.org/mozilla-central/rev/f3c8de49902a

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: