Issue 767188 link

Starred by 1 user
Issue metadata

Status:	Available
Owner:	----
Components:	Tests
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	3
Type:	Bug
DownloadProtectionServiceFlagTest.CheckClientDownloadOverridenByFlag fail in unit_tests with ASAN

Project Member Reported by shrike@chromium.org, Sep 20 2017
Issue description

Chrome Version: 63.0.3216.0
OS: macOS 10.12

[ RUN      ] DownloadProtectionServiceFlagTest.CheckClientDownloadOverridenByFlag
=================================================================
==78403==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300004ee00 at pc 0x00011c94837e bp 0x7fff54ecff90 sp 0x7fff54ecff88
READ of size 8 at 0x61300004ee00 thread T0
    #0 0x11c94837d in safe_browsing::ClientSideDetectionService::SendModelToProcess(content::RenderProcessHost*) client_side_detection_service.cc:233
    #1 0x11c948550 in safe_browsing::ClientSideDetectionService::SendModelToRenderers() client_side_detection_service.cc:254
    #2 0x11c9429bf in safe_browsing::ClientSideDetectionService::SetEnabledAndRefreshState(bool) client_side_detection_service.cc:128
    #3 0x11c9fb99d in safe_browsing::ServicesDelegateImpl::RefreshState(bool) services_delegate_impl.cc:115
    #4 0x11c920cea in safe_browsing::SafeBrowsingService::RefreshState() safe_browsing_service.cc:569
    #5 0x11c92039d in safe_browsing::SafeBrowsingService::AddPrefService(PrefService*) safe_browsing_service.cc:510
    #6 0x111e60433 in content::NotificationServiceImpl::Notify(int, content::NotificationSource const&, content::NotificationDetails const&) notification_service_impl.cc:122
    #7 0x114c43b41 in TestingProfile::TestingProfile(base::FilePath const&) testing_profile.cc:532
    #8 0x10ef2fdb4 in safe_browsing::DownloadProtectionServiceTest::SetUp() download_protection_service_unittest.cc:292
    #9 0x10ef332ec in safe_browsing::DownloadProtectionServiceFlagTest::SetUp() download_protection_service_unittest.cc:2523
    #10 0x11044a52f in testing::Test::Run() gtest.cc:2468
    #11 0x11044c4e3 in testing::TestInfo::Run() gtest.cc:2654
    #12 0x11044d816 in testing::TestCase::Run() gtest.cc:2772
    #13 0x110462266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #14 0x110461829 in testing::UnitTest::Run() gtest.cc:4285
    #15 0x114c70806 in base::TestSuite::Run() test_suite.cc:270
    #16 0x114c996ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #17 0x114c9934b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #18 0x114c4ffbc in main run_all_unittests.cc:30
    #19 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

0x61300004ee00 is located 0 bytes inside of 368-byte region [0x61300004ee00,0x61300004ef70)
freed by thread T0 here:
    #0 0x12f82b232  (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x64232)
    #1 0x10ef3899e in safe_browsing::DownloadProtectionServiceTest::~DownloadProtectionServiceTest() memory:2233
    #2 0x10ef320dd in safe_browsing::DownloadProtectionServiceTest_VerifyReferrerChainWithEmptyNavigationHistory_Test::~DownloadProtectionServiceTest_VerifyReferrerChainWithEmptyNavigationHistory_Test() download_protection_service_unittest.cc:2473
    #3 0x11044c603 in testing::TestInfo::Run() gtest.h:453
    #4 0x11044d816 in testing::TestCase::Run() gtest.cc:2772
    #5 0x110462266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #6 0x110461829 in testing::UnitTest::Run() gtest.cc:4285
    #7 0x114c70806 in base::TestSuite::Run() test_suite.cc:270
    #8 0x114c996ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #9 0x114c9934b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #10 0x114c4ffbc in main run_all_unittests.cc:30
    #11 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

previously allocated by thread T0 here:
    #0 0x12f82ac32  (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x63c32)
    #1 0x10ef2fd9e in safe_browsing::DownloadProtectionServiceTest::SetUp() download_protection_service_unittest.cc:292
    #2 0x11044a52f in testing::Test::Run() gtest.cc:2468
    #3 0x11044c4e3 in testing::TestInfo::Run() gtest.cc:2654
    #4 0x11044d816 in testing::TestCase::Run() gtest.cc:2772
    #5 0x110462266 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4677
    #6 0x110461829 in testing::UnitTest::Run() gtest.cc:4285
    #7 0x114c70806 in base::TestSuite::Run() test_suite.cc:270
    #8 0x114c996ad in base::(anonymous namespace)::LaunchUnitTestsInternal(base::RepeatingCallback<int ()> const&, unsigned long, int, bool, base::RepeatingCallback<void ()> const&) callback.h:92
    #9 0x114c9934b in base::LaunchUnitTests(int, char**, base::RepeatingCallback<int ()> const&) unit_test_launcher.cc:475
    #10 0x114c4ffbc in main run_all_unittests.cc:30
    #11 0x7fff99bc4234 in start (libdyld.dylib:x86_64+0x5234)

SUMMARY: AddressSanitizer: heap-use-after-free client_side_detection_service.cc:233 in safe_browsing::ClientSideDetectionService::SendModelToProcess(content::RenderProcessHost*)
Shadow bytes around the buggy address:
  0x1c2600009d70: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c2600009d80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c2600009d90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600009da0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600009db0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
=>0x1c2600009dc0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600009dd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600009de0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
  0x1c2600009df0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c2600009e00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2600009e10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==78403==ABORTING
Received signal 6
 [0x000116bd36ac]
 [0x000116bd33c5]
 [0x7fff99dd3b3a]
 [0x00013ca39551]
 [0x7fff99c58420]
 [0x00012f83f2e6]
 [0x00012f83e224]
 [0x00012f8248d7]
 [0x00012f824342]
 [0x00012f82507b]
 [0x00011c94837e]
 [0x00011c948551]
 [0x00011c9429c0]
 [0x00011c9fb99e]
 [0x00011c920ceb]
 [0x00011c92039e]
 [0x000111e60434]
 [0x000114c43b42]
 [0x00010ef2fdb5]
 [0x00010ef332ed]
 [0x00011044a530]
 [0x00011044c4e4]
 [0x00011044d817]
 [0x000110462267]
 [0x00011046182a]
 [0x000114c70807]
 [0x000114c996ae]
 [0x000114c9934c]
 [0x000114c4ffbd]
 [0x7fff99bc4235]
[end of stack trace]
Comment 1 by shrike@chromium.org, Jan 23 2018

Owner: ----
Status: Available (was: Assigned)
►
Issue 767188 link

Issue metadata

DownloadProtectionServiceFlagTest.CheckClientDownloadOverridenByFlag fail in unit_tests with ASAN

Issue description

Comment 1 by shrike@chromium.org, Jan 23 2018

Comment 1 Deleted

Sign in to add a comment
