Closed Bug 1873745 Opened 1 year ago Closed 1 year ago

libFuzzer broken with undefined symbol: _ZN9dav1dfuzz24dav1d_set_cpu_flags_maskEj

Categories

(Core :: Fuzzing, defect)

Product:
Core
Component:
Fuzzing
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
123 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox121 --- unaffected
firefox122 --- unaffected
firefox123 --- fixed

People

(Reporter: truber, Assigned: truber)

References

(Regression)

Details

(Keywords: regression, Whiteboard: fuzzblocker)

Attachments

(2 files)

.mozconfig
812 bytes, text/plain
Details
Bug 1873745 - Fix Dav1d libFuzzer target r?decoder!
48 bytes, text/x-phabricator-request
Details | Review 
$ ./mach build && ./mach gtest -- '-*'
...
 0:04.72 Your build was successful!
One or more Android-only options will be ignored
 0:04.72 /home/truber/src/m/u/obj/ff-asan-fuzzing/dist/bin/firefox -unittest --gtest_death_test_style=threadsafe
XPCOMGlueLoad error for file /home/truber/src/m/u/obj/ff-asan-fuzzing/dist/bin/gtest/libxul.so:
/home/truber/src/m/u/obj/ff-asan-fuzzing/dist/bin/gtest/libxul.so: undefined symbol: _ZN9dav1dfuzz24dav1d_set_cpu_flags_maskEj
Couldn't load XPCOM.
Flags: needinfo?(mh+mozilla)
Attached file .mozconfig

Above error is from m-c b29d6ace45f4.

Applying f1a486575f57 in reverse fixes the build.

Set release status flags based on info from the regressing bug 1359918

status-firefox121: --- → unaffected
status-firefox122: --- → unaffected
status-firefox123: --- → affected
status-firefox-esr115: --- → unaffected
Attachment #9371835 - Attachment mime type: application/octet-stream → text/plain

The real cause is that bug 1533092 never worked, or nothing is calling whatever is calling dav1d_set_cpu_flags_mask, because the namespacing is definitely wrong: dav1d_fuzzer.c is compiled as C++ in a dav1dfuzz namespace, which puts things from cpu.h in the same namespace, but the corresponding definitions in cpu.c are not namespaced.

Depends on: 1533092
Flags: needinfo?(mh+mozilla)
Assignee: nobody → jschwartzentruber
Status: NEW → ASSIGNED

(In reply to Mike Hommey [:glandium] from comment #3)

The real cause is that bug 1533092 never worked, or nothing is calling whatever is calling dav1d_set_cpu_flags_mask, because the namespacing is definitely wrong: dav1d_fuzzer.c is compiled as C++ in a dav1dfuzz namespace, which puts things from cpu.h in the same namespace, but the corresponding definitions in cpu.c are not namespaced.

Thanks! That explains it. dav1d/dav1d.h contains extern "C" so is not affected, only cpu.h. And that symbol was only used by LLVMFuzzerInitialize which we were not calling.

Pushed by jdschwa@gmail.com: https://hg.mozilla.org/integration/autoland/rev/34c419327301 Fix Dav1d libFuzzer target r=decoder

https://hg.mozilla.org/mozilla-central/rev/34c419327301

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox123: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 123 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: