Closed Bug 1867673 Opened 1 year ago Closed 1 year ago

Crash in [@ fstatat64_time64_statx]

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86
Unspecified
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
122 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- disabled
firefox120 --- disabled
firefox121 --- disabled
firefox122 --- fixed

People

(Reporter: mccr8, Assigned: jld)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1867673 - Gracefully handle statx when called in sandboxed GMP processes.
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/1280b7f1-3453-477c-a95a-d2efc0231130

Reason: SIGSYS / SYS_SECCOMP

Top 10 frames of crashing thread:

0  ld-linux.so.2  fstatat64_time64_statx  sysdeps/unix/sysv/linux/fstatat64.c:58
0  ld-linux.so.2  __GI___fstatat64_time64  sysdeps/unix/sysv/linux/fstatat64.c:158
1  ld-linux.so.2  __fstat64_time64  sysdeps/unix/sysv/linux/fstat64.c:35
2  ld-linux.so.2  _dl_get_file_id  sysdeps/posix/dl-fileid.h:37
2  ld-linux.so.2  _dl_map_object_from_fd  elf/elf/dl-load.c:968
3  ld-linux.so.2  _dl_map_object  elf/elf/dl-load.c:2272
4  ld-linux.so.2  dl_open_worker_begin  elf/elf/dl-open.c:534
5  ld-linux.so.2  _dl_catch_exception  elf/elf/dl-catch.c:237
6  ld-linux.so.2  dl_open_worker  elf/elf/dl-open.c:782
7  ld-linux.so.2  _dl_catch_exception  elf/elf/dl-catch.c:237

Lots of crashes, but mostly from a single installation. mozilla::gmp::GMPLoader::Load() is farther up the stack.

Obvious bug is obvious; we're not being polite about statx in the non-broker case. Should be a simple fix.

Assignee: nobody → jld

STR appears to be any use of media plugins on 32-bit x86 with a recent glibc (not sure exactly how recent but Debian unstable is). Even clearkey crashes, so the in-tree EME tests reproduce this.

If we're still supporting 32-bit platforms in 2038 we'll need to actually handle statx, but for now it should be fine to force fallback.

Testing note: this bug seems to break all GMP plugins on 32-bit x86,
including clearkey, so the regular EME tests would provide coverage, but
we're not testing that platform at all in CI anymore, let alone with a
new enough glibc. And testing this directly is difficult because our
sandbox tests run with crash-on-error mode turned off, and in that case
it just fails with ENOSYS both before and after.

Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/97bd03fdb1be Gracefully handle statx when called in sandboxed GMP processes. r=gcp

https://hg.mozilla.org/mozilla-central/rev/97bd03fdb1be

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox122: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 122 Branch

Sounds like uplifting this to Beta and ESR would be a good idea. Grafts cleanly to both.

status-firefox120: --- → wontfix
status-firefox121: --- → affected
status-firefox-esr115: --- → affected
Flags: needinfo?(jld)

(In reply to Ryan VanderMeulen [:RyanVM] from comment #6)

Sounds like uplifting this to Beta and ESR would be a good idea. Grafts cleanly to both.

Normally yes, and thanks for suggesting it, but: non-Nightly builds have MOZ_SANDBOX_CRASH_ON_ERROR off by default, so they won't crash and the syscall will fail with ENOSYS, which is also the behavior after this patch. Low risk but effectively no benefit, so I don't think it's worth uplifting.

I've flagged the other branches as unaffected because that seemed more accurate than wontfix (although they would be affected if built as Nightly).

status-firefox120: wontfixunaffected
status-firefox121: affectedunaffected
status-firefox-esr115: affectedunaffected
Flags: needinfo?(jld)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: