Chrome Version: 69.0.3483.0 (master revision 68bf9707c10 (#572879))
OS: Ubuntu 16.04 64-bit
What steps will reproduce the problem?
(1) Build a Chromium-based application with the below GN defines that enable GTK2 and cfi-icall checking with diagnostic messages.
(2) Run the application.
GN defines:
is_cfi=true
is_debug=false
target_cpu="x64"
use_cfi_cast=true
use_cfi_diag=true
use_cfi_icall=true
use_gtk3=false
use_sysroot=true
What is the expected result?
The application should run successfully.
What happens instead?
The application crashes with the following CFI diagnostics message:
../../ui/accessibility/platform/atk_util_auralinux_gtk2.cc:58:3: runtime error: control flow integrity check for type 'void ()' failed during indirect function call
(/usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libatk-bridge.so+0x920): note: (unknown) defined here
../../ui/accessibility/platform/atk_util_auralinux_gtk2.cc:58:3: note: check failed in /home/marshall/code/chromium_git/chromium/src/out/Release_GN_x64/./libcef.so, destination function located in /usr/lib/x86_64-linux-gnu/gtk-2.0/modules/libatk-bridge.so
Building with `is_official_build=true use_gtk3=false` will also crash (less informatively) because cfi-icall was enabled by default for official builds starting in https://crrev.com/a6889a090458a2653794c6e63387d6db743dc7f9.
Please use labels and text to provide additional information.
The init_func() pointer [1] needs to use ProtectedMemory, or the FinishAccessibilityInitOnMainThread function needs to be annotated with NO_SANITIZE("cfi-icall").
[1] https://cs.chromium.org/chromium/src/ui/accessibility/platform/atk_util_auralinux_gtk2.cc?q=atk_util_auralinux_gtk2.cc&sq=package:chromium&dr&l=58
Comment 1 by thomasanderson@chromium.org
, Sep 7Status: WontFix (was: Untriaged)