Closed
Bug 903450
Opened 11 years ago
Closed 11 years ago
heap-buffer-overflow on startup
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: me.himansu, Unassigned)
Details
(Whiteboard: [asan])
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 (Beta/Release) Build ID: 20130329030832 Steps to reproduce: I have build firefox using address-sanitizer on my x64 Ubuntu machine. Now as soon as I try to run the build, i m getting a crash as below: https://gist.github.com/anonymous/a5c4137fda8c7fe350c8 himanshu@simulator:~/Desktop/mozilla-beta/objdir-ff-asan/dist/bin$ ./firefox ================================================================= ==29854==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000e1f0 at pc 0x7f1dddffbc4c bp 0x7fff332e2000 sp 0x7fff332e1ff8 READ of size 4 at 0x60200000e1f0 thread T0 #0 0x7f1dddffbc4b (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x59f5c4b) #1 0x7f1dde002901 (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x59fc901) #2 0x7f1dda12bad8 (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x1b25ad8) #3 0x7f1dda12b553 (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x1b25553) #4 0x7f1dda111679 (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x1b0b679) #5 0x7f1dda11f76f (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x1b1976f) #6 0x7f1dda120404 (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/libxul.so+0x1b1a404) #7 0x459d3f (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/firefox+0x459d3f) #8 0x7f1dea30076c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c) #9 0x458ecc (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/firefox+0x458ecc) 0x60200000e1f0 is located 0 bytes inside of 4-byte region [0x60200000e1f0,0x60200000e1f4) allocated by thread T0 here: #0 0x44615b (/home/himanshu/Desktop/mozilla-beta/objdir-ff-asan/dist/bin/firefox+0x44615b) #1 0x7f1deb4da364 (/lib64/ld-linux-x86-64.so.2+0x1364) Shadow bytes around the buggy address: 0x0c047fff9be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c047fff9c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[04]fa 0x0c047fff9c40: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff9c50: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff9c60: fa fa 00 07 fa fa 05 fa fa fa 05 fa fa fa 00 07 0x0c047fff9c70: fa fa 05 fa fa fa 00 fa fa fa 00 fa fa fa 00 fa 0x0c047fff9c80: fa fa 01 fa fa fa 06 fa fa fa 00 00 fa fa 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==29854==ABORTING himanshu@simulator:~/Desktop/mozilla-beta/objdir-ff-asan/dist/bin$ Actual results: I got a buffer overflow on console. Expected results: the firefox build must have executed.
Comment 1•11 years ago
|
||
Can you symbolize the output, please? We regularly run ASAN builds, so it is odd that you are experiencing a problem right at startup.
Summary: firefox build with address-sanitizer crashes → heap-buffer-overflow on startup
Whiteboard: [asan]
Comment 2•11 years ago
|
||
Please also provide the version (revision) of LLVM/Clang/Asan you are using. If it's a recent clang, then it might be a duplicate of bug 895845. If your symbolized trace matches that, please try the patch in that bug (we did not backport this).
Comment 3•11 years ago
|
||
Thanks for filing Himanshu, it would be great to get your details re: comment 2 to help us figure out the right action here.
Flags: needinfo?(me.himansu)
Reporter | ||
Comment 4•11 years ago
|
||
Sorry for replying back late. I did follow the Manual Build steps from https://developer.mozilla.org/en-US/docs/Building_Firefox_with_Address_Sanitizer so i am assuming that i must have used the latest vesion of LLVM. By the way, how do i check for the version of asan on my system?
Flags: needinfo?(me.himansu)
Comment 5•11 years ago
|
||
The version of ASan is the revision of the compiler-rt repository inside your LLVM root. Can you please 1) retry with LLVM/Clang/ASan r185949 2) provide a symbolized trace 3) if the trace matches, try the patch of the bug mentioned in comment 2? Thanks!
Updated•11 years ago
|
Component: Untriaged → General
Product: Firefox → Core
Comment 6•11 years ago
|
||
I'm going to assume this is just a dupe of the other ASAN startup bug that has been fixed, and ended up just being an ASAN problem.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•