Closed Bug 1804974 Opened 2 years ago Closed 8 months ago

deprecated libva-vdpau-driver: Crash in [@ _xcb_socket]

Categories

(Core :: Security: Process Sandboxing, defect, P3)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox109 --- disabled

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/54358815-429b-443d-8472-0dcdb0221205

Reason: SIGSYS / SYS_SECCOMP

Top 10 frames of crashing thread:

0  libc.so.6  __GI___socket  /usr/src/debug/glibc-2.36/sysdeps/unix/syscall-template.S:120
1  libxcb.so.1  _xcb_socket  /usr/src/debug/libxcb-1.15-1.4.x86_64/src/xcb_util.c:317
2  libxcb.so.1  xcb_connect_to_display_with_auth_info  /usr/src/debug/libxcb-1.15-1.4.x86_64/src/xcb_util.c:521
3  libX11.so.6  libX11.so.6@0x44201  
4  libX11.so.6  libX11.so.6@0x35d32  
5  libX11.so.6  libX11.so.6@0x4143f  
6  libX11.so.6  libX11.so.6@0x4143f  
7  libX11.so.6  libX11.so.6@0x4140f  
8  libX11.so.6  libX11.so.6@0x4140f  
9  firefox-bin  memset  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/x86_64-linux-gnu/bits/string3.h:84

There aren't a ton of these crashes, so maybe it is just a user with some odd settings, but I figured I'd file it.

10 vdpau_drv_video.so __vaDriverInit_1_15 /usr/src/debug/libva-vdpau-driver-0.7.4-7.10.x86_64/src/vdpau_driver.c:317

We don't want to run this code.
IIRC legacy dri2 wants an X11 auth cookie while dri3 works with an fd.
vaGetDisplayDRM uses dri3 (bug 1580166 comment 6).

vdpau_drv_video.so background:
Deprecated libva-vdpau-driver doesn't support vaGetDisplayDRM and crashes.
Therefore the VAAPI test has been moved into the glxtest process (bug 1787182, bug 1758473/bug 1777927) to disable VAAPI in case vdpau_drv_video.so is present.

Could a sandbox rule just block vdpau_drv_video.so from being loaded in RDD and glxtest?

(Darkspirit from bug 1758473 comment #9)

It might be this one: https://salsa.debian.org/multimedia-team/attic/vdpau-video/-/blob/63450ffea86143d418c6e83cb8d2828d3a7beb25/src/vdpau_driver.c#L188

const char * const x11_dpy_name = XDisplayString(driver_data->x11_dpy);

https://bugs.archlinux.org/task/72241#comments

vaGetDisplayDRM() doesn't fill ->x11_dpy

VAAPI should be blocked for vdpau_drv_video.so.
vdpau_drv_video.so is deprecated and has been removed from Debian.
Debian Buster (oldstable) was the last release that had a package for it: https://packages.debian.org/oldstable/vdpau-va-driver
https://tracker.debian.org/pkg/vdpau-video
https://salsa.debian.org/multimedia-team/attic/vdpau-video

OS: Unspecified → Linux
Hardware: Unspecified → x86_64
See Also: → 1787182
Summary: Crash in [@ _xcb_socket] → deprecated libva-vdpau-driver: Crash in [@ _xcb_socket]

Unfortunately we don't have anything that could block a specific library at the sandbox level, but it'd be pretty simple for glxtest to use dl_iterate_phdr to see if a library with a given name was loaded.

Severity: -- → S4
Priority: -- → P3
Flags: needinfo?(gpascutto)
Depends on: 1815528

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 10 desktop browser crashes on nightly

:gcp, could you consider increasing the severity of this top-crash bug?

For more information, please visit auto_nag documentation.

Flags: needinfo?(gpascutto)
Keywords: topcrash

This is still disabled-by-default AFAIK so no reason to do that.

Flags: needinfo?(gpascutto)

Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.

For more information, please visit auto_nag documentation.

Keywords: topcrash

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.