CFI: invalid cast in SkTArray.h |
||
Issue descriptionVersion: tip OS: Linux x86-64 What steps will reproduce the problem? (1) Build cc_unittests with CFI: $ gn gen //out/gn-cfi '--args=is_cfi=true use_cfi_diag=true is_debug=false is_component_build=false symbol_level=1 dcheck_always_on=true' --check $ build/download_gold_plugin.py $ ninja -C out/gn-cfi cc_unittests (2) Run under GDB: $ gdb -ex 'b __ubsan_handle_cfi_check_fail' -ex r --args ./out/gn-cfi/cc_unittests --single_process --gtest_filter=EnlargedTextureWithAlphaThresholdFilter.GL 3. Observe the error report and the stack trace: ../../third_party/skia/include/gpu/../private/SkTArray.h:189:19: runtime error: control flow integrity check for type 'GrGLSampler' failed during cast to unrelated type (vtable address 0x4242424242424242) 0x4242424242424242: note: invalid vtable Breakpoint 1, 0x00000000004d1fa4 in __ubsan_handle_cfi_check_fail () (gdb) bt #0 0x00000000004d1fa4 in __ubsan_handle_cfi_check_fail () at ../../third_party/skia/src/gpu/glsl/GrGLSLSampler.h:17 #1 0x00000000010d2b4a in GrGLSampler& SkTArray<GrGLSampler, false>::emplace_back<unsigned int&, GrPixelConfig&, GrSLType&, GrSLPrecision&, char const*>(unsigned int&, GrPixelConfig&, GrSLType&, GrSLPrecision&, char const*&&) () at ../../third_party/skia/include/gpu/../private/SkTArray.h:189 #2 0x00000000010d29c9 in GrGLUniformHandler::internalAddSampler(unsigned int, GrPixelConfig, GrSLType, GrSLPrecision, char const*) () at ../../third_party/skia/src/gpu/gl/GrGLUniformHandler.cpp:67 #3 0x00000000010dd087 in GrGLSLProgramBuilder::emitSampler(GrSLType, GrPixelConfig, char const*, GrShaderFlags, SkTArray<GrGLSLProgramDataManager::ShaderResourceHandle, false>*) () at ../../third_party/skia/src /gpu/glsl/GrGLSLProgramBuilder.cpp:279 #4 0x00000000010dcc25 in GrGLSLProgramBuilder::emitSamplers(GrProcessor const&, SkTArray<GrGLSLProgramDataManager::ShaderResourceHandle, false>*, SkTArray<GrGLSLProgramDataManager::ShaderResourceHandle, false>* ) () at ../../third_party/skia/src/gpu/glsl/GrGLSLProgramBuilder.cpp:239 #5 0x00000000010ddb64 in GrGLSLProgramBuilder::emitAndInstallFragProc(GrFragmentProcessor const&, int, GrGLSLExpr4 const&, GrGLSLExpr4*) () at ../../third_party/skia/src/gpu/glsl/GrGLSLProgramBuilder.cpp:154 #6 0x00000000010dbf9d in GrGLSLProgramBuilder::emitAndInstallFragProcs(int, int, GrGLSLExpr4*) () at ../../third_party/skia/src/gpu/glsl/GrGLSLProgramBuilder.cpp:130 #7 0x00000000010db7f1 in GrGLSLProgramBuilder::emitAndInstallProcs(GrGLSLExpr4*, GrGLSLExpr4*) () at ../../third_party/skia/src/gpu/glsl/GrGLSLProgramBuilder.cpp:68 #8 0x00000000010d4625 in GrGLProgramBuilder::CreateProgram(GrPipeline const&, GrPrimitiveProcessor const&, GrGLProgramDesc const&, GrGLGpu*) () at ../../third_party/skia/src/gpu/gl/builders/GrGLProgramBuilder.c pp:47 #9 0x00000000010ad2a7 in GrGLGpu::ProgramCache::refProgram(GrGLGpu const*, GrPipeline const&, GrPrimitiveProcessor const&) () at ../../third_party/skia/src/gpu/gl/GrGLGpuProgramCache.cpp:151 #10 0x00000000010a843b in GrGLGpu::flushGLState(GrPipeline const&, GrPrimitiveProcessor const&) () at ../../third_party/skia/src/gpu/gl/GrGLGpu.cpp:2007 #11 0x000000000109d69a in GrGLGpu::onDraw(GrPipeline const&, GrPrimitiveProcessor const&, GrMesh const*, int) () at ../../third_party/skia/src/gpu/gl/GrGLGpu.cpp:2732 #12 0x0000000001012df8 in GrGpu::draw(GrPipeline const&, GrPrimitiveProcessor const&, GrMesh const*, int) () at ../../third_party/skia/src/gpu/GrGpu.cpp:488 #13 0x0000000001060b94 in GrVertexBatch::onDraw(GrBatchFlushState*) () at ../../third_party/skia/src/gpu/batches/GrVertexBatch.cpp:78 #14 0x000000000100c3e4 in GrDrawTarget::drawBatches(GrBatchFlushState*) () at ../../third_party/skia/src/gpu/GrDrawTarget.cpp:224 #15 0x000000000100a275 in GrDrawingManager::flush() () at ../../third_party/skia/src/gpu/GrDrawingManager.cpp:84 #16 0x0000000001000fe1 in GrContext::flush(int) () at ../../third_party/skia/src/gpu/GrContext.cpp:237 #17 0x00000000010039ee in GrContext::prepareSurfaceForExternalIO(GrSurface*) () at ../../third_party/skia/src/gpu/GrContext.cpp:537 #18 0x00000000010e8689 in SkGpuDevice::flush() () at ../../third_party/skia/src/gpu/SkGpuDevice.cpp:1723 #19 0x0000000000bce94a in cc::ApplyImageFilter(std::unique_ptr<cc::GLRenderer::ScopedUseGrContext, std::default_delete<cc::GLRenderer::ScopedUseGrContext> >, cc::ResourceProvider*, gfx::RectF const&, gfx::RectF const&, gfx::Vector2dF const&, SkImageFilter*, cc::ScopedResource*) () at ../../cc/output/gl_renderer.cc:659 #20 0x0000000000bbc8b9 in cc::GLRenderer::DrawRenderPassQuad(cc::DirectRenderer::DrawingFrame*, cc::RenderPassDrawQuad const*, gfx::QuadF const*) () at ../../cc/output/gl_renderer.cc:1027 #21 0x0000000000bb3978 in cc::GLRenderer::DoDrawQuad(cc::DirectRenderer::DrawingFrame*, cc::DrawQuad const*, gfx::QuadF const*) () at ../../cc/output/gl_renderer.cc:528 #22 0x0000000000baa7a2 in cc::DirectRenderer::DrawRenderPass(cc::DirectRenderer::DrawingFrame*, cc::RenderPass const*) () at ../../cc/output/direct_renderer.cc:520 #23 0x0000000000baa080 in cc::DirectRenderer::DrawRenderPassAndExecuteCopyRequests(cc::DirectRenderer::DrawingFrame*, cc::RenderPass*) () at ../../cc/output/direct_renderer.cc:418 #24 0x0000000000ba9e18 in cc::DirectRenderer::DrawFrame(std::vector<std::unique_ptr<cc::RenderPass, std::default_delete<cc::RenderPass> >, std::allocator<std::unique_ptr<cc::RenderPass, std::default_delete<cc::R enderPass> > > >*, float, gfx::Rect const&, gfx::Rect const&, bool) () at ../../cc/output/direct_renderer.cc:272 #25 0x0000000000c925b4 in cc::LayerTreeHostImpl::DrawLayers(cc::LayerTreeHostImpl::FrameData*) () at ../../cc/trees/layer_tree_host_impl.cc:1668 #26 0x0000000000d04cb2 in cc::LayerTreeHostImplForTesting::DrawLayers(cc::LayerTreeHostImpl::FrameData*) () at ../../cc/test/layer_tree_test.cc:237 #27 0x0000000000cce4d1 in cc::ProxyImpl::DrawAndSwapInternal(bool) () at ../../cc/trees/proxy_impl.cc:635 #28 0x0000000000ccd2a3 in cc::ProxyImpl::ScheduledActionDrawAndSwapIfPossible() () at ../../cc/trees/proxy_impl.cc:521 #29 0x0000000000d11792 in cc::ProxyImplForTest::ScheduledActionDrawAndSwapIfPossible() () at ../../cc/test/proxy_impl_for_test.cc:49 #30 0x0000000000c40eab in cc::Scheduler::DrawAndSwapIfPossible() () at ../../cc/scheduler/scheduler.cc:622 #31 0x0000000000c409fd in cc::Scheduler::ProcessScheduledActions() () at ../../cc/scheduler/scheduler.cc:702 #32 0x0000000000c405b4 in cc::Scheduler::OnBeginImplFrameDeadline() () at ../../cc/scheduler/scheduler.cc:611 #33 0x0000000000b6f505 in void base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const> >::MakeItSo<base::WeakPtr<base::CancelableCallback<voi d ()> >>(base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const>, base::WeakPtr<base::CancelableCallback<void ()> >) () at ../../base/bind_internal.h:334 #34 0x0000000000c41f13 in base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void (cc::Scheduler::*)()>, void (cc::Scheduler*), base::WeakPtr<cc::Schedule r> >, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (cc::Scheduler::*)()> >, void ()>::Run(base::internal::BindStateBase*) () at ../../base/bind_internal.h:372 #35 0x0000000000b6f505 in void base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const> >::MakeItSo<base::WeakPtr<base::CancelableCallback<voi d ()> >>(base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const>, base::WeakPtr<base::CancelableCallback<void ()> >) () at ../../base/bind_internal.h:334 #36 0x0000000000b6f4a3 in base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const>, void (base::CancelableC allback<void ()> const*), base::WeakPtr<base::CancelableCallback<void ()> > >, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (base::CancelableCallback<void ()>::*)() const> >, voi d ()>::Run(base::internal::BindStateBase*) () at ../../base/bind_internal.h:372 #37 0x000000000136bb19 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) () at ../../base/debug/task_annotator.cc:51 This issue was introduced in https://codereview.chromium.org/1904663004/ and broke 'CFI Linux' buildbot: https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5115 Please, take a look. Feel free to reassign back to me, if you have any difficulties in reproducing the issue.
,
Apr 21 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/e0c1d285a00e47e1d1584e6a35b95ef2f0d945ff commit e0c1d285a00e47e1d1584e6a35b95ef2f0d945ff Author: krasin <krasin@google.com> Date: Thu Apr 21 15:34:00 2016 SkTArray: fix invalid reinterpret_casts over non-initialized memory. This should fix 'CFI Linux' buildbot, which is currently horribly broken: https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5115 BUG= 605337 Review URL: https://codereview.chromium.org/1908763002 [modify] https://crrev.com/e0c1d285a00e47e1d1584e6a35b95ef2f0d945ff/include/private/SkTArray.h
,
Apr 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7436d50309763b5780e7416550fad161577ac2a9 commit 7436d50309763b5780e7416550fad161577ac2a9 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Thu Apr 21 19:57:47 2016 Roll src/third_party/skia/ 58a8d9214..730058f6a (5 commits). https://chromium.googlesource.com/skia.git/+log/58a8d9214a70..730058f6a89c $ git log 58a8d9214..730058f6a --date=short --no-merges --format='%ad %ae %s' 2016-04-21 halcanary gDefaultProfileIsSRGB symbol must exist in .so 2016-04-21 brianosman Remove obsolete image codec colorspace hacks. 2016-04-21 herb Fix code regression to more precise call. 2016-04-21 krasin SkTArray: fix invalid reinterpret_casts over non-initialized memory. 2016-04-21 brianosman Include scaler context flags (gamma and contrast boost) in the text blob cache key. BUG= 605337 CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel TBR=fmalita@google.com Review URL: https://codereview.chromium.org/1911793002 Cr-Commit-Position: refs/heads/master@{#388867} [modify] https://crrev.com/7436d50309763b5780e7416550fad161577ac2a9/DEPS
,
Apr 22 2016
'CFI Linux' buildbot cycled green: https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux/builds/5131 |
||
►
Sign in to add a comment |
||
Comment 1 by krasin@chromium.org
, Apr 21 2016