Closed Bug 1851694 Opened 1 year ago Closed 1 year ago

UB in some function calls from noop sandbox

Categories

(Core :: Security: RLBox, defect)

Product:
Core
Component:
Security: RLBox
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
firefox119 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file)

Bug 1851694 - Suppress ubsan function sanitizer for rlbox's impl_invoke_with_func_ptr.
48 bytes, text/x-phabricator-request
Details | Review

As reported by UBSan when bug 1851107 landed:

[task 2023-09-05T10:03:37.094Z] 10:03:37     INFO - /builds/worker/workspace/obj-build/dist/include/mozilla/rlbox/rlbox_noop_sandbox.hpp:187:12: runtime error: call to function createSoundTouchObj through pointer to incorrect function type 'void *(*)()'
[task 2023-09-05T10:03:37.096Z] 10:03:37     INFO - /builds/worker/checkouts/gecko/media/libsoundtouch/src/SoundTouchFactory.cpp:15: note: createSoundTouchObj defined here
[task 2023-09-05T10:03:37.108Z] 10:03:37     INFO - REFTEST TEST-START | dom/media/test/crashtests/852838.html
[task 2023-09-05T10:03:37.109Z] 10:03:37     INFO - REFTEST TEST-LOAD | file:///builds/worker/workspace/build/tests/reftest/tests/dom/media/test/crashtests/852838.html | 625 / 4003 (15%)
[task 2023-09-05T10:03:38.548Z] 10:03:38     INFO -     #0 0x7fbc5bba3973 in impl_invoke_with_func_ptr<soundtouch::SoundTouch *(), void *()> /builds/worker/workspace/obj-build/dist/include/mozilla/rlbox/rlbox_noop_sandbox.hpp:187:12
[task 2023-09-05T10:03:38.548Z] 10:03:38     INFO -     #1 0x7fbc5bba3973 in INTERNAL_invoke_with_func_ptr<soundtouch::SoundTouch *()> /builds/worker/workspace/obj-build/dist/include/mozilla/rlbox/rlbox_sandbox.hpp:790:40
[task 2023-09-05T10:03:38.548Z] 10:03:38     INFO -     #2 0x7fbc5bba3973 in mozilla::RLBoxSoundTouch::RLBoxSoundTouch() /builds/worker/checkouts/gecko/dom/media/RLBoxSoundTouch.cpp:19:29
[task 2023-09-05T10:03:38.548Z] 10:03:38     INFO -     #3 0x7fbc5b7cfbe6 in mozilla::AudioStream::EnsureTimeStretcherInitialized() /builds/worker/checkouts/gecko/dom/media/AudioStream.cpp:171:26
[task 2023-09-05T10:03:38.548Z] 10:03:38     INFO -     #4 0x7fbc5b7d4ce2 in mozilla::AudioStream::UpdatePlaybackRateIfNeeded() /builds/worker/checkouts/gecko/dom/media/AudioStream.cpp:583:3
[task 2023-09-05T10:03:38.555Z] 10:03:38     INFO -     #5 0x7fbc5b7d5444 in mozilla::AudioStream::DataCallback(void*, long) /builds/worker/checkouts/gecko/dom/media/AudioStream.cpp:615:3
[task 2023-09-05T10:03:38.557Z] 10:03:38     INFO -     #6 0x7fbc668b35ef in _$LT$audioipc2_client..stream..CallbackServer$u20$as$u20$audioipc2..rpccore..Server$GT$::process::_$u7b$$u7b$closure$u7d$$u7d$::h6cac53d0f739703e /builds/worker/checkouts/gecko/third_party/rust/audioipc2-client/src/stream.rs:111:25
[task 2023-09-05T10:03:38.558Z] 10:03:38     INFO -     #7 0x7fbc668b35ef in audioipc2_client::run_in_callback::h49c265e95188e81a /builds/worker/checkouts/gecko/third_party/rust/audioipc2-client/src/lib.rs:50:13
[task 2023-09-05T10:03:38.560Z] 10:03:38     INFO -     #8 0x7fbc668b35ef in _$LT$audioipc2_client..stream..CallbackServer$u20$as$u20$audioipc2..rpccore..Server$GT$::process::h89b243d7e2fa0fab /builds/worker/checkouts/gecko/third_party/rust/audioipc2-client/src/stream.rs:94:17
[task 2023-09-05T10:03:38.561Z] 10:03:38     INFO -     #9 0x7fbc668afe72 in _$LT$audioipc2..rpccore..ServerHandler$LT$S$GT$$u20$as$u20$audioipc2..rpccore..Handler$GT$::consume::hd6e653c55f67bb5e /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/rpccore.rs:370:24
[task 2023-09-05T10:03:38.562Z] 10:03:38     INFO -     #10 0x7fbc668afe72 in _$LT$audioipc2..ipccore..FramedDriver$LT$T$GT$$u20$as$u20$audioipc2..ipccore..Driver$GT$::process_inbound::h34d733912b0e5016 /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs:624:13
[task 2023-09-05T10:03:38.564Z] 10:03:38     INFO -     #11 0x7fbc6688239c in audioipc2::ipccore::Connection::recv_inbound::h7480a162d4bd832c /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs:474:29
[task 2023-09-05T10:03:38.565Z] 10:03:38     INFO -     #12 0x7fbc6688239c in audioipc2::ipccore::Connection::handle_event::ha42cc7aaeb123b79 /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs:419:13
[task 2023-09-05T10:03:38.567Z] 10:03:38     INFO -     #13 0x7fbc6688239c in audioipc2::ipccore::EventLoop::poll::h22de1822a5858299 /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs:214:31
[task 2023-09-05T10:03:38.568Z] 10:03:38     INFO -     #14 0x7fbc668c864d in audioipc2::ipccore::EventLoopThread::new::_$u7b$$u7b$closure$u7d$$u7d$::h9ee24c4bab154c95 /builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs:706:25
[task 2023-09-05T10:03:38.569Z] 10:03:38     INFO -     #15 0x7fbc668c864d in std::sys_common::backtrace::__rust_begin_short_backtrace::h9fa096bd755d0f73 /builds/worker/fetches/rust/library/std/src/sys_common/backtrace.rs:135:18
[task 2023-09-05T10:03:38.571Z] 10:03:38     INFO -     #16 0x7fbc668c7b63 in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hdb4cffc1280b2a95 /builds/worker/fetches/rust/library/std/src/thread/mod.rs:529:17
[task 2023-09-05T10:03:38.572Z] 10:03:38     INFO -     #17 0x7fbc668c7b63 in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h9f61898721146f80 /builds/worker/fetches/rust/library/core/src/panic/unwind_safe.rs:271:9
[task 2023-09-05T10:03:38.573Z] 10:03:38     INFO -     #18 0x7fbc668c7b63 in std::panicking::try::do_call::he0c17f7c7356c361 /builds/worker/fetches/rust/library/std/src/panicking.rs:500:40
[task 2023-09-05T10:03:38.575Z] 10:03:38     INFO -     #19 0x7fbc668c7b63 in std::panicking::try::hc1fcd91738349de5 /builds/worker/fetches/rust/library/std/src/panicking.rs:464:19
[task 2023-09-05T10:03:38.576Z] 10:03:38     INFO -     #20 0x7fbc668c7b63 in std::panic::catch_unwind::h4a5ed98bd1cc02d4 /builds/worker/fetches/rust/library/std/src/panic.rs:142:14
[task 2023-09-05T10:03:38.577Z] 10:03:38     INFO -     #21 0x7fbc668c7b63 in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::ha4306bc9e7b7fa90 /builds/worker/fetches/rust/library/std/src/thread/mod.rs:528:30
[task 2023-09-05T10:03:38.577Z] 10:03:38     INFO -     #22 0x7fbc668c7b63 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::hf1b73b69ef780f2b /builds/worker/fetches/rust/library/core/src/ops/function.rs:250:5
[task 2023-09-05T10:03:38.578Z] 10:03:38     INFO -     #23 0x7fbc6896c5c5 in std::sys::unix::thread::Thread::new::thread_start::h003eb65680e1a10c gkrust.9ac88243ecc8999d-cgu.0
[task 2023-09-05T10:03:38.578Z] 10:03:38     INFO -     #24 0x7fbc7ac826da in start_thread /tmp/glibc/nptl/pthread_create.c:463
[task 2023-09-05T10:03:38.579Z] 10:03:38     INFO -     #25 0x7fbc79a45a3e in __clone /tmp/glibc/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
[task 2023-09-05T10:03:38.580Z] 10:03:38     INFO - SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /builds/worker/workspace/obj-build/dist/include/mozilla/rlbox/rlbox_noop_sandbox.hpp:187:12 in
Assignee: nobody → mh+mozilla
Pushed by mh@glandium.org: https://hg.mozilla.org/integration/autoland/rev/2f68fbb320b9 Suppress ubsan function sanitizer for rlbox's impl_invoke_with_func_ptr. r=shravanrn

https://hg.mozilla.org/mozilla-central/rev/2f68fbb320b9

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox119: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: