AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned (content/media/test/test_playback_rate.html)

RESOLVED INVALID

Status

()

--
critical
RESOLVED INVALID
5 years ago
5 years ago

People

(Reporter: mats, Unassigned)

Tracking

({crash, reproducible, sec-high})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [asan])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 8360518 [details]
stack

Spawned off from bug 921622 comment 24 / 25.
When I run this in my Linux64 ASAN build it crashes quite quickly:
./mach mochitest-plain --debugger=gdb --repeat=1000 content/media/test/test_playback_rate.html

It might be the same underlying problem as bug 950390, but in this
case the address is not near zero as it is in that bug.  Marking
dependent for now.
Assignee: nobody → bjacob
This is almost certainly this ASan bug present in Clang 3.3:

https://code.google.com/p/address-sanitizer/issues/detail?id=193

You can either work around it by defining ASAN_OPTIONS=check_malloc_usable_size=0 in your environment, or you can try building with Clang 3.4 instead, where it is supposed to be fixed.

Please needinfo' me rather than assign to me or if you really think I should work on something, needinfo Milan ;-)
Assignee: bjacob → nobody
(Reporter)

Comment 3

5 years ago
I can confirm I was using Clang 3.3 at the time and I can't reproduce it using clang 3.4,
so the cited clang bug seems very likely to be the cause.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
Group: core-security
You need to log in before you can comment on or make changes to this bug.