[tor-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 14 08:50:42 UTC 2015 

#10599: Investigate building TBB with SoftBound or AddressSanitizer
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  gk
     Type:  enhancement                          |         Status:
 Priority:  Very High                            |  assigned
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  gitian, tbb-security, tbb-gitian,    |     Resolution:
  TorBrowserTeam201510, GeorgKoppen201510        |  Actual Points:
Parent ID:  #17304                               |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by gk):

 It seems we are hitting an UBSan related internal compiler error with
 5.1.0: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66190. Bumping the GCC
 version to 5.2.0 helps and the compilation succeeds \o/. The packaging
 step is still broken, though:
 {{{
 /home/ubuntu/build/tor-browser/tools/profiler/UnwinderThread2.cpp:693:66:
 runtime error: null pointer passed as argument 2, which is declared to
 never be null
 /usr/include/bits/string3.h:52:71: runtime error: null pointer passed as
 argument 2, which is declared to never be null
 /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:341:5: runtime error: load
 of address 0x2b59c2fce270 with insufficient space for an object of type
 'const struct Module *'
 0x2b59c2fce270: note: pointer points here
  00 00 00 00  00 cb d7 a3 59 2b 00 00  60 e8 d7 a3 59 2b 00 00  20 1a d8
 a3 59 2b 00 00  20 85 d9 a3
               ^
 ASAN:SIGSEGV
 =================================================================
 ==28557==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
 (pc 0x000000000000 bp 0x2b5a00fff6d0 sp 0x2b5a00fff5d8 T2)
 ==28557==Hint: pc points to the zero page.

 AddressSanitizer can not provide additional info.
 /home/ubuntu/build/tor-browser/nsprpub/pr/src/io/prlayer.c:655:13: runtime
 error: null pointer passed as argument 2, which is declared to never be
 null
 /usr/include/bits/string3.h:52:10: runtime error: null pointer passed as
 argument 2, which is declared to never be null
 SUMMARY: AddressSanitizer: SEGV ??:0 ??
 Thread T2 created by T0 here:
     #0 0x2b597c685054 in __interceptor_pthread_create
 ../../.././libsanitizer/asan/asan_interceptors.cc:179
     #1 0x2b597db679c0 in _PR_CreateThread /home/ubuntu/build/tor-
 browser/nsprpub/pr/src/pthreads/ptthread.c:453
     #2 0x2b597db6895e in PR_CreateThread /home/ubuntu/build/tor-
 browser/nsprpub/pr/src/pthreads/ptthread.c:544
     #3 0x2b5996ffb60e in nsThread::Init() /home/ubuntu/build/tor-
 browser/xpcom/threads/nsThread.cpp:469
     #4 0x2b5996ffbed9 in nsThreadManager::NewThread(unsigned int, unsigned
 int, nsIThread**) /home/ubuntu/build/tor-
 browser/xpcom/threads/nsThreadManager.cpp:362
     #5 0x2b599706fad1 in NS_NewThread(nsIThread**, nsIRunnable*, unsigned
 int) /home/ubuntu/build/tor-browser/xpcom/glue/nsThreadUtils.cpp:69
     #6 0x2b5997791fb2 in nsresult NS_NewNamedThread<13ul>(char const (&)
 [13ul], nsIThread**, nsIRunnable*, unsigned int)
 ../../../dist/include/nsThreadUtils.h:74
     #7 0x2b5997791fb2 in nsNotifyAddrListener::Init() /home/ubuntu/build
 /tor-browser/netwerk/system/linux/nsNotifyAddrListener_Linux.cpp:270
     #8 0x2b59977b3941 in nsNotifyAddrListenerConstructor
 /home/ubuntu/build/tor-browser/netwerk/build/nsNetModule.cpp:381
     #9 0x2b5996fd7950 in
 nsComponentManagerImpl::CreateInstanceByContractID(char const*,
 nsISupports*, nsID const&, void**) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:1199
     #10 0x2b5996fdcc23 in
 nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&,
 void**) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:1561
     #11 0x2b599705e375 in
 nsGetServiceByContractIDWithError::operator()(nsID const&, void**) const
 /home/ubuntu/build/tor-browser/xpcom/glue/nsComponentManagerUtils.cpp:292
     #12 0x2b599705e52e in
 nsCOMPtr_base::assign_from_gs_contractid_with_error(nsGetServiceByContractIDWithError
 const&, nsID const&) /home/ubuntu/build/tor-
 browser/xpcom/glue/nsCOMPtr.cpp:114
     #13 0x2b59971a4c3f in
 nsCOMPtr<nsINetworkLinkService>::operator=(nsGetServiceByContractIDWithError
 const&) ../../dist/include/nsCOMPtr.h:613
     #14 0x2b59971a4c3f in nsIOService::InitializeNetworkLinkService()
 /home/ubuntu/build/tor-browser/netwerk/base/nsIOService.cpp:281
     #15 0x2b59971c8490 in nsIOService::Init() /home/ubuntu/build/tor-
 browser/netwerk/base/nsIOService.cpp:232
     #16 0x2b59971ca5f3 in nsIOService::GetInstance() /home/ubuntu/build
 /tor-browser/netwerk/base/nsIOService.cpp:309
     #17 0x2b59977bfa6b in nsIOServiceConstructor /home/ubuntu/build/tor-
 browser/netwerk/build/nsNetModule.cpp:57
     #18 0x2b5996fd7950 in
 nsComponentManagerImpl::CreateInstanceByContractID(char const*,
 nsISupports*, nsID const&, void**) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:1199
     #19 0x2b5996fdcc23 in
 nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&,
 void**) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:1561
     #20 0x2b599705c944 in nsGetServiceByContractID::operator()(nsID
 const&, void**) const /home/ubuntu/build/tor-
 browser/xpcom/glue/nsComponentManagerUtils.cpp:280
     #21 0x2b599705ca50 in
 nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID
 const&) /home/ubuntu/build/tor-browser/xpcom/glue/nsCOMPtr.cpp:103
     #22 0x2b599707e6bc in
 nsCOMPtr<nsIIOService>::nsCOMPtr(nsGetServiceByContractID)
 /home/ubuntu/build/tor-browser/xpcom/build/../glue/nsCOMPtr.h:514
     #23 0x2b599707e6bc in mozilla::services::GetIOService()
 /home/ubuntu/build/tor-browser/xpcom/build/ServiceList.h:18
     #24 0x2b5997040ef4 in do_GetIOService(nsresult*)
 ../../../dist/include/nsNetUtil.h:97
     #25 0x2b599704110c in net_EnsureIOService(nsIIOService**,
 nsCOMPtr<nsIIOService>&) (/home/ubuntu/build/tor-browser/obj-x86_64
 -unknown-linux-gnu/dist/bin/libxul.so+0x193cc10c)
     #26 0x2b599704143b in NS_NewURI(nsIURI**, nsACString_internal const&,
 char const*, nsIURI*, nsIIOService*)
 ../../../../dist/include/nsNetUtil.h:152
     #27 0x2b59970327f2 in
 nsChromeRegistry::ManifestProcessingContext::GetManifestURI()
 /home/ubuntu/build/tor-browser/chrome/nsChromeRegistryChrome.cpp:721
     #28 0x2b5997032e70 in
 nsChromeRegistry::ManifestProcessingContext::ResolveURI(char const*)
 /home/ubuntu/build/tor-browser/chrome/nsChromeRegistryChrome.cpp:738
     #29 0x2b599703de58 in
 nsChromeRegistryChrome::ManifestLocale(nsChromeRegistry::ManifestProcessingContext&,
 int, char* const*, int) /home/ubuntu/build/tor-
 browser/chrome/nsChromeRegistryChrome.cpp:819
     #30 0x2b5996fe66b4 in ParseManifest(NSLocationType,
 mozilla::FileLocation&, char*, bool, bool) /home/ubuntu/build/tor-
 browser/xpcom/components/ManifestParser.cpp:786
     #31 0x2b5996fd2b2d in DoRegisterManifest /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:613
     #32 0x2b5996fd300c in
 nsComponentManagerImpl::RegisterManifest(NSLocationType,
 mozilla::FileLocation&, bool) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:626
     #33 0x2b5996fd300c in
 nsComponentManagerImpl::ManifestManifest(nsComponentManagerImpl::ManifestProcessingContext&,
 int, char* const*) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:635
     #34 0x2b5996fe6af4 in ParseManifest(NSLocationType,
 mozilla::FileLocation&, char*, bool, bool) /home/ubuntu/build/tor-
 browser/xpcom/components/ManifestParser.cpp:795
     #35 0x2b5996fd2b2d in DoRegisterManifest /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:613
     #36 0x2b5996fd2e03 in
 nsComponentManagerImpl::RegisterManifest(NSLocationType,
 mozilla::FileLocation&, bool) /home/ubuntu/build/tor-
 browser/xpcom/components/nsComponentManager.cpp:626
     #37 0x2b5996fd2e03 in
 nsComponentManagerImpl::RereadChromeManifests(bool) /home/ubuntu/build
 /tor-browser/xpcom/components/nsComponentManager.cpp:821
     #38 0x2b5996fda5b8 in nsComponentManagerImpl::Init()
 /home/ubuntu/build/tor-browser/xpcom/components/nsComponentManager.cpp:430
     #39 0x2b599708b2fd in NS_InitXPCOM2 /home/ubuntu/build/tor-
 browser/xpcom/build/XPCOMInit.cpp:766
     #40 0x2b59985570d1 in XRE_XPCShellMain /home/ubuntu/build/tor-
 browser/js/xpconnect/src/XPCShellImpl.cpp:1382
     #41 0x2b59c4602c8c in __libc_start_main (/lib/libc.so.6+0x1ec8c)

 ==28557==ABORTING
 }}}
 Might be related to comment:35.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:54>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list