[tor-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 16 13:30:25 UTC 2015 

#10599: Investigate building TBB with SoftBound or AddressSanitizer
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  gk
     Type:  enhancement                          |         Status:
 Priority:  Very High                            |  assigned
Component:  Tor Browser                          |      Milestone:
 Severity:  Normal                               |        Version:
 Keywords:  gitian, tbb-security, tbb-gitian,    |     Resolution:
  TorBrowserTeam201510, GeorgKoppen201510        |  Actual Points:
Parent ID:  #17304                               |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------

Comment (by gk):

 Compiling with a non-custom GCC 5.2.0 on a Debian system and only with
 ASan (without UBSan and without `--disable-startupcache` and with
 `ASAN_OPTIONS="detect_leaks=0` (to avoid the ICU blow-up)) there is no
 freeze in the packaging step and the build is working. The only thing we
 get on shutdown is

 {{{
 ASAN:SIGSEGV
 =================================================================
 ==9717==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
 (pc 0x7fa0013e900b bp 0x7f9fd32fce80 sp 0x7f9fd32fce70 T45)
     #0 0x7fa0013e900a in RunWatchdog /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:151
     #1 0x7fa006ad2ae8 in _pt_root /home/thomas/Arbeit/Tor/tor-
 browser/nsprpub/pr/src/pthreads/ptthread.c:212
     #2 0x7fa00a4430a3 in start_thread (/lib/x86_64-linux-
 gnu/libpthread.so.0+0x80a3)
     #3 0x7fa0096e306c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe606c)

 AddressSanitizer can not provide additional info.
 SUMMARY: AddressSanitizer: SEGV /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:151 RunWatchdog
 Thread T45 (Shutdow~minator) created by T0 here:
     #0 0x7fa00a68e0c4 in pthread_create
 (/home/thomas/Arbeit/Tor/debugging/10599/tor-browser_en-
 US/Browser/TorBrowser/Tor/libasan.so.2+0x360c4)
     #1 0x7fa006ad21a9 in _PR_CreateThread /home/thomas/Arbeit/Tor/tor-
 browser/nsprpub/pr/src/pthreads/ptthread.c:453
     #2 0x7fa006ad380e in PR_CreateThread /home/thomas/Arbeit/Tor/tor-
 browser/nsprpub/pr/src/pthreads/ptthread.c:544
     #3 0x7fa0013e8f46 in CreateSystemThread /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:77
     #4 0x7fa0013e9342 in mozilla::nsTerminator::StartWatchdog()
 /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:383
     #5 0x7fa0013e96e9 in mozilla::nsTerminator::Start()
 /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:353
     #6 0x7fa0013e9f68 in mozilla::nsTerminator::Observe(nsISupports*, char
 const*, char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/terminator/nsTerminator.cpp:439
     #7 0x7f9ffe1c4a79 in nsObserverList::NotifyObservers(nsISupports*,
 char const*, char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/ds/nsObserverList.cpp:100
     #8 0x7f9ffe1c4bb1 in nsObserverService::NotifyObservers(nsISupports*,
 char const*, char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/ds/nsObserverService.cpp:329
     #9 0x7fa00138b7e6 in nsAppStartup::Quit(unsigned int)
 /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/startup/nsAppStartup.cpp:468
     #10 0x7fa00138b9d9 in
 nsAppStartup::ExitLastWindowClosingSurvivalArea() /home/thomas/Arbeit/Tor
 /tor-browser/toolkit/components/startup/nsAppStartup.cpp:540
     #11 0x7fa00138baea in nsAppStartup::Observe(nsISupports*, char const*,
 char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/startup/nsAppStartup.cpp:712
     #12 0x7f9ffe1c4a79 in nsObserverList::NotifyObservers(nsISupports*,
 char const*, char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/ds/nsObserverList.cpp:100
     #13 0x7f9ffe1c4bb1 in nsObserverService::NotifyObservers(nsISupports*,
 char const*, char16_t const*) /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/ds/nsObserverService.cpp:329
     #14 0x7fa0010d9431 in nsXULWindow::Destroy() /home/thomas/Arbeit/Tor
 /tor-browser/xpfe/appshell/nsXULWindow.cpp:517
     #15 0x7fa0010d972c in nsWebShellWindow::Destroy()
 /home/thomas/Arbeit/Tor/tor-browser/xpfe/appshell/nsWebShellWindow.cpp:758
     #16 0x7fa0010d9bd8 in nsWebShellWindow::RequestWindowClose(nsIWidget*)
 /home/thomas/Arbeit/Tor/tor-browser/xpfe/appshell/nsWebShellWindow.cpp:305
     #17 0x7fa0008bc709 in delete_event_cb /home/thomas/Arbeit/Tor/tor-
 browser/widget/gtk/nsWindow.cpp:5342
     #18 0x7f9ffb4bba7e  (/usr/lib/x86_64-linux-
 gnu/libgtk-x11-2.0.so.0+0x132a7e)

 ==9717==ABORTING
 }}}

 But that crash is due to Mozilla's

 {{{
     // Shutdown is apparently dead. Crash the process.
     MOZ_CRASH("Shutdown too long, probably frozen, causing a crash.");
 }}}

 Nevertheless, there might be a real issue underneath...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:57>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list