Closed Bug 810478 Opened 12 years ago Closed 12 years ago

fix missing trailing null byte in strings read via extractBuf

Categories

(Core :: mozglue, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla19
Tracking Status
firefox16 --- affected
firefox17 --- wontfix
firefox18 --- fixed
firefox19 --- fixed

People

(Reporter: vlad, Assigned: vlad)

References

Details

Attachments

(1 file)

I've been trying to track down an intermittent startup crash for a while now that happens in my automated test runs (easily does a few hundred startups/shutdowns as part of the tests a day). I finally got the stars aligned to get valgrind working, and it came up with the following: ==14463== Invalid read of size 1 ==14463== at 0x4828EF4: strlen (mc_replace_strmem.c:399) ==14463== by 0x4855C6F: strndup (in /system/lib/libc.so) ==14463== Address 0x2aae7d75 is 0 bytes after a block of size 709 alloc'd ==14463== at 0x4827978: malloc (vg_replace_malloc.c:270) ==14463== by 0x2D8C7F59: extractBuf(char const*, Zip*) [clone .clone.0] (APKOpen.cpp:646) ==14463== by 0x2D8C864B: loadSQLiteLibs(char const*) (APKOpen.cpp:810) ==14463== by 0x2D8C871D: Java_org_mozilla_gecko_GeckoAppShell_loadSQLiteLibsNative (APKOpen.cpp:951) ==14463== by 0x4F2DE33: dvmPlatformInvoke (in /system/lib/libdvm.so) The attached patch should fix it; I'm not sure if this is the original crash I was seeing, but it's certainly possible (if the stars align and this happens to be the end of a page where the next one is unreadable, say).
Attachment #680220 - Flags: review?(bugmail.mozilla)
Attachment #680220 - Flags: review?(bugmail.mozilla) → review?(mh+mozilla)
Attachment #680220 - Flags: review?(mh+mozilla) → review+
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer I suggest we take this on aurora & beta -- it's a trivial fix, but can cause weird random startup crashes. [Approval Request Comment] Bug caused by (feature/regressing bug #): n/a User impact if declined: possible continuing random weird startup crashes Testing completed (on m-c, etc.): local testing with valgrind Risk to taking this patch (and alternatives if risky): none, as best I can tell String or UUID changes made by this patch: none
Attachment #680220 - Flags: approval-mozilla-beta?
Attachment #680220 - Flags: approval-mozilla-aurora?
Assignee: nobody → vladimir
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer Happy to uplift and help with startup crashes on Aurora, but we're too late for Beta, please get this into mozilla-aurora before Monday 11/19 merge day.
Attachment #680220 - Flags: approval-mozilla-beta?
Attachment #680220 - Flags: approval-mozilla-beta-
Attachment #680220 - Flags: approval-mozilla-aurora?
Attachment #680220 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: