Closed
Bug 810478
Opened 12 years ago
Closed 12 years ago
fix missing trailing null byte in strings read via extractBuf
Categories
(Core :: mozglue, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: vlad, Assigned: vlad)
References
Details
Attachments
(1 file)
1.03 KB,
patch
|
glandium
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
I've been trying to track down an intermittent startup crash for a while now that happens in my automated test runs (easily does a few hundred startups/shutdowns as part of the tests a day). I finally got the stars aligned to get valgrind working, and it came up with the following:
==14463== Invalid read of size 1
==14463== at 0x4828EF4: strlen (mc_replace_strmem.c:399)
==14463== by 0x4855C6F: strndup (in /system/lib/libc.so)
==14463== Address 0x2aae7d75 is 0 bytes after a block of size 709 alloc'd
==14463== at 0x4827978: malloc (vg_replace_malloc.c:270)
==14463== by 0x2D8C7F59: extractBuf(char const*, Zip*) [clone .clone.0] (APKOpen.cpp:646)
==14463== by 0x2D8C864B: loadSQLiteLibs(char const*) (APKOpen.cpp:810)
==14463== by 0x2D8C871D: Java_org_mozilla_gecko_GeckoAppShell_loadSQLiteLibsNative (APKOpen.cpp:951)
==14463== by 0x4F2DE33: dvmPlatformInvoke (in /system/lib/libdvm.so)
The attached patch should fix it; I'm not sure if this is the original crash I was seeing, but it's certainly possible (if the stars align and this happens to be the end of a page where the next one is unreadable, say).
Attachment #680220 -
Flags: review?(bugmail.mozilla)
Assignee | ||
Updated•12 years ago
|
Attachment #680220 -
Flags: review?(bugmail.mozilla) → review?(mh+mozilla)
Updated•12 years ago
|
Attachment #680220 -
Flags: review?(mh+mozilla) → review+
Assignee | ||
Comment 2•12 years ago
|
||
Assignee | ||
Comment 3•12 years ago
|
||
Comment on attachment 680220 [details] [diff] [review]
add zero termination to buffer
I suggest we take this on aurora & beta -- it's a trivial fix, but can cause weird random startup crashes.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): n/a
User impact if declined: possible continuing random weird startup crashes
Testing completed (on m-c, etc.): local testing with valgrind
Risk to taking this patch (and alternatives if risky): none, as best I can tell
String or UUID changes made by this patch: none
Attachment #680220 -
Flags: approval-mozilla-beta?
Attachment #680220 -
Flags: approval-mozilla-aurora?
Comment 4•12 years ago
|
||
Assignee: nobody → vladimir
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Comment 5•12 years ago
|
||
Comment on attachment 680220 [details] [diff] [review]
add zero termination to buffer
Happy to uplift and help with startup crashes on Aurora, but we're too late for Beta, please get this into mozilla-aurora before Monday 11/19 merge day.
Attachment #680220 -
Flags: approval-mozilla-beta?
Attachment #680220 -
Flags: approval-mozilla-beta-
Attachment #680220 -
Flags: approval-mozilla-aurora?
Attachment #680220 -
Flags: approval-mozilla-aurora+
Updated•12 years ago
|
status-firefox16:
--- → affected
status-firefox17:
--- → wontfix
status-firefox18:
--- → affected
status-firefox19:
--- → fixed
Comment 6•12 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•