1649314 - null pointer passed as argument 2, which is declared to never be null in src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100

Status: RESOLVED FIXED

(Core :: WebRTC, defect, P2)

Description

[Tyson Smith [:tsmith]]

This can be triggered with mochitests. To enable this check add the following to your mozconfig:
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"

INFO - TEST-START | dom/media/tests/mochitest/test_peerConnection_bug825703.html
src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100:21: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0x7fb488ccf71a in r_data_create src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100:5
    #1 0x7fb47ff4e457 in mozilla::NrIceTurnServer::ToNicerTurnStruct(nr_ice_turn_server_*) const src/media/mtransport/nricectx.cpp:259:11
    #2 0x7fb47ff57cd6 in mozilla::NrIceCtx::SetTurnServers(std::vector<mozilla::NrIceTurnServer, std::allocator<mozilla::NrIceTurnServer> > const&) src/media/mtransport/nricectx.cpp:824:35
    #3 0x7fb47fdd87e5 in operator() src/media/webrtc/signaling/src/peerconnection/MediaTransportHandler.cpp:407:15
    #4 0x7fb47fdd87e5 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaTransportHandlerSTS::CreateIceCtx(std::string const&, nsTArray<mozilla::dom::RTCIceServer> const&, mozilla::dom::RTCIceTransportPolicy)::$_23, mozilla::MozPromise<bool, std::string, false> >::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1564:29
    #5 0x7fb47e105a83 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1234:14
    #6 0x7fb47e11000c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:504:10
    #7 0x7fb47f2171ca in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:87:21
    #8 0x7fb47f134ed7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:316:10
    #9 0x7fb47f134ed7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:309:3
    #10 0x7fb47f134ed7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:291:3
    #11 0x7fb485380e48 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
    #12 0x7fb488b8bda6 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:913:20
    #13 0x7fb47f134ed7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:316:10
    #14 0x7fb47f134ed7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:309:3
    #15 0x7fb47f134ed7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:291:3
    #16 0x7fb488b8b378 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:744:34
    #17 0x559ea4b56044 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
    #18 0x559ea4b56044 in main src/browser/app/nsBrowserApp.cpp:303:18
    #19 0x7fb49e3acb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #20 0x559ea4aaa9d7 in _start (/builds/worker/workspace/build/application/firefox/firefox+0xa59d7)

Comment 1

[Jan-Ivar Bruaroey [:jib] (needinfo? me)]

Byron, wanna take this one?

Comment 2

[Byron Campen [:bwc]]

Attachment: Bug 1649314: Null-check before calling memcpy to avoid UBSan warnings. r?mjf

Comment 3

[Byron Campen [:bwc]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=7174b924b7480155d7b38f6b589956fda8b07802

Comment 4

[Byron Campen [:bwc]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=d2ef47cf0951a6c91a4ca5852f96c638961ff756

Comment 5

[Byron Campen [:bwc]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=fe64560e330323531fc305f94f696a2e72620d67

Comment 6

[Pulsebot]

Pushed by bcampen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4ccb7e21d9cf
Null-check before calling memcpy to avoid UBSan warnings. r=mjf

Comment 7

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/4ccb7e21d9cf

Comment 8

[BugBot [:suhaib / :marco/ :calixte]]

The patch landed in nightly and beta is affected.
:bwc, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Comment 9

[Byron Campen [:bwc]]

Probably not, unless we intend to be tightening UBsan rules on beta testing. While passing null here is undefined behavior, pretty much every implementation in existence does something reasonable as long as the length is 0.