Issue 738269 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	ma...@chromium.org
Closed:	Jul 2017
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug

Blocking:
issue 732652

PaymentRequestSettingsLinkTest.ClickSettingsLink test fails under CFI

Project Member Reported by p...@chromium.org, Jun 30 2017

Issue description

Chrome Version: trunk
OS: Linux

What steps will reproduce the problem?
(1) cat args.gn
allow_posix_link_time_opt = true
dcheck_always_on = true
is_cfi = true
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
use_cfi_cast = true
use_cfi_diag = true
use_goma = true
use_thin_lto = true
(2) ninja unit_tests
(3) UBSAN_OPTIONS=print_stacktrace=1 ./browser_tests -gtest_filter=PaymentRequestSettingsLinkTest.ClickSettingsLink

What is the expected result?

tests pass

What happens instead?

../../chrome/browser/ui/views/payments/payment_request_browsertest.cc:403:7: runtime error: control flow integrity check for type 'views::Link' failed during base-to-derived cast (vtable address 0x000000fd1cf0)
0x000000fd1cf0: note: vtable is of type 'views::Label'
 00 00 00 00  20 a9 4a 09 00 00 00 00  70 a9 4a 09 00 00 00 00  d0 b6 45 09 00 00 00 00  00 26 24 0a
              ^
    #0 0x5e998e7 in payments::PaymentRequestSettingsLinkTest_ClickSettingsLink_Test::RunTestOnMainThread() chrome/browser/ui/views/payments/payment_request_browsertest.cc:403:7
    #1 0x8a625f7 in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() content/public/test/browser_test_base.cc:314:5
    #2 0x8a63320 in void base::internal::Invoker<base::internal::BindState<void (content::BrowserTestBase::*)(), base::internal::UnretainedWrapper<content::BrowserTestBase> >, void ()>::RunImpl<void (content::BrowserTestBase::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase> > const&, 0ul>(void (content::BrowserTestBase::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::BrowserTestBase> > const&, base::IndexSequence<0ul>) base/bind_internal.h:351:12
    #3 0x829833e in ChromeBrowserMainParts::PreMainMessageLoopRunImpl() chrome/browser/chrome_browser_main.cc:1904:27
    #4 0x82975f4 in ChromeBrowserMainParts::PreMainMessageLoopRun() chrome/browser/chrome_browser_main.cc:1256:18
    #5 0x69f3cf5 in content::BrowserMainLoop::PreMainMessageLoopRun() content/browser/browser_main_loop.cc:1125:13
    #6 0x69f71e0 in int base::internal::Invoker<base::internal::BindState<int (content::BrowserMainLoop::*)(), base::internal::UnretainedWrapper<content::BrowserMainLoop> >, int ()>::RunImpl<int (content::BrowserMainLoop::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::BrowserMainLoop> > const&, 0ul>(int (content::BrowserMainLoop::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::BrowserMainLoop> > const&, base::IndexSequence<0ul>) base/bind_internal.h:351:12
    #7 0x6fe9378 in content::StartupTaskRunner::RunAllTasksNow() content/browser/startup_task_runner.cc:45:18
    #8 0x69f2456 in content::BrowserMainLoop::CreateStartupTasks() content/browser/browser_main_loop.cc:925:25
    #9 0x69f8659 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) content/browser/browser_main_runner.cc:127:17
    #10 0x69ef6f5 in content::BrowserMain(content::MainFunctionParams const&) content/browser/browser_main.cc:42:32
    #11 0x80a8f3f in content::RunNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) content/app/content_main_runner.cc:407:14
    #12 0x80aa2ad in content::ContentMainRunnerImpl::Run() content/app/content_main_runner.cc:696:12
    #13 0xa34307c in service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:469:29
    #14 0x80a85b0 in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10
    #15 0x8a6230e in content::BrowserTestBase::SetUp() content/public/test/browser_test_base.cc:270:3
    #16 0x821c96c in InProcessBrowserTest::SetUp() chrome/test/base/in_process_browser_test.cc:271:20
    #17 0x6096f82 in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2467:3
    #18 0x60976ed in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2653:11
    #19 0x6097da1 in testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28
    #20 0x609ca52 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43
    #21 0x609c77b in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256:10
    #22 0x823192f in base::TestSuite::Run() base/test/test_suite.cc:271:16
    #23 0x80d8789 in ChromeTestSuiteRunner::RunTestSuite(int, char**) chrome/test/base/chrome_test_launcher.cc:68:38
    #24 0x8ab1bd2 in content::LaunchTests(content::TestLauncherDelegate*, int, int, char**) content/public/test/test_launcher.cc:520:31
    #25 0x80d86d9 in main chrome/test/base/browser_tests_main.cc:15:10
    #26 0x7f840e260f44 in __libc_start_main /build/eglibc-MjiXCM/eglibc-2.19/csu/libc-start.c:287:0
    #27 0x5269028 in _start ??:0:0

Please use labels and text to provide additional information.

Appears to be caused by https://chromium-review.googlesource.com/c/541679

This issue is affecting the "CFI Linux Full" bot, e.g. https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux%20Full/builds/2317
and is blocking us from moving it to chromium.memory.

Project Member

Comment 1 by bugdroid1@chromium.org, Jul 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/081933e6ff3e0f9274c7b283ea0472f35dcf6922

commit 081933e6ff3e0f9274c7b283ea0472f35dcf6922
Author: Mathieu Perreault <mathp@chromium.org>
Date: Tue Jul 04 13:50:25 2017

[Payments] Fix Settings test under CFI for Payment Request

See bug description. Failure no longer occurs.

Bug:  738269 
Test: browser_tests
Change-Id: Ibc785ac20fccb8af2544b4a41bb68b76e0b38adb
Reviewed-on: https://chromium-review.googlesource.com/558658
Commit-Queue: Anthony Vallee-Dubois <anthonyvd@chromium.org>
Reviewed-by: Anthony Vallee-Dubois <anthonyvd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#484098}
[modify] https://crrev.com/081933e6ff3e0f9274c7b283ea0472f35dcf6922/chrome/browser/ui/views/payments/payment_request_browsertest.cc

Comment 2 by ma...@chromium.org, Jul 4 2017

Status: Fixed (was: Untriaged)

Should be good now!

►

Issue 738269 link

Issue metadata

PaymentRequestSettingsLinkTest.ClickSettingsLink test fails under CFI

Issue description

Comment 1 by bugdroid1@chromium.org, Jul 4 2017

Comment 1 Deleted

Comment 2 by ma...@chromium.org, Jul 4 2017

Comment 2 Deleted

Sign in to add a comment