[tor-bugs] #12418 [Applications/Tor Browser]: TBBs with UBSan create lots of errors when running

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 31 18:03:10 UTC 2017


#12418: TBBs with UBSan create lots of errors when running
----------------------------------------+--------------------------
 Reporter:  gk                          |          Owner:  tbb-team
     Type:  defect                      |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+--------------------------

Comment (by arthuredelstein):

 I started look into the ubsan errors by adding `-fsanitize-undefined` to a
 mozconfig in mozilla-central:
 https://github.com/arthuredelstein/tor-browser/commit/ubsan3

 I pushed to the try server to run all unit tests and talos tests on linux,
 linux64 (debug and optimized)
 https://treeherder.mozilla.org/#/jobs?repo=try&revision=43f94f28e54232cd9fec8abb81b871121939aefd

 Then I wrote scripts to download all logs files from this try server run,
 extract all "runtime errors" reported by ubsan in the logs, and then group
 the runtime errors by their location in the codebase.

 https://github.com/arthuredelstein/firefox-ubsan-errors

 In total there were some 170,000 runtime errors reported in the logs,
 produced by 367 specific locations in the codebase. (Some locations caused
 thousands of 'runtime error' messages each.) I generated a summary table
 that shows these locations and a representative error message. Here it is
 in a Google doc spreadsheet:
 https://docs.google.com/spreadsheets/d/1ISxhkwWVwa7HBVEd6gPTcynfMwaq-
 cmI_wQsiDZxLhc/edit?usp=sharing

 And here is the raw data:
 https://gist.github.com/arthuredelstein/a208b1d7334c9e1d669308b9cd06f96b

 My next steps are to generate the same table for a clang
 -fsanitize=undefined build, and then start patching and/or whitelisting
 all functions in given category of ubsan error (such as integer overflow).
 If Mozilla can accept these patches, then I imagine we can turn on ubsan
 subflags in the mozilla-central debug builds and also turn them on by
 default in Tor Browser.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12418#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list