New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 738248 link

Starred by 1 user
Status: Fixed
Owner:
jialiul@chromium.org
Last visit > 30 days ago
Closed: Jun 2017
Cc:
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocking:
issue 732652



Sign in to add a comment

ChromePasswordProtectionServiceTest.* tests fail under CFI

Project Member Reported by p...@chromium.org, Jun 30 2017 
Chrome Version: trunk
OS: Linux

What steps will reproduce the problem?
(1) cat args.gn
allow_posix_link_time_opt = true
dcheck_always_on = true
is_cfi = true
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
use_cfi_cast = true
use_cfi_diag = true
use_goma = true
use_thin_lto = true
(2) ninja unit_tests
(3) UBSAN_OPTIONS=print_stacktrace=1 ./unit_tests --gtest_filter=ChromePasswordProtectionServiceTest.*


What is the expected result?

tests pass


What happens instead?

../../chrome/browser/signin/signin_manager_factory.cc:58:10: runtime error: control flow integrity check for type 'SigninManager' failed during base-to-derived cast (vtable address 0x000000bb63d0)
0x000000bb63d0: note: vtable is of type 'SigninManagerBase'
 00 00 00 00  80 5b 0a 0d 00 00 00 00  90 5d 0a 0d 00 00 00 00  c0 6d 0a 0d 00 00 00 00  50 62 0a 0d
              ^
    #0 0xbb65f5d in SigninManagerFactory::GetForProfile(Profile*) chrome/browser/signin/signin_manager_factory.cc:58:10
    #1 0xbd2931d in policy::UserPolicySigninServiceFactory::BuildServiceInstanceFor(content::BrowserContext*) const chrome/browser/policy/cloud/user_policy_signin_service_factory.cc:78:7
    #2 0xd7a5f33 in BrowserContextKeyedServiceFactory::BuildServiceInstanceFor(base::SupportsUserData*) const components/keyed_service/content/browser_context_keyed_service_factory.cc:92:7
    #3 0xd0186b4 in KeyedServiceFactory::GetServiceForContext(base::SupportsUserData*, bool) components/keyed_service/core/keyed_service_factory.cc:89:15
    #4 0xd013bf8 in DependencyManager::CreateContextServices(base::SupportsUserData*, bool) components/keyed_service/core/dependency_manager.cc:72:16
    #5 0xd7a4bc6 in BrowserContextDependencyManager::DoCreateBrowserContextServices(content::BrowserContext*, bool) components/keyed_service/content/browser_context_dependency_manager.cc:47:22
    #6 0xa75d993 in TestingProfile::Init() chrome/test/base/testing_profile.cc:524:40
    #7 0xa75e19c in TestingProfile::TestingProfile(base::FilePath const&, Profile::Delegate*, scoped_refptr<ExtensionSpecialStoragePolicy>, std::unique_ptr<sync_preferences::PrefServiceSyncable, std::default_delete<sync_preferences::PrefServiceSyncable> >, TestingProfile*, bool, std::string const&, std::unique_ptr<policy::PolicyService, std::default_delete<policy::PolicyService> >, std::vector<std::pair<BrowserContextKeyedServiceFactory*, std::unique_ptr<KeyedService, std::default_delete<KeyedService> > (*)(content::BrowserContext*)>, std::allocator<std::pair<BrowserContextKeyedServiceFactory*, std::unique_ptr<KeyedService, std::default_delete<KeyedService> > (*)(content::BrowserContext*)> > > const&, std::string const&) chrome/test/base/testing_profile.cc:379:3
    #8 0xa760fb9 in TestingProfile::Builder::Build() chrome/test/base/testing_profile.cc:1116:46
    #9 0x7fa968b in safe_browsing::ChromePasswordProtectionServiceTest::CreateBrowserContext() chrome/browser/safe_browsing/chrome_password_protection_service_unittest.cc:150:20
    #10 0xa866071 in content::RenderViewHostTestHarness::SetUp() content/public/test/test_renderer_host.cc:292:26
    #11 0x7fa94c6 in safe_browsing::ChromePasswordProtectionServiceTest::SetUp() chrome/browser/safe_browsing/chrome_password_protection_service_unittest.cc:126:38
    #12 0x83d7cb2 in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2467:3
    #13 0x83d842d in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2653:11
    #14 0x83d8b01 in testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28
    #15 0x83dcc12 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43
    #16 0x83dc93c in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256:10
    #17 0xa772c63 in base::TestSuite::Run() base/test/test_suite.cc:271:16
    #18 0xa765c8d in int base::internal::Invoker<base::internal::BindState<int (content::UnitTestTestSuite::*)(), base::internal::UnretainedWrapper<content::UnitTestTestSuite> >, int ()>::RunImpl<int (content::UnitTestTestSuite::* const&)(), std::tuple<base::internal::UnretainedWrapper<content::UnitTestTestSuite> > const&, 0ul>(int (content::UnitTestTestSuite::* const&)(), std::tuple<base::internal::UnretainedWrapper<content::UnitTestTestSuite> > const&, base::IndexSequence<0ul>) base/bind_internal.h:351:12
    #19 0xa776b4e in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:216:27
    #20 0xa776a21 in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:458:10
    #21 0xa765a10 in main chrome/test/base/run_all_unittests.cc:30:10
    #22 0x7f2cc8b0bf44 in __libc_start_main /build/eglibc-MjiXCM/eglibc-2.19/csu/libc-start.c:287:0
    #23 0x6de8028 in _start ??:0:0


Please use labels and text to provide additional information.

Appears to be caused by https://codereview.chromium.org/2949243004

This issue is affecting the "CFI Linux Full" bot, e.g. https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux%20Full/builds/2317
and is blocking us from moving it to chromium.memory.

Comment 1 by p...@chromium.org, Jun 30 2017

Blocking: 732652

Comment 2 by jialiul@chromium.org, Jun 30 2017

Components: Services>Safebrowsing
Labels: SafeBrowsing-Triaged
Status: Started (was: Untriaged)

Comment 3 by jialiul@chromium.org, Jun 30 2017 

Thanks for your detailed repro. I'm able to reproduce this issue. CL will be up soon.
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0307955684ea0d514499cb653d036c9873228119

commit 0307955684ea0d514499cb653d036c9873228119
Author: Jialiu Lin <jialiul@chromium.org>
Date: Fri Jun 30 17:52:57 2017

Fix ChromePasswordProtectionServiceTest.* under CFI

Bug:  738248 
Change-Id: I1c2f99809ed0d3e2a4763140d2ec7afeaaec7b70
Reviewed-on: https://chromium-review.googlesource.com/557369
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Commit-Queue: Jialiu Lin <jialiul@chromium.org>
Cr-Commit-Position: refs/heads/master@{#483752}
[modify] https://crrev.com/0307955684ea0d514499cb653d036c9873228119/chrome/browser/safe_browsing/chrome_password_protection_service_unittest.cc

Comment 5 by jialiul@chromium.org, Jun 30 2017

Status: Fixed (was: Started)

Sign in to add a comment