[tor-bugs] #12418 [Applications/Tor Browser]: TBBs with UBSan create lots of errors when running

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 9 17:21:34 UTC 2017


#12418: TBBs with UBSan create lots of errors when running
----------------------------------------+--------------------------
 Reporter:  gk                          |          Owner:  tbb-team
     Type:  defect                      |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+--------------------------

Comment (by tom):

 Replying to [comment:10 cypherpunks]:
 > Has anyone started working on at least instrumenting individual FF
 components, as suggested above?

 Kind of. Mozilla spend a considerable amount of person-time playing with
 UBSAN.

 The conclusion was that some tests are valuable and should be used
 (bounds, pointer-overflow, vptr although this requires RTTI).

 But that others (signed and unsigned overflow) caused a gratuitous amount
 of false positives (largely in the graphics and layout areas but in
 general all over the place) and it's infeasible to whitelist them all. We
 had someone spend a month on this and using his whitelist we brought the
 number of reports down from the hundred of thousands down to the mere
 thousands - but even then it was with a ton of effort and had a ton of
 effort to go.

 So I think the path forward is to turn on UBSAN on the whole browser, run
 it through something like the web platform tests or Mozilla's usual unit
 tests, and slowly increase the number of UBSAN tests one by one. When we
 hit one that causes too many false positives, we turn it back off and
 investigate turning it on for an individual component (like image
 decoders.)

 Also I would suggest the path forward for this is in Mozilla's court,
 rather than Tor's. Not that Tor has to wait for Mozilla, only that making
 use of Mozilla's infrastructure will make it considerably easier. Tor devs
 have access to that, and if any cypherpunks want access, I think the only
 thing needed is a few contributions* that I can point to and say "This
 person is doing good work, let's give them access to run their tests on
 our task runner".

 \* Contributions such as looking at and improving UBSAN? :)

 Here's where our stuff is:

 - http://searchfox.org/mozilla-central/source/build/autoconf/sanitize.m4 -
 Here's where we have the mozconfig options for the sanitizers. We have the
 UBSAN integer one here. You can swap out integer for one of the other
 tests.
 - http://searchfox.org/mozilla-central/search?q=ubsan&path= - at the top
 you can find our blacklist

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12418#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list