Issue metadata
Sign in to add a comment
|
Unaddressable access in chromium_sqlite3.dll!lookupName |
||||||||||||||||||||||||
Issue descriptionThe Windows Dr. Memory bots have detected an out of bounds memory access in SQLite's lookupName function: https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Unit%20%28DrMemory%20full%29%20%282%29/builds/10246 UNADDRESSABLE ACCESS beyond top of stack: reading 0x4436e880-0x4436e884 4 byte(s) # 0 chromium_sqlite3.dll!sqlite3_stricmp [third_party\sqlite\amalgamation\sqlite3.c:25295] # 1 chromium_sqlite3.dll!lookupName [third_party\sqlite\amalgamation\sqlite3.c:84751] # 2 chromium_sqlite3.dll!resolveExprStep [third_party\sqlite\amalgamation\sqlite3.c:85164] # 3 chromium_sqlite3.dll!sqlite3WalkExpr [third_party\sqlite\amalgamation\sqlite3.c:84408] # 4 chromium_sqlite3.dll!sqlite3WalkExpr [third_party\sqlite\amalgamation\sqlite3.c:84411] # 5 chromium_sqlite3.dll!sqlite3ResolveExprNames [third_party\sqlite\amalgamation\sqlite3.c:85927] # 6 chromium_sqlite3.dll!resolveSelectStep [third_party\sqlite\amalgamation\sqlite3.c:85766] # 7 chromium_sqlite3.dll!sqlite3WalkSelect [third_party\sqlite\amalgamation\sqlite3.c:84507] # 8 chromium_sqlite3.dll!sqlite3ResolveSelectNames [third_party\sqlite\amalgamation\sqlite3.c:85984] # 9 chromium_sqlite3.dll!sqlite3SelectPrep [third_party\sqlite\amalgamation\sqlite3.c:114390] #10 chromium_sqlite3.dll!sqlite3Select [third_party\sqlite\amalgamation\sqlite3.c:114632] #11 chromium_sqlite3.dll!sqlite3Insert [third_party\sqlite\amalgamation\sqlite3.c:103550] #12 chromium_sqlite3.dll!yy_reduce [third_party\sqlite\amalgamation\sqlite3.c:130109] #13 chromium_sqlite3.dll!sqlite3Parser [third_party\sqlite\amalgamation\sqlite3.c:130886] #14 chromium_sqlite3.dll!sqlite3RunParser [third_party\sqlite\amalgamation\sqlite3.c:131731] #15 chromium_sqlite3.dll!sqlite3Prepare [third_party\sqlite\amalgamation\sqlite3.c:109524] #16 chromium_sqlite3.dll!sqlite3LockAndPrepare [third_party\sqlite\amalgamation\sqlite3.c:109619] #17 chromium_sqlite3.dll!sqlite3_prepare_v2 [third_party\sqlite\amalgamation\sqlite3.c:109695] #18 sql.dll!sql::Connection::ExecuteAndReturnErrorCode [sql\connection.cc:1365] #19 sql.dll!sql::Connection::Execute [sql\connection.cc:1420] #20 history::ThumbnailDatabase::RetainDataForPageUrls [components\history\core\browser\thumbnail_database.cc:984] #21 history::HistoryBackend::ClearAllThumbnailHistory [components\history\core\browser\history_backend.cc:2582] #22 history::HistoryBackend::DeleteAllHistory [components\history\core\browser\history_backend.cc:2542] #23 history::HistoryBackend::ExpireHistoryBetween [components\history\core\browser\history_backend.cc:2308] #24 base::internal::Invoker<>::Run [base\bind_internal.h:352] #25 base.dll!`anonymous namespace'::RunIfNotCanceled [base\task\cancelable_task_tracker.cc:31] #26 base.dll!base::internal::Invoker<>::Run [base\bind_internal.h:352] #27 base.dll!base::`anonymous namespace'::PostTaskAndReplyRelay::Run [base\threading\post_task_and_reply_impl.cc:43] #28 base.dll!base::debug::TaskAnnotator::RunTask [base\debug\task_annotator.cc:51] #29 base.dll!base::MessageLoop::RunTask [base\message_loop\message_loop.cc:476] #30 base.dll!base::MessageLoop::DeferOrRunPendingTask [base\message_loop\message_loop.cc:485] #31 base.dll!base::MessageLoop::DoWork [base\message_loop\message_loop.cc:597] #32 base.dll!base::MessagePumpDefault::Run [base\message_loop\message_pump_default.cc:33] #33 base.dll!base::MessageLoop::RunHandler [base\message_loop\message_loop.cc:440] #34 base.dll!base::MessageLoop::Run [base\message_loop\message_loop.cc:293] #35 base.dll!base::Thread::Run [base\threading\thread.cc:202] #36 base.dll!base::Thread::ThreadMain [base\threading\thread.cc:254] #37 base.dll!base::`anonymous namespace'::ThreadFunc [base\threading\platform_thread_win.cc:84] #38 KERNEL32.dll!BaseThreadInitThunk +0x11 (0x75e3337a <KERNEL32.dll+0x1337a>) Note: @0:02:49.236 in thread 2000 Note: 0x4436e880 refers to -16 byte(s) beyond the top of the stack 0x4436e870 Note: instruction: mov 0x0c(%ebp) -> %esi
,
Mar 20 2016
Caused by the same underlying bug as issue 595792
,
Mar 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/899620623be8f7b5004cea13f7da96ff7ca80c27 commit 899620623be8f7b5004cea13f7da96ff7ca80c27 Author: bruening <bruening@chromium.org> Date: Sun Mar 20 13:37:54 2016 Remove Dr. Memory suppressions and exclusions that are no longer needed. Remove the suppressions and exclusions put in place to work around Dr. Memory bugs that are now fixed. BUG= 594614 , 594618 , 594785 , 594618 , 594808 , 595158 , 595490 TBR=reillyg,oshima NOTRY=true Review URL: https://codereview.chromium.org/1817853002 Cr-Commit-Position: refs/heads/master@{#382222} [modify] https://crrev.com/899620623be8f7b5004cea13f7da96ff7ca80c27/tools/valgrind/drmemory/suppressions_full.txt [modify] https://crrev.com/899620623be8f7b5004cea13f7da96ff7ca80c27/tools/valgrind/gtest_exclude/unit_tests.gtest-drmemory_win32.txt |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by bugdroid1@chromium.org
, Mar 14 2016