extensions_unittests failing under UBsan with invalid dereference of LazyThreadControllerForTest::message_loop_ |
||
Issue descriptionExample build: https://ci.chromium.org/buildbot/chromium.clang/ToTLinuxUBSanVptr/4504 Example error: ../../base/task/sequence_manager/test/lazy_thread_controller_for_test.cc:122:42: runtime error: member call on address 0x224321dcc0c0 which does not point to an object of type 'base::MessageLoop' 0x224321dcc0c0: note: object has invalid vptr 00 00 00 00 73 3e e9 70 be dd ff ff 73 dd ed 70 be dd ff ff 2e 6f 72 67 2e 63 68 72 6f 6d 69 75 ^~~~~~~~~~~~~~~~~~~~~~~ invalid vptr I'm guessing the MessageLoop object has been free'd. There seems to be other code in the class taking that into account, e.g. here: // We can't use message_loop_->IsBoundToCurrentThread as |message_loop_| // might be deleted. if (MessageLoopCurrent::Get()->ToMessageLoopDeprecated() != message_loop_) return; Perhaps doing the same in RestoreDefaultTaskRunner() will fix things.
,
Nov 8
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/456606968d26b7c6f239949decb8795a2c6a78fb commit 456606968d26b7c6f239949decb8795a2c6a78fb Author: Hans Wennborg <hans@chromium.org> Date: Thu Nov 08 17:41:25 2018 Fix invalid vptr reference in LazyThreadControllerForTest::RestoreDefaultTaskRunner() This was causing extensions_unittests to fail under UBSan, see bug. Bug: 903339 Change-Id: Ie7d80297d85668e3ba72d0c92467bcf6975fce19 Reviewed-on: https://chromium-review.googlesource.com/c/1326508 Commit-Queue: Hans Wennborg <hans@chromium.org> Commit-Queue: Alexander Timin <altimin@chromium.org> Reviewed-by: Alexander Timin <altimin@chromium.org> Cr-Commit-Position: refs/heads/master@{#606521} [modify] https://crrev.com/456606968d26b7c6f239949decb8795a2c6a78fb/base/task/sequence_manager/test/lazy_thread_controller_for_test.cc
,
Nov 9
|
||
►
Sign in to add a comment |
||
Comment 1 by h...@chromium.org
, Nov 8Status: Started (was: Assigned)