Note: There are a few cases of duplicates in user autocompletion which are being worked on.

ASAN: unresolved symbols in libnssutil3.dylib

RESOLVED FIXED in mozilla15

Status

()

Core
Security
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: posidron, Assigned: decoder)

Tracking

Trunk
mozilla15
x86_64
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [asan][asan-build-blocker])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
As discussed in IRC one possible solution would be to add the flag -undefined dynamic_lookup to DSO_LDOPTS in security/coreconf/Darwin.mk

Example:

DSO_LDOPTS = -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names -undefined dynamic_lookup
(Assignee)

Comment 1

5 years ago
I reached out to the ASan developers to first ensure that -undefined dynamic_lookup is the right way to do it. Once we are sure about that, I'll take a look where exactly we can add it with best (preferably outside NSS).
(Assignee)

Comment 2

5 years ago
According to the ASan developers, we are not supposed to pass -undefined dynamic_lookup ourselves, but instead it's likely that for the linker call here -faddress-sanitizer is not passed (which it should). I'm currently investigating why this flag is dropped at some point in NSS and how to force it.
(Assignee)

Comment 3

5 years ago
Created attachment 613682 [details] [diff] [review]
Patch

The proper solution here is to ensure that NSS builds dylibs with -faddress-sanitizer, i.e. that LDFLAGS are correctly passed to NSS dylibs when MOZ_CFLAGS_NSS is set.

I haven't found a good solution to do this without touching NSS itself, but overriding DARWIN_DYLIB_VERSIONS seemed the least intrusive way and it works :)

These changes are only active when building with the --enable-address-sanitizer build option.
Attachment #613682 - Flags: review?(khuey)
Comment on attachment 613682 [details] [diff] [review]
Patch

Review of attachment 613682 [details] [diff] [review]:
-----------------------------------------------------------------

Not a mac person.
Attachment #613682 - Flags: review?(khuey) → review?(ted.mielczarek)
Comment on attachment 613682 [details] [diff] [review]
Patch

Review of attachment 613682 [details] [diff] [review]:
-----------------------------------------------------------------

This feels like the wrong way to fix this. Can you patch NSS instead? I know that's more of a hassle, but I don't like wedging things in where they don't belong.
Attachment #613682 - Flags: review?(ted.mielczarek) → review-
Comment on attachment 613682 [details] [diff] [review]
Patch

In light of the fact that this code is only hit in a non-default configuration, I'll r+ this. However, I want you to file an NSS bug on adding a way to pass this info down in a more correct way, and mention the bug number in a comment here.
Attachment #613682 - Flags: review- → review+
(Assignee)

Comment 7

5 years ago
Filed follow-up bug 748423 to discuss and resolve the situation more properly in NSS. I also emailed wtc to ask about the right solution here.
(Assignee)

Updated

5 years ago
Attachment #613682 - Flags: checkin?(gary)
Comment on attachment 613682 [details] [diff] [review]
Patch

http://hg.mozilla.org/integration/mozilla-inbound/rev/c45e97eaba18
Attachment #613682 - Flags: checkin?(gary) → checkin+
Target Milestone: --- → mozilla15

Comment 9

5 years ago
https://hg.mozilla.org/mozilla-central/rev/c45e97eaba18

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Updated

5 years ago
Whiteboard: [asan] → [asan][asan-build-blocker]
You need to log in before you can comment on or make changes to this bug.