[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer
#10599: Investigate building TBB with SoftBound or AddressSanitizer
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: gk
Type: enhancement | Status:
Priority: Very High | assigned
Component: Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: gitian, tbb-security, tbb-gitian, | Resolution:
TorBrowserTeam201510, GeorgKoppen201510 | Actual Points:
Parent ID: #17304 | Points:
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Comment (by gk):
It seems we are hitting an UBSan related internal compiler error with
5.1.0: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66190. Bumping the GCC
version to 5.2.0 helps and the compilation succeeds \o/. The packaging
step is still broken, though:
{{{
/home/ubuntu/build/tor-browser/tools/profiler/UnwinderThread2.cpp:693:66:
runtime error: null pointer passed as argument 2, which is declared to
never be null
/usr/include/bits/string3.h:52:71: runtime error: null pointer passed as
argument 2, which is declared to never be null
/home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:341:5: runtime error: load
of address 0x2b59c2fce270 with insufficient space for an object of type
'const struct Module *'
0x2b59c2fce270: note: pointer points here
00 00 00 00 00 cb d7 a3 59 2b 00 00 60 e8 d7 a3 59 2b 00 00 20 1a d8
a3 59 2b 00 00 20 85 d9 a3
^
ASAN:SIGSEGV
=================================================================
==28557==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
(pc 0x000000000000 bp 0x2b5a00fff6d0 sp 0x2b5a00fff5d8 T2)
==28557==Hint: pc points to the zero page.
AddressSanitizer can not provide additional info.
/home/ubuntu/build/tor-browser/nsprpub/pr/src/io/prlayer.c:655:13: runtime
error: null pointer passed as argument 2, which is declared to never be
null
/usr/include/bits/string3.h:52:10: runtime error: null pointer passed as
argument 2, which is declared to never be null
SUMMARY: AddressSanitizer: SEGV ??:0 ??
Thread T2 created by T0 here:
#0 0x2b597c685054 in __interceptor_pthread_create
../../.././libsanitizer/asan/asan_interceptors.cc:179
#1 0x2b597db679c0 in _PR_CreateThread /home/ubuntu/build/tor-
browser/nsprpub/pr/src/pthreads/ptthread.c:453
#2 0x2b597db6895e in PR_CreateThread /home/ubuntu/build/tor-
browser/nsprpub/pr/src/pthreads/ptthread.c:544
#3 0x2b5996ffb60e in nsThread::Init() /home/ubuntu/build/tor-
browser/xpcom/threads/nsThread.cpp:469
#4 0x2b5996ffbed9 in nsThreadManager::NewThread(unsigned int, unsigned
int, nsIThread**) /home/ubuntu/build/tor-
browser/xpcom/threads/nsThreadManager.cpp:362
#5 0x2b599706fad1 in NS_NewThread(nsIThread**, nsIRunnable*, unsigned
int) /home/ubuntu/build/tor-browser/xpcom/glue/nsThreadUtils.cpp:69
#6 0x2b5997791fb2 in nsresult NS_NewNamedThread<13ul>(char const (&)
[13ul], nsIThread**, nsIRunnable*, unsigned int)
../../../dist/include/nsThreadUtils.h:74
#7 0x2b5997791fb2 in nsNotifyAddrListener::Init() /home/ubuntu/build
/tor-browser/netwerk/system/linux/nsNotifyAddrListener_Linux.cpp:270
#8 0x2b59977b3941 in nsNotifyAddrListenerConstructor
/home/ubuntu/build/tor-browser/netwerk/build/nsNetModule.cpp:381
#9 0x2b5996fd7950 in
nsComponentManagerImpl::CreateInstanceByContractID(char const*,
nsISupports*, nsID const&, void**) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:1199
#10 0x2b5996fdcc23 in
nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&,
void**) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:1561
#11 0x2b599705e375 in
nsGetServiceByContractIDWithError::operator()(nsID const&, void**) const
/home/ubuntu/build/tor-browser/xpcom/glue/nsComponentManagerUtils.cpp:292
#12 0x2b599705e52e in
nsCOMPtr_base::assign_from_gs_contractid_with_error(nsGetServiceByContractIDWithError
const&, nsID const&) /home/ubuntu/build/tor-
browser/xpcom/glue/nsCOMPtr.cpp:114
#13 0x2b59971a4c3f in
nsCOMPtr<nsINetworkLinkService>::operator=(nsGetServiceByContractIDWithError
const&) ../../dist/include/nsCOMPtr.h:613
#14 0x2b59971a4c3f in nsIOService::InitializeNetworkLinkService()
/home/ubuntu/build/tor-browser/netwerk/base/nsIOService.cpp:281
#15 0x2b59971c8490 in nsIOService::Init() /home/ubuntu/build/tor-
browser/netwerk/base/nsIOService.cpp:232
#16 0x2b59971ca5f3 in nsIOService::GetInstance() /home/ubuntu/build
/tor-browser/netwerk/base/nsIOService.cpp:309
#17 0x2b59977bfa6b in nsIOServiceConstructor /home/ubuntu/build/tor-
browser/netwerk/build/nsNetModule.cpp:57
#18 0x2b5996fd7950 in
nsComponentManagerImpl::CreateInstanceByContractID(char const*,
nsISupports*, nsID const&, void**) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:1199
#19 0x2b5996fdcc23 in
nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&,
void**) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:1561
#20 0x2b599705c944 in nsGetServiceByContractID::operator()(nsID
const&, void**) const /home/ubuntu/build/tor-
browser/xpcom/glue/nsComponentManagerUtils.cpp:280
#21 0x2b599705ca50 in
nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID
const&) /home/ubuntu/build/tor-browser/xpcom/glue/nsCOMPtr.cpp:103
#22 0x2b599707e6bc in
nsCOMPtr<nsIIOService>::nsCOMPtr(nsGetServiceByContractID)
/home/ubuntu/build/tor-browser/xpcom/build/../glue/nsCOMPtr.h:514
#23 0x2b599707e6bc in mozilla::services::GetIOService()
/home/ubuntu/build/tor-browser/xpcom/build/ServiceList.h:18
#24 0x2b5997040ef4 in do_GetIOService(nsresult*)
../../../dist/include/nsNetUtil.h:97
#25 0x2b599704110c in net_EnsureIOService(nsIIOService**,
nsCOMPtr<nsIIOService>&) (/home/ubuntu/build/tor-browser/obj-x86_64
-unknown-linux-gnu/dist/bin/libxul.so+0x193cc10c)
#26 0x2b599704143b in NS_NewURI(nsIURI**, nsACString_internal const&,
char const*, nsIURI*, nsIIOService*)
../../../../dist/include/nsNetUtil.h:152
#27 0x2b59970327f2 in
nsChromeRegistry::ManifestProcessingContext::GetManifestURI()
/home/ubuntu/build/tor-browser/chrome/nsChromeRegistryChrome.cpp:721
#28 0x2b5997032e70 in
nsChromeRegistry::ManifestProcessingContext::ResolveURI(char const*)
/home/ubuntu/build/tor-browser/chrome/nsChromeRegistryChrome.cpp:738
#29 0x2b599703de58 in
nsChromeRegistryChrome::ManifestLocale(nsChromeRegistry::ManifestProcessingContext&,
int, char* const*, int) /home/ubuntu/build/tor-
browser/chrome/nsChromeRegistryChrome.cpp:819
#30 0x2b5996fe66b4 in ParseManifest(NSLocationType,
mozilla::FileLocation&, char*, bool, bool) /home/ubuntu/build/tor-
browser/xpcom/components/ManifestParser.cpp:786
#31 0x2b5996fd2b2d in DoRegisterManifest /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:613
#32 0x2b5996fd300c in
nsComponentManagerImpl::RegisterManifest(NSLocationType,
mozilla::FileLocation&, bool) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:626
#33 0x2b5996fd300c in
nsComponentManagerImpl::ManifestManifest(nsComponentManagerImpl::ManifestProcessingContext&,
int, char* const*) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:635
#34 0x2b5996fe6af4 in ParseManifest(NSLocationType,
mozilla::FileLocation&, char*, bool, bool) /home/ubuntu/build/tor-
browser/xpcom/components/ManifestParser.cpp:795
#35 0x2b5996fd2b2d in DoRegisterManifest /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:613
#36 0x2b5996fd2e03 in
nsComponentManagerImpl::RegisterManifest(NSLocationType,
mozilla::FileLocation&, bool) /home/ubuntu/build/tor-
browser/xpcom/components/nsComponentManager.cpp:626
#37 0x2b5996fd2e03 in
nsComponentManagerImpl::RereadChromeManifests(bool) /home/ubuntu/build
/tor-browser/xpcom/components/nsComponentManager.cpp:821
#38 0x2b5996fda5b8 in nsComponentManagerImpl::Init()
/home/ubuntu/build/tor-browser/xpcom/components/nsComponentManager.cpp:430
#39 0x2b599708b2fd in NS_InitXPCOM2 /home/ubuntu/build/tor-
browser/xpcom/build/XPCOMInit.cpp:766
#40 0x2b59985570d1 in XRE_XPCShellMain /home/ubuntu/build/tor-
browser/js/xpconnect/src/XPCShellImpl.cpp:1382
#41 0x2b59c4602c8c in __libc_start_main (/lib/libc.so.6+0x1ec8c)
==28557==ABORTING
}}}
Might be related to comment:35.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:54>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs