[tor-bugs] #19400 [Applications/Tor Browser]: [Asan] Crash in js::AsmJSModule::deserialize / DeserializeSig
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 15 02:26:24 UTC 2016
#19400: [Asan] Crash in js::AsmJSModule::deserialize / DeserializeSig
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: tbb-
Type: defect | team
Priority: Very High | Status:
Component: Applications/Tor Browser | assigned
Severity: Critical | Milestone:
Keywords: tbb-crash, TorBrowserTeam201606, | Version:
tbb-6.0-issues | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Here are a some additional things that Kathy and I learned today:
* With Facebook, the crash is easy to reproduce after a 6.0 -> 6.0.1
transition and after a 6.0a5 -> 6.5a1 transition, both on 64 bit Linux and
on Mac OS (we did not try on Windows).
* After we built our own 6.5a1 Mac package using the Firefox build
procedure (no gitian), we could not reproduce the crash. This was built
from commit b60b8871fa08feaaca24bcf6dff43df0cd1c5f29.
* When we did the same on Linux, we could not reproduce the crash either.
* With our own 6.5a1 Linux build that was made using the gitian-based
build process, the crash occurs (no surprise there).
* The crash also occurs on Linux with a gitian-based build that has no Tor
Browser patches at all (commit eba381b5a1d26f1c5d5ba51c67117cae985680c4).
The last thing makes me think we should be able to reproduce this with
Firefox, but looking at the evidence as a whole I am starting to suspect a
compiler bug. But I am out of time and energy for today.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19400#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list