GnuTLS is not instrumented causing false positives from CUPS calls |
||||||
Issue descriptionWe do not have prebuilt binaries for GnuTLS and this is causing MSan tests to fail and blaming uninitialized memory. GnuTLS is a dependency of CUPS.
,
Apr 27 2017
Do you have a stack or something? + folks from https://codereview.chromium.org/2737783003
,
Apr 27 2017
This is a symbolized stack trace I get when running
out/linux_msan/browser_test --gtest_filter=PrintPreviewDest*
Uninitialized bytes in __interceptor_send at offset 5 inside [0x71d0000a0030, 151)
==13213==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7ff83c60ce06 in gnutls_record_check_pending ??:?
#1 0x7ff83c60ce06 in ?? ??:0
#2 0x7ff83c60d14e in gnutls_record_check_pending ??:?
#3 0x7ff83c60d14e in ?? ??:0
#4 0x7ff83c60df0e in gnutls_transport_set_errno_function ??:?
#5 0x7ff83c60df0e in ?? ??:0
#6 0x7ff83c611eca in gnutls_handshake_set_max_packet_length ??:?
#7 0x7ff83c611eca in ?? ??:0
#8 0x7ff83c612204 in gnutls_handshake_set_max_packet_length ??:?
#9 0x7ff83c612204 in ?? ??:0
#10 0x7ff83c6135b4 in gnutls_handshake ??:0:0
#11 0x7ff844994fb5 in http_setup_ssl /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:5177:20
#12 0x7ff844997c09 in _httpUpdate /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:3077:11
#13 0x7ff844988d7f in httpUpdate /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:3239:10
#14 0x7ff844988d7f in http_upgrade /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:5598:0
#15 0x7ff8449868fb in httpReconnect2 /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:2653:13
#16 0x7ff844986077 in httpConnect2 /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/http.c:496:21
#17 0x7ff844a31d3b in _cupsConnect /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/request.c:1047:21
#18 0x7ff844a30bb7 in cupsDoIORequest /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/request.c:159:17
#19 0x7ff8449433af in _cupsGetDests /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/dest.c:1501:19
#20 0x7ff84494ad38 in cupsGetDests2 /home/tom/chromium/src/third_party/instrumented_libraries/scripts/out/Instrumented-msan-chained-origins-trusty/gen/third_party/instrumented_libraries/libcups2/cups-1.7.2/cups/dest.c:1725:15
#21 0x1491e51a in printing::PrintBackendCUPS::GetDests(cups_dest_s**) printing/backend/print_backend_cups.cc:227:12
#22 0x1491f7c0 in printing::PrintBackendCUPS::GetDefaultPrinterName() printing/backend/print_backend_cups.cc:112:19
#23 0x16e0c5f4 in printing::(anonymous namespace)::GetDefaultPrinterOnBlockingPoolThread() chrome/browser/ui/webui/print_preview/printer_backend_proxy.cc:62:48
#24 0x16e0c9ed in Invoke<> base/bind_internal.h:164:12
#25 0x16e0c9ed in MakeItSo<std::__1::basic_string<char> (*const &)()> base/bind_internal.h:285:0
#26 0x16e0c9ed in RunImpl<std::__1::basic_string<char> (*const &)(), const std::__1::tuple<> &> base/bind_internal.h:361:0
#27 0x16e0c9ed in base::internal::Invoker<base::internal::BindState<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > (*)()>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > ()>::Run(base::internal::BindStateBase*) base/bind_internal.h:339:0
#28 0x4c90669 in Run base/callback.h:91:12
#29 0x4c90669 in void base::internal::ReturnAsParamAdapter<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >(base::Callback<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*) base/post_task_and_reply_with_result_internal.h:20:0
,
Apr 27 2017
Maybe it's instrumented and we just don't have symbols for us? The relevant bits are probably this:
#21 0x1491e51a in printing::PrintBackendCUPS::GetDests(cups_dest_s**) printing/backend/print_backend_cups.cc:227:12
#22 0x1491f7c0 in printing::PrintBackendCUPS::GetDefaultPrinterName() printing/backend/print_backend_cups.cc:112:19
#23 0x16e0c5f4 in printing::(anonymous namespace)::GetDefaultPrinterOnBlockingPoolThread() chrome/browser/ui/webui/print_preview/printer_backend_proxy.cc:62:48
Do you have more output? Usually you get several stacks: "uninitialized memory used here; first created here"
,
Apr 27 2017
It's not in the list under third_party/instrumented_libraries. An unsymbolized stack trace contains library paths where it is easy to see whether the library is loaded from the build directory, or from somewhere like /usr/lib.
,
Apr 27 2017
Doesn't msan depend on everything being instrumented? It sounds like cups has depended on gnutls for a long time, why have we never noticed that this one is missing?
,
Apr 27 2017
Maybe this code never actually executed? On the other hand, we configure cups with --enable-gnutls.
,
Apr 27 2017
Sorry, left out the last bit, it's blaming gnutls but I'm not sure if this is an actual bug or false positive.
Uninitialized value was stored to memory at
#0 0x733c1b in __msan_memcpy ??:0:0
#1 0x7ff83c60b200 in gnutls_compression_list ??:?
#2 0x7ff83c60b200 in ?? ??:0
Uninitialized value was created by a heap allocation
#0 0x73ad6d in __interceptor_malloc ??:0:0
#1 0x7ff83c60bee8 in gnutls_compression_list ??:?
#2 0x7ff83c60bee8 in ?? ??:0
I took a look at the code it's blaming, and it's copying an array of constants.
,
Apr 27 2017
If you run 'LD_LIBRARY_PATH=/path/to/instrumented/libs ldd out/Release/chrome', there shouldn't be any dependencies on system libraries. The gnutls dependency is definitely a bug. thakis@ are you actively working on this? If you assign this to me, I can get it done within the next few days
,
Apr 27 2017
I won't say no to that :-)
,
Apr 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e80386955278208db321641577837ed7d1771172 commit e80386955278208db321641577837ed7d1771172 Author: thomasanderson <thomasanderson@google.com> Date: Fri Apr 28 07:45:38 2017 Add libgnutls26 to instrumented libraries BUG= 716118 R=eugenis@chromium.org Review-Url: https://codereview.chromium.org/2851493005 Cr-Commit-Position: refs/heads/master@{#467923} [modify] https://crrev.com/e80386955278208db321641577837ed7d1771172/third_party/instrumented_libraries/BUILD.gn [modify] https://crrev.com/e80386955278208db321641577837ed7d1771172/third_party/instrumented_libraries/scripts/install-build-deps.sh
,
Apr 28 2017
gnutls is pretty buggy, it's a bit frightening that we depend on it. https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=status%3AFixed%2CVerified+Type%3ABug%2CBug-Security+-component%3AInfra+gnutls&colspec=ID+Type+Component+Status+Proj+Reported+Owner+Summary&cells=ids Shouldn't we try to get rid of this dependency?
,
Apr 28 2017
PrintPreviewDestinationSearchTest.Select seems to be failing again on the linux msan bot. Here's the first failure: https://build.chromium.org/p/chromium.memory/builders/Linux%20MSan%20Tests/builds/411 .
,
Apr 28 2017
I'm looking into why it's failing. I reverted the previous cause of the failure. I'm going to track the test failure separately crbug.com/716595
,
Apr 28 2017
Does libcups need to be recompiled with different flags? I'm still seeing calls into /usr/lib/x86_64-linux-gnu/libgnutls.so.26+0x1ae06
,
Apr 28 2017
https://codereview.chromium.org/2847033002/ hasn't landed yet. You can apply this patch locally to test. Make sure to run "GYP_DEFINES='msan=1 use_prebuilt_instrumented_libraries=1' gclient runhooks" first.
,
Apr 28 2017
It looks like PrintPreviewDestinationSearchTest is still failing with libgnutls, but there's no msan errors now. Also, now a new test is failing with libgnutls added: https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Ftryserver.chromium.linux%2Flinux_chromium_msan_rel_ng%2F627%2F%2B%2Frecipes%2Fsteps%2Fnet_unittests__with_patch_%2F0%2Flogs%2FNSS__x2f_ClientCertStoreTest__x2f_0.CertAuthorityFiltering%2F0
,
Apr 28 2017
Yes. It looks like there's a different problem with PrintPreviewDestinationSearchTest. Not sure why it's been passing, but I've got a fix.
,
Apr 28 2017
skau@ feel like debugging NSS/ClientCertStoreTest/0.CertAuthorityFiltering too? :)
,
Apr 28 2017
Why not. I'll take a look. I have it patched already.
,
Apr 28 2017
AFAICT, there might be a problem with the nss libarary we're linking to. IsIssuedByEncoded is implemented with CERT_CompareName https://cs.chromium.org/chromium/src/net/cert/x509_util_nss.cc?l=393 which comes from the nss.h header.
,
May 3 2017
Just waiting for bug 716594 to be fixed so that I can land https://codereview.chromium.org/2847033002/
,
May 3 2017
Is bug 716594 actually blocking this? NSS/ClientCertStoreTest/CertAuthorityFiltering was disabled in https://codereview.chromium.org/2850083002.
,
May 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8a38359e077609f8063d4354f43a32864b561ddd commit 8a38359e077609f8063d4354f43a32864b561ddd Author: thomasanderson <thomasanderson@google.com> Date: Wed May 03 06:22:27 2017 Roll msan instrumented libraries This CL rolls the instrumented libraries after the addition of libgnutls26 in https://codereview.chromium.org/2851493005/ CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_msan_rel_ng;master.tryserver.chromium.linux:linux_chromium_chromeos_msan_rel_ng BUG= 716118 R=eugenis@chromium.org Review-Url: https://codereview.chromium.org/2847033002 Cr-Commit-Position: refs/heads/master@{#468904} [modify] https://crrev.com/8a38359e077609f8063d4354f43a32864b561ddd/third_party/instrumented_libraries/binaries/msan-chained-origins-trusty.tgz.sha1 [modify] https://crrev.com/8a38359e077609f8063d4354f43a32864b561ddd/third_party/instrumented_libraries/binaries/msan-no-origins-trusty.tgz.sha1
,
May 3 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by skau@chromium.org
, Apr 27 2017