999016 - ASAN failure if nsThread doesn't busy-loop in Shutdown() or DISPATCH_SYNC

Status: RESOLVED INVALID

(Core :: XPCOM, defect)

Description

[Randell Jesup [:jesup] (needinfo me)]

Attachment: asan_threads

+++ This bug was initially created as a clone of Bug #998880 +++

Opening a security bug to track a possible serious sec issue in XPCOM and/or IPC and/or DOM.

Bug 998880 switches to waiting from busy-waiting in nsThread::Shutdown() and ::Dispatch(...,DISPATCH_SYNC).  This should cause no difference in execution other than details of what thread switches occur (and if the thread loops through Wait).

A try his this asan failure:
https://tbpl.mozilla.org/php/getParsedLog.php?id=38181578&tree=Try&full=1#error0

(callstack attached)

This happens deep below dom::TabChild::RecvLoadRemoteScript(), called a few frames earlier from ipc::MessageChannel::DispatchAsyncMessage()

I presume this is because the change in thread-switching behavior has exposed a latent ASAN bug in cross-thread usage.

Comment 1

[Randell Jesup [:jesup] (needinfo me)]

Per bent, this is an intentional crash via 
http://mxr.mozilla.org/mozilla-central/source/dom/ipc/tests/process_error_contentscript.js
so it's not an actual ASAN bug; just odd that it would show up on my push.  Timing? I guess

Comment 2

[Daniel Veditz [:dveditz]]

We don't need to use the more restrictive component-specific security groups unless a bug is sec-high or sec-critical