Closed Bug 810478 Opened 10 years ago Closed 10 years ago
fix missing trailing null byte in strings read via extract
I've been trying to track down an intermittent startup crash for a while now that happens in my automated test runs (easily does a few hundred startups/shutdowns as part of the tests a day). I finally got the stars aligned to get valgrind working, and it came up with the following: ==14463== Invalid read of size 1 ==14463== at 0x4828EF4: strlen (mc_replace_strmem.c:399) ==14463== by 0x4855C6F: strndup (in /system/lib/libc.so) ==14463== Address 0x2aae7d75 is 0 bytes after a block of size 709 alloc'd ==14463== at 0x4827978: malloc (vg_replace_malloc.c:270) ==14463== by 0x2D8C7F59: extractBuf(char const*, Zip*) [clone .clone.0] (APKOpen.cpp:646) ==14463== by 0x2D8C864B: loadSQLiteLibs(char const*) (APKOpen.cpp:810) ==14463== by 0x2D8C871D: Java_org_mozilla_gecko_GeckoAppShell_loadSQLiteLibsNative (APKOpen.cpp:951) ==14463== by 0x4F2DE33: dvmPlatformInvoke (in /system/lib/libdvm.so) The attached patch should fix it; I'm not sure if this is the original crash I was seeing, but it's certainly possible (if the stars align and this happens to be the end of a page where the next one is unreadable, say).
Attachment #680220 - Flags: review?(bugmail.mozilla)
10 years ago
Attachment #680220 - Flags: review?(bugmail.mozilla) → review?(mh+mozilla)
Attachment #680220 - Flags: review?(mh+mozilla) → review+
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer I suggest we take this on aurora & beta -- it's a trivial fix, but can cause weird random startup crashes. [Approval Request Comment] Bug caused by (feature/regressing bug #): n/a User impact if declined: possible continuing random weird startup crashes Testing completed (on m-c, etc.): local testing with valgrind Risk to taking this patch (and alternatives if risky): none, as best I can tell String or UUID changes made by this patch: none
Assignee: nobody → vladimir
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Comment on attachment 680220 [details] [diff] [review] add zero termination to buffer Happy to uplift and help with startup crashes on Aurora, but we're too late for Beta, please get this into mozilla-aurora before Monday 11/19 merge day.
You need to log in before you can comment on or make changes to this bug.