New issue
Advanced search Search tips

Issue 740782 link

Starred by 1 user
Status: Fixed
Owner:
dtapu...@chromium.org
Closed: Jul 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 732652



Sign in to add a comment

RenderWidgetHostTest.* tests fail under CFI

Project Member Reported by p...@chromium.org, Jul 11 2017 
Chrome Version: trunk
OS: Linux

What steps will reproduce the problem?
(1) cat args.gn
allow_posix_link_time_opt = true
dcheck_always_on = true
is_cfi = true
is_component_build = false
is_debug = false
strip_absolute_paths_from_debug_symbols = true
use_cfi_cast = true
use_cfi_diag = true
use_goma = true
use_thin_lto = true
(2) ninja content_unittests
(3) UBSAN_OPTIONS=print_stacktrace=1 ./content_unittests --gtest_filter=RenderWidgetHostTest.KeyboardListenerIgnoresEvent

What is the expected result?

test passes


What happens instead?

../../content/browser/renderer_host/render_widget_host_unittest.cc:214:13: runtime error: control flow integrity check for type 'content::LegacyInputRouterImpl' failed during base-to-derived cast (vtable address 0x0000008e7a10)
0x0000008e7a10: note: vtable is of type 'content::MockInputRouter'
 00 00 00 00  a0 f7 d0 03 00 00 00 00  10 f0 6c 03 00 00 00 00  20 f0 6c 03 00 00 00 00  30 f0 6c 03
              ^
    #0 0x3d07141 in content::MockRenderWidgetHost::SetupForInputRouterTest() content/browser/renderer_host/render_widget_host_unittest.cc:214:13
    #1 0x3d07335 in content::RenderWidgetHostTest_KeyboardListenerIgnoresEvent_Test::TestBody() content/browser/renderer_host/render_widget_host_unittest.cc:1712:10
    #2 0x5a70b2f in testing::Test::Run() third_party/googletest/src/googletest/src/gtest.cc:2471:5
    #3 0x5a7127d in testing::TestInfo::Run() third_party/googletest/src/googletest/src/gtest.cc:2653:11
    #4 0x5a71931 in testing::TestCase::Run() third_party/googletest/src/googletest/src/gtest.cc:2771:28
    #5 0x5a76622 in testing::internal::UnitTestImpl::RunAllTests() third_party/googletest/src/googletest/src/gtest.cc:4648:43
    #6 0x5a7634b in testing::UnitTest::Run() third_party/googletest/src/googletest/src/gtest.cc:4256:10
    #7 0x5b1a13f in base::TestSuite::Run() base/test/test_suite.cc:271:16
    #8 0x40df490 in int base::internal::Invoker<base::internal::BindState<int (content::UnitTestTestSuite::*)(), base::internal::UnretainedWrapper<content::UnitTestTestSuite> >, int ()>::RunImpl<int (content::UnitTestTestSuite::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::UnitTestTestSuite> > const&, 0ul>(int (content::UnitTestTestSuite::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::UnitTestTestSuite> > const&, base::IndexSequence<0ul>) base/bind_internal.h:351:12
    #9 0x5b222ef in base::(anonymous namespace)::LaunchUnitTestsInternal(base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned long, int, bool, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:216:27
    #10 0x5b221b8 in base::LaunchUnitTests(int, char**, base::Callback<int (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) base/test/launcher/unit_test_launcher.cc:462:10
    #11 0x40df37b in main content/test/run_all_unittests.cc:20:10
    #12 0x7f47d550ef44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287:0
    #13 0x333e028 in _start ??:0:0


Please use labels and text to provide additional information.

Appears to be caused by https://chromium-review.googlesource.com/c/541036/

This issue is affecting the "CFI Linux Full" bot, e.g. https://build.chromium.org/p/chromium.fyi/builders/CFI%20Linux%20Full/builds/2377
and is blocking us from moving it to chromium.memory.

Comment 1 by dtapu...@chromium.org, Jul 11 2017

Status: Started (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d2497a286e5976a832e1fd7745bea34e5d5858f2

commit d2497a286e5976a832e1fd7745bea34e5d5858f2
Author: Dave Tapuska <dtapuska@chromium.org>
Date: Tue Jul 11 17:43:22 2017

Fix a bad cast in the RenderWidgetHostTest.

Appears I made a copy and paste error in change
https://chromium-review.googlesource.com/c/541036/

and cloned a line that should have been a null assignment instead
of a cast.

BUG= 740782 

Change-Id: Ibd417b468477a0315f19bb3c501151f5ed5b43b7
Reviewed-on: https://chromium-review.googlesource.com/567121
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485671}
[modify] https://crrev.com/d2497a286e5976a832e1fd7745bea34e5d5858f2/content/browser/renderer_host/render_widget_host_unittest.cc

Comment 3 by dtapu...@chromium.org, Jul 11 2017

Status: Fixed (was: Started)

Sign in to add a comment