Closed
Bug 810478
Opened 11 years ago
Closed 11 years ago
fix missing trailing null byte in strings read via extractBuf
Categories
(Core :: mozglue, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: vlad, Assigned: vlad)
References
Details
Attachments
(1 file)
|
1.03 KB,
patch
|
glandium
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
I've been trying to track down an intermittent startup crash for a while now that happens in my automated test runs (easily does a few hundred startups/shutdowns as part of the tests a day). I finally got the stars aligned to get valgrind working, and it came up with the following: ==14463== Invalid read of size 1 ==14463== at 0x4828EF4: strlen (mc_replace_strmem.c:399) ==14463== by 0x4855C6F: strndup (in /system/lib/libc.so) ==14463== Address 0x2aae7d75 is 0 bytes after a block of size 709 alloc'd ==14463== at 0x4827978: malloc (vg_replace_malloc.c:270) ==14463== by 0x2D8C7F59: extractBuf(char const*, Zip*) [clone .clone.0] (APKOpen.cpp:646) ==14463== by 0x2D8C864B: loadSQLiteLibs(char const*) (APKOpen.cpp:810) ==14463== by 0x2D8C871D: Java_org_mozilla_gecko_GeckoAppShell_loadSQLiteLibsNative (APKOpen.cpp:951) ==14463== by 0x4F2DE33: dvmPlatformInvoke (in /system/lib/libdvm.so) The attached patch should fix it; I'm not sure if this is the original crash I was seeing, but it's certainly possible (if the stars align and this happens to be the end of a page where the next one is unreadable, say).
Attachment #680220 -
Flags: review?(bugmail.mozilla)
|
Assignee | |
Updated•11 years ago
|
Attachment #680220 -
Flags: review?(bugmail.mozilla) → review?(mh+mozilla)
|
||
Updated•11 years ago
|
Attachment #680220 -
Flags: review?(mh+mozilla) → review+
|
|
Assignee | |
Comment 2•11 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/419e74e5f2d7
|
|
Assignee | |
Comment 3•11 years ago
|
||
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer I suggest we take this on aurora & beta -- it's a trivial fix, but can cause weird random startup crashes. [Approval Request Comment] Bug caused by (feature/regressing bug #): n/a User impact if declined: possible continuing random weird startup crashes Testing completed (on m-c, etc.): local testing with valgrind Risk to taking this patch (and alternatives if risky): none, as best I can tell String or UUID changes made by this patch: none
Attachment #680220 -
Flags: approval-mozilla-beta?
Attachment #680220 -
Flags: approval-mozilla-aurora?
|
||
Comment 4•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/419e74e5f2d7
Assignee: nobody → vladimir
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
|
||
Comment 5•11 years ago
|
||
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer Happy to uplift and help with startup crashes on Aurora, but we're too late for Beta, please get this into mozilla-aurora before Monday 11/19 merge day.
Attachment #680220 -
Flags: approval-mozilla-beta?
Attachment #680220 -
Flags: approval-mozilla-beta-
Attachment #680220 -
Flags: approval-mozilla-aurora?
Attachment #680220 -
Flags: approval-mozilla-aurora+
|
|
||
Updated•11 years ago
|
status-firefox16:
--- → affected
status-firefox17:
--- → wontfix
status-firefox18:
--- → affected
status-firefox19:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•