Closed Bug 1649314 Opened 1 year ago Closed 1 year ago

null pointer passed as argument 2, which is declared to never be null in src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100

Categories

(Core :: WebRTC, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla80
Tracking Status
firefox79 --- wontfix
firefox80 --- fixed

People

(Reporter: tsmith, Assigned: bwc)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

This can be triggered with mochitests. To enable this check add the following to your mozconfig:
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"

INFO - TEST-START | dom/media/tests/mochitest/test_peerConnection_bug825703.html
src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100:21: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0x7fb488ccf71a in r_data_create src/media/mtransport/third_party/nrappkit/src/util/libekr/r_data.c:100:5
    #1 0x7fb47ff4e457 in mozilla::NrIceTurnServer::ToNicerTurnStruct(nr_ice_turn_server_*) const src/media/mtransport/nricectx.cpp:259:11
    #2 0x7fb47ff57cd6 in mozilla::NrIceCtx::SetTurnServers(std::vector<mozilla::NrIceTurnServer, std::allocator<mozilla::NrIceTurnServer> > const&) src/media/mtransport/nricectx.cpp:824:35
    #3 0x7fb47fdd87e5 in operator() src/media/webrtc/signaling/src/peerconnection/MediaTransportHandler.cpp:407:15
    #4 0x7fb47fdd87e5 in mozilla::detail::ProxyFunctionRunnable<mozilla::MediaTransportHandlerSTS::CreateIceCtx(std::string const&, nsTArray<mozilla::dom::RTCIceServer> const&, mozilla::dom::RTCIceTransportPolicy)::$_23, mozilla::MozPromise<bool, std::string, false> >::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:1564:29
    #5 0x7fb47e105a83 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1234:14
    #6 0x7fb47e11000c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:504:10
    #7 0x7fb47f2171ca in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:87:21
    #8 0x7fb47f134ed7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:316:10
    #9 0x7fb47f134ed7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:309:3
    #10 0x7fb47f134ed7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:291:3
    #11 0x7fb485380e48 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
    #12 0x7fb488b8bda6 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:913:20
    #13 0x7fb47f134ed7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:316:10
    #14 0x7fb47f134ed7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:309:3
    #15 0x7fb47f134ed7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:291:3
    #16 0x7fb488b8b378 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:744:34
    #17 0x559ea4b56044 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
    #18 0x559ea4b56044 in main src/browser/app/nsBrowserApp.cpp:303:18
    #19 0x7fb49e3acb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #20 0x559ea4aaa9d7 in _start (/builds/worker/workspace/build/application/firefox/firefox+0xa59d7)

Byron, wanna take this one?

Flags: needinfo?(docfaraday)
Assignee: nobody → docfaraday
Severity: -- → S2
Flags: needinfo?(docfaraday)
Priority: -- → P2
Pushed by bcampen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4ccb7e21d9cf
Null-check before calling memcpy to avoid UBSan warnings. r=mjf
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla80

The patch landed in nightly and beta is affected.
:bwc, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(docfaraday)

Probably not, unless we intend to be tightening UBsan rules on beta testing. While passing null here is undefined behavior, pretty much every implementation in existence does something reasonable as long as the length is 0.

Flags: needinfo?(docfaraday)
You need to log in before you can comment on or make changes to this bug.