New issue
Advanced search Search tips

Issue 681925 link

Starred by 2 users
Status: Verified
Owner:
vapier@chromium.org
Closed: Jan 2017
Cc:
khmel@chromium.org
vapier@chromium.org
semenzato@chromium.org
achuith@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

ASAN error detected in chromeos-base/metrics

Project Member Reported by rahulchaudhry@chromium.org, Jan 17 2017 
The amd64-generic-asan buildbot is failing due to a new error in chromeos-base/metrics (started on 1/15/17).
Link to the builder: https://uberchromegw.corp.google.com/i/chromiumos/builders/amd64-generic-asan

Failure from today: https://uberchromegw.corp.google.com/i/chromiumos/builders/amd64-generic-asan/builds/17179/steps/UnitTest/logs/stdio

metrics-0.0.1-r1860: Error: /var/cache/portage/chromeos-base/metrics/out/Default/metrics_library_test: failed with exit code 1
metrics-0.0.1-r1860: Error: the test leaked process llvm-symbolizer with pid 18 (it was forcefully killed)
metrics-0.0.1-r1860:  * ERROR: chromeos-base/metrics-0.0.1-r1860::chromiumos failed (test phase):

metrics-0.0.1-r1860:  * ASAN error detected:
metrics-0.0.1-r1860:  * =================================================================
metrics-0.0.1-r1860:  * ==17==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff840e650e at pc 0x7fd5237a0bb7 bp 0x7fff840e64d0 sp 0x7fff840e64c8
metrics-0.0.1-r1860:  * READ of size 1 at 0x7fff840e650e thread T0
metrics-0.0.1-r1860:  *     #0 0x7fd5237a0bb6 in MetricsLibrary::ConsentId(std::string*) /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../tmp/portage/chromeos-base/metrics-0.0.1-r1860/work/metrics-0.0.1/platform2/metrics/metrics_library.cc:148:7
metrics-0.0.1-r1860:  *     #1 0x7fd523916436 in MetricsLibraryTest_ConsentIdInvalidDirPath_Test::TestBody() /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../tmp/portage/chromeos-base/metrics-0.0.1-r1860/work/metrics-0.0.1/platform2/metrics/metrics_library_test.cc:141:3
metrics-0.0.1-r1860:  *     #2 0x7fd52376e84f in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2078:10
metrics-0.0.1-r1860:  *     #3 0x7fd52376e84f in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2114
metrics-0.0.1-r1860:  *     #4 0x7fd52374fab1 in testing::Test::Run() /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2150:5
metrics-0.0.1-r1860:  *     #5 0x7fd523750f50 in testing::TestInfo::Run() /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2326:5
metrics-0.0.1-r1860:  *     #6 0x7fd523751782 in testing::TestCase::Run() /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2444:5
metrics-0.0.1-r1860:  *     #7 0x7fd52375b018 in testing::internal::UnitTestImpl::RunAllTests() /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:4315:11
metrics-0.0.1-r1860:  *     #8 0x7fd52376f4af in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2078:10
metrics-0.0.1-r1860:  *     #9 0x7fd52376f4af in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:2114
metrics-0.0.1-r1860:  *     #10 0x7fd52375ac79 in testing::UnitTest::Run() /build/amd64-generic/tmp/portage/dev-cpp/gtest-1.7.0/work/gtest-1.7.0-abi_x86_64.amd64/./src/gtest.cc:3926:10
metrics-0.0.1-r1860:  *     #11 0x7fd52391b04b in RUN_ALL_TESTS() /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../usr/include/gtest/gtest.h:2288:10
metrics-0.0.1-r1860:  *     #12 0x7fd52391b04b in main /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../tmp/portage/chromeos-base/metrics-0.0.1-r1860/work/metrics-0.0.1/platform2/metrics/metrics_library_test.cc:289
metrics-0.0.1-r1860:  *     #13 0x7fd521cc7795 in __libc_start_main /var/tmp/portage/cross-x86_64-cros-linux-gnu/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
metrics-0.0.1-r1860:  *     #14 0x7fd523836168 in _start (/var/cache/portage/chromeos-base/metrics/out/Default/metrics_library_test+0x70168)
metrics-0.0.1-r1860:  * 
metrics-0.0.1-r1860:  * Address 0x7fff840e650e is located in stack of thread T0 at offset 46 in frame
metrics-0.0.1-r1860:  *     #0 0x7fd5237a083f in MetricsLibrary::ConsentId(std::string*) /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../tmp/portage/chromeos-base/metrics-0.0.1-r1860/work/metrics-0.0.1/platform2/metrics/metrics_library.cc:136
metrics-0.0.1-r1860:  * 
metrics-0.0.1-r1860:  *   This frame has 2 object(s):
metrics-0.0.1-r1860:  *     [32, 36) 'fd'
metrics-0.0.1-r1860:  *     [48, 88) 'buf' <== Memory access at offset 46 underflows this variable
metrics-0.0.1-r1860:  * HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
metrics-0.0.1-r1860:  *       (longjmp and C++ exceptions *are* supported)
metrics-0.0.1-r1860:  * SUMMARY: AddressSanitizer: stack-buffer-overflow /build/amd64-generic/var/cache/portage/chromeos-base/metrics/out/Default/../../../../../../../tmp/portage/chromeos-base/metrics-0.0.1-r1860/work/metrics-0.0.1/platform2/metrics/metrics_library.cc:148:7 in MetricsLibrary::ConsentId(std::string*)
metrics-0.0.1-r1860:  * Shadow bytes around the buggy address:
metrics-0.0.1-r1860:  *   0x100070814c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814c90: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
metrics-0.0.1-r1860:  * =>0x100070814ca0: 04[f2]00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814cc0: f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 f2 04 f2 04 f2
metrics-0.0.1-r1860:  *   0x100070814cd0: 00 f2 f2 f2 00 f2 f2 f2 00 00 f2 f2 00 f2 f2 f2
metrics-0.0.1-r1860:  *   0x100070814ce0: 00 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  *   0x100070814cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
metrics-0.0.1-r1860:  * Shadow byte legend (one shadow byte represents 8 application bytes):
metrics-0.0.1-r1860:  *   Addressable:           00
metrics-0.0.1-r1860:  *   Partially addressable: 01 02 03 04 05 06 07 
metrics-0.0.1-r1860:  *   Heap left redzone:       fa
metrics-0.0.1-r1860:  *   Heap right redzone:      fb
metrics-0.0.1-r1860:  *   Freed heap region:       fd
metrics-0.0.1-r1860:  *   Stack left redzone:      f1
metrics-0.0.1-r1860:  *   Stack mid redzone:       f2
metrics-0.0.1-r1860:  *   Stack right redzone:     f3
metrics-0.0.1-r1860:  *   Stack partial redzone:   f4
metrics-0.0.1-r1860:  *   Stack after return:      f5
metrics-0.0.1-r1860:  *   Stack use after scope:   f8
metrics-0.0.1-r1860:  *   Global redzone:          f9
metrics-0.0.1-r1860:  *   Global init order:       f6
metrics-0.0.1-r1860:  *   Poisoned by user:        f7
metrics-0.0.1-r1860:  *   Container overflow:      fc
metrics-0.0.1-r1860:  *   Array cookie:            ac
metrics-0.0.1-r1860:  *   Intra object redzone:    bb
metrics-0.0.1-r1860:  *   ASan internal:           fe
metrics-0.0.1-r1860:  *   Left alloca redzone:     ca
metrics-0.0.1-r1860:  *   Right alloca redzone:    cb
metrics-0.0.1-r1860:  * ==17==ABORTING

Comment 1 by vapier@chromium.org, Jan 17 2017

Components: OS>Systems
Owner: vapier@chromium.org
Status: Started (was: Untriaged)

Comment 2 by vapier@chromium.org, Jan 18 2017

Cc: khmel@chromium.org semenzato@chromium.org vapier@chromium.org achuith@chromium.org
 Issue 682375  has been merged into this issue.
Project Member

Comment 3 by bugdroid1@chromium.org, Jan 19 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/c63a8b3d9f5acf8650b91bf5dc1668f7b49f15bd

commit c63a8b3d9f5acf8650b91bf5dc1668f7b49f15bd
Author: Mike Frysinger <vapier@chromium.org>
Date: Tue Jan 17 20:08:20 2017

metrics: fix buffer underrun when reading empty consent id

BUG= chromium:681925 
TEST=running metrics tests w/asan doesn't fail anymore

Change-Id: If51128ebef9ae3d6d1848fbb02389fc5bc38e4d0
Reviewed-on: https://chromium-review.googlesource.com/428951
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Rahul Chaudhry <rahulchaudhry@chromium.org>

[modify] https://crrev.com/c63a8b3d9f5acf8650b91bf5dc1668f7b49f15bd/metrics/metrics_library.cc

Comment 4 by vapier@chromium.org, Jan 19 2017

Status: Fixed (was: Started)

Comment 5 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 6 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 7 by dchan@chromium.org, Aug 1 2017

Labels: VerifyIn-61

Comment 8 by abod...@chromium.org, Aug 3 2017

Status: Verified (was: Fixed)
Closing. Please reopen it if its not fixed. Thanks!

Sign in to add a comment