83511 – Firefox 1.0 and 1.0.1 segfault if -fstack-protector is in CFLAGS

Bug 83511 - Firefox 1.0 and 1.0.1 segfault if -fstack-protector is in CFLAGS

Summary: Firefox 1.0 and 1.0.1 segfault if -fstack-protector is in CFLAGS

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal (vote)
Assignee:	Mozilla Gentoo Team

URL:
Whiteboard:
Keywords:

Duplicates (2):	66028 136329 (view as bug list)
Depends on:
Blocks:	83484
	Show dependency tree

Reported:	2005-02-27 17:37 UTC by Carlos Silva (RETIRED)
Modified:	2008-03-27 20:20 UTC (History)
CC List:	7 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Log of firefox-bin running in valgrind (firefox.pid27655.1,36.48 KB, text/plain) 2005-04-04 01:35 UTC, Olivier Castan	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos Silva (RETIRED) gentoo-dev

2005-02-27 17:37:06 UTC

after recompiling firefox (versions 1.0-rX and today 1.0.1) they all segfault if -fstack-protector is it CFLAGS

Reproducible: Always
Steps to Reproduce:
1. Add -fstack-protector to CFLAGS in /etc/make.conf
2. emerge mozilla-firefox
3. firefox

Actual Results:  
r3pek@trinity r3pek $ firefox
No running windows found
/usr/bin/firefox: line 415: 28858 Segmentation fault      $mozbin "$@"


Expected Results:  
firefox should run

r3pek@trinity r3pek $ emerge info
Portage 2.0.51-r15 (default-linux/amd64/2004.3, gcc-3.4.3,
glibc-2.3.4.20050125-r0, 2.6.10-gentoo-r7 x86_64)
=================================================================
System uname: 2.6.10-gentoo-r7 x86_64 AMD Athlon(tm) 64 Processor 3400+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb  9 2005, 01:35:43)]
dev-lang/python:     2.3.4-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CFLAGS="-march=athlon64 -O2 -pipe -fPIC -fomit-frame-pointer -fstack-protector"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon64 -O2 -pipe -fPIC -fomit-frame-pointer -fstack-protector"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig candy ccache distlocks sandbox"
GENTOO_MIRRORS="ftp://ftp.rnl.ist.utl.pt/gentoo/        
ftp://gentoo-pt.org/pub/gentoo/         http://gentoo.felisberto.net/        
http://darkstar.ist.utl.pt/gentoo/ "
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo-pt.org/gentoo-portage"
USE="amd64 X acpi alsa avi bash-completion berkdb bitmap-fonts bluetooth
bootsplash bzlib cddb cdr crypt curl divx4linux dvd dvdr dvdread esd ethereal
f77 fam fastcgi fbcon flac font-server fortran ftp gif gkrellm gphoto2 gpm gtk
gtk2 hal imagemagick imap imlib imlib2 innodb ipv6 java jp2 jpeg lzw lzw-tiff
mad motif mp3 mpeg multilib ncurses nls nntp nptl nptlonly nvidia oggvorbis
openal opengl oss perl png python qt readline samba sms spell ssl stats tcltk
tcpd tiff truetype truetype-fonts type1-fonts unicode usb userlocales videos
winbind xine xml xml2 xmms xpm xrandr xv xvid zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS

Comment 1 Olivier Castan 2005-02-28 02:07:23 UTC

Same problem on x86 arch but not ppc...

Comment 2 George L. Emigh 2005-03-14 17:18:32 UTC

I'm on Amd64, same problem, removed -fstack-protector, reemerged and it works ok now.

George

Comment 3 Aron Griffis (RETIRED) gentoo-dev

2005-03-23 18:46:58 UTC

Thanks, fixed in mozconfig.eclass

http://www.gentoo.org/cgi-bin/viewcvs.cgi/eclass/mozconfig.eclass?r1=1.8&r2=1.9

Comment 4 solar (RETIRED) gentoo-dev

2005-03-31 08:37:21 UTC

<-- me dislikes this bug.

Anybody have an idea why exactly mozilla segfaults when built with ssp?
How about a core and gdb backtrace?

Comment 5 Olivier Castan 2005-04-04 01:35:02 UTC

Created attachment 55253 [details]
Log of firefox-bin running in valgrind

Here is what happens with the hardened USE flag set (hardened toolchain built)
on a x86 (amd) box :
- firefox does not always segfault, it segfaults when I move/delete ~/.mozilla
folder
- after a first run a ~/.mozilla folder is created and firefox just exits
without creating any window and exit code 1
- gdb backtrace is useless hundreds of dead entries, looks like the stack is
completely messed up
- I've rebuild a lot of dependencies (glibc, glib, gtk, pango,...) without
stripping, with "-g3" in CFLAGS and the debug USE flag, here is the output and
valgrind output as a attachment :


$ rm -rf ~/.mozilla


$ firefox
No running windows found
Type Manifest File: /usr/lib/MozillaFirefox/components/xpti.dat
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: SelfRegisterDll(libgklayout.so) Load FAILED with
error: /usr/lib/MozillaFirefox/components/libgklayout.so: undefined symbol:
cairo_set_target_drawable(_cairo*, _XDisplay*, unsigned long)
*** Registering nsBrowserCompsModule components (all right -- a generic
module!)nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
Could not write out perisistant registry!
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

No Persistent Registry Found.
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

Type Manifest File: /home/olivier/.mozilla/firefox/ukylt5h0.default/xpti.dat
nsNativeComponentLoader: autoregistering begins.
*** Registering docshell_provider components (all right -- a generic module!)
*** Registering nsSystemPrefModule components (all right -- a generic module!)
*** Registering XRemoteServiceModule components (all right -- a generic
module!)*** Registering nsToolkitCompsModule components (all right -- a generic
module!)*** Registering application components (all right -- a generic module!)

*** Registering xpconnect components (all right -- a generic module!)
*** Registering xpconnect_test components (all right -- a generic module!)
*** Registering necko_core_and_primary_protocols components (all right -- a
generic module!)
*** Registering nsCJVMManagerModule components (all right -- a generic module!)

nsNativeComponentLoader: SelfRegisterDll(libgklayout.so) Load FAILED with
error: /usr/lib/MozillaFirefox/components/libgklayout.so: undefined symbol:
cairo_set_target_drawable(_cairo*, _XDisplay*, unsigned long)
*** Registering nsChromeModule components (all right -- a generic module!)
*** Registering XRemoteClientModule components (all right -- a generic module!)

*** Registering nsRDFModule components (all right -- a generic module!)
*** Registering nsSampleModule components (all right -- a generic module!)
*** Registering nsMorkModule components (all right -- a generic module!)
*** Registering nsUCvMathModule components (all right -- a generic module!)
*** Registering nsUConvModule components (all right -- a generic module!)
*** Registering nsJarModule components (all right -- a generic module!)
*** Registering Browser_Embedding_Module components (all right -- a generic
module!)
*** Registering nsAutoConfigModule components (all right -- a generic module!)
*** Registering embedcomponents components (all right -- a generic module!)
*** Registering necko_secondary_protocols components (all right -- a generic
module!)
*** Registering nsGfxPSModule components (all right -- a generic module!)
*** Registering nsPluginModule components (all right -- a generic module!)
*** Registering nsComposerModule components (all right -- a generic module!)
*** Registering BOOT components (all right -- a generic module!)
*** Registering nsWidgetGtk2Module components (all right -- a generic module!)
*** Registering nsFindComponent components (all right -- a generic module!)
*** Registering MyService components (all right -- a generic module!)
*** Registering nsUniversalCharDetModule components (all right -- a generic
module!)
*** Registering nsTestDynamicModule components (all right -- a generic module!)

*** Registering nsWebServicesModule components (all right -- a generic module!)

*** Registering nsSecurityManagerModule components (all right -- a generic
module!)
*** Registering mozgnome components (all right -- a generic module!)
*** Registering nsInspectorModule components (all right -- a generic module!)
*** Registering TransformiixModule components (all right -- a generic module!)
*** Registering nsGfxGTKModule components (all right -- a generic module!)
*** Registering nsEditorModule components (all right -- a generic module!)
*** Registering nsPrefModule components (all right -- a generic module!)
*** Registering nsTransactionManagerModule components (all right -- a generic
module!)
*** Registering nsI18nModule components (all right -- a generic module!)
*** Registering nsXMLExtrasModule components (all right -- a generic module!)
*** Registering nsImageLib2Module components (all right -- a generic module!)
*** Registering nsFileViewModule components (all right -- a generic module!)
*** Registering nsBrowserCompsModule components (all right -- a generic
module!)*** Registering xpcomObsoleteModule components (all right -- a generic
module!)
*** Registering nsGnomeVFSModule components (all right -- a generic module!)
*** Registering nsCookieModule components (all right -- a generic module!)
*** Registering WSPProxyTestModule components (all right -- a generic module!)
*** Registering nsParserModule components (all right -- a generic module!)
*** Registering appshell components (all right -- a generic module!)
*** Registering NSS components (all right -- a generic module!)
*** Registering nsAccessibilityModule components (all right -- a generic
module!)
*** Registering PKI components (all right -- a generic module!)
*** Registering nsSoftwareUpdate components (all right -- a generic module!)
*** Registering nsGfxXprintModule components (all right -- a generic module!)
nsNativeComponentLoader: autoregistering succeeded
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

*** Deferring registration of sample JS components
nNCL: registering deferred (0)
*** Registering sample JS components
nNCL: registering deferred (0)
nNCL: registering deferred (0)
nNCL: registering deferred (0)
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: SelfRegisterDll(libgklayout.so) Load FAILED with
error: /usr/lib/MozillaFirefox/components/libgklayout.so: undefined symbol:
cairo_set_target_drawable(_cairo*, _XDisplay*, unsigned long)
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
WARNING: dependent window created without a parent, file nsWindowCreator.cpp,
line 128
GFX: dpi=96 t2p=0,0666667 p2t=15 depth=24
++WEBSHELL == 1
WARNING: NS_ENSURE_TRUE(factory) failed, file nsDocShell.cpp, line 7083
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(EnsureScriptEnvironment())) failed, file
nsWebShell.cpp, line 299
WARNING: NS_ENSURE_TRUE(factory) failed, file nsDocShell.cpp, line 7083
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(EnsureScriptEnvironment())) failed, file
nsWebShell.cpp, line 290
++WEBSHELL == 2
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsWebShellWindow.cpp,
line 327
###!!! ASSERTION: HiddenWindow not created: 'NS_SUCCEEDED(rv)', file
nsAppShellService.cpp, line 486
Break: at file nsAppShellService.cpp, line 486
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsAppRunner.cpp, line
1826
WARNING: NS_ENSURE_TRUE(factory) failed, file nsDocShell.cpp, line 7083
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(EnsureScriptEnvironment())) failed, file
nsWebShell.cpp, line 299
###!!! ASSERTION: null parameter: 'aSource', file
../../../dist/include/xpcom/nsISupportsUtils.h, line 221
Break: at file ../../../dist/include/xpcom/nsISupportsUtils.h, line 221

Program /usr/lib/MozillaFirefox/firefox-bin (pid = 16098) received signal 11.
Stack:
nsProfileLock::FatalSignalHandler(int)+0x00000139
[/usr/lib/MozillaFirefox/firefox-bin +0x00027199]
UNKNOWN 0xffffe420
unsigned int CallQueryInterface<nsIDOMWindowInternal,
nsISupports>(nsCOMPtr<nsIDOMWindowInternal>&, nsISupports**)+0x0000002C
[/usr/lib/MozillaFirefox/components/libnsappshell.so +0x00047C8C]
UNKNOWN [/usr/lib/MozillaFirefox/components/libnsappshell.so +0x00046C83]
XPTC_InvokeByIndex+0x00000029 [/usr/lib/MozillaFirefox/libxpcom.so +0x00105DE9]

XPCWrappedNative::CallMethod(XPCCallContext&,
XPCWrappedNative::CallMode)+0x000008D3
[/usr/lib/MozillaFirefox/components/libxpconnect.so +0x00071513]
XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*)+0x00000177
[/usr/lib/MozillaFirefox/components/libxpconnect.so +0x00077A07]
js_Invoke+0x00000ACF [/usr/lib/MozillaFirefox/libmozjs.so +0x0004F1AF]
js_Interpret+0x0000757D [/usr/lib/MozillaFirefox/libmozjs.so +0x0004691D]
js_Invoke+0x00000CAB [/usr/lib/MozillaFirefox/libmozjs.so +0x0004F38B]
UNKNOWN [/usr/lib/MozillaFirefox/components/libxpconnect.so +0x0006A539]
UNKNOWN [/usr/lib/MozillaFirefox/components/libxpconnect.so +0x00063657]
UNKNOWN [/usr/lib/MozillaFirefox/libxpcom.so +0x00106AC1]
UNKNOWN [/usr/lib/MozillaFirefox/components/libnsappshell.so +0x00041BFA]
UNKNOWN [/usr/lib/MozillaFirefox/libxpcom.so +0x000820FB]
nsXREDirProvider::DoShutdown()+0x0000014E [/usr/lib/MozillaFirefox/firefox-bin
+0x0001FAAE]
ScopedXPCOMStartup::~ScopedXPCOMStartup()+0x00000030
[/usr/lib/MozillaFirefox/firefox-bin +0x000106E0]
xre_main(int, char**, nsXREAppData const*)+0x000002F9
[/usr/lib/MozillaFirefox/firefox-bin +0x00014B09]
main+0x00000034 [/usr/lib/MozillaFirefox/firefox-bin +0x00010434]
__libc_start_main+0x000000F0 [/lib/tls/libc.so.6 +0x00014FB0]
Sleeping for 5 minutes.
Type 'gdb /usr/lib/MozillaFirefox/firefox-bin 16098' to attach your debugger to
this thread.
Done sleeping...
firefox-bin exited with non-zero status (11)


$ firefox
No running windows found
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

No Persistent Registry Found.
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

Type Manifest File: /home/olivier/.mozilla/firefox/ukylt5h0.default/xpti.dat
nsNativeComponentLoader: autoregistering begins.
*** Registering docshell_provider components (all right -- a generic module!)
*** Registering nsSystemPrefModule components (all right -- a generic module!)
*** Registering XRemoteServiceModule components (all right -- a generic
module!)*** Registering nsToolkitCompsModule components (all right -- a generic
module!)*** Registering application components (all right -- a generic module!)

*** Registering xpconnect components (all right -- a generic module!)
*** Registering xpconnect_test components (all right -- a generic module!)
*** Registering necko_core_and_primary_protocols components (all right -- a
generic module!)
*** Registering nsCJVMManagerModule components (all right -- a generic module!)

nsNativeComponentLoader: SelfRegisterDll(libgklayout.so) Load FAILED with
error: /usr/lib/MozillaFirefox/components/libgklayout.so: undefined symbol:
cairo_set_target_drawable(_cairo*, _XDisplay*, unsigned long)
*** Registering nsChromeModule components (all right -- a generic module!)
*** Registering XRemoteClientModule components (all right -- a generic module!)

*** Registering nsRDFModule components (all right -- a generic module!)
*** Registering nsSampleModule components (all right -- a generic module!)
*** Registering nsMorkModule components (all right -- a generic module!)
*** Registering nsUCvMathModule components (all right -- a generic module!)
*** Registering nsUConvModule components (all right -- a generic module!)
*** Registering nsJarModule components (all right -- a generic module!)
*** Registering Browser_Embedding_Module components (all right -- a generic
module!)
*** Registering nsAutoConfigModule components (all right -- a generic module!)
*** Registering embedcomponents components (all right -- a generic module!)
*** Registering necko_secondary_protocols components (all right -- a generic
module!)
*** Registering nsGfxPSModule components (all right -- a generic module!)
*** Registering nsPluginModule components (all right -- a generic module!)
*** Registering nsComposerModule components (all right -- a generic module!)
*** Registering BOOT components (all right -- a generic module!)
*** Registering nsWidgetGtk2Module components (all right -- a generic module!)
*** Registering nsFindComponent components (all right -- a generic module!)
*** Registering MyService components (all right -- a generic module!)
*** Registering nsUniversalCharDetModule components (all right -- a generic
module!)
*** Registering nsTestDynamicModule components (all right -- a generic module!)

*** Registering nsWebServicesModule components (all right -- a generic module!)

*** Registering nsSecurityManagerModule components (all right -- a generic
module!)
*** Registering mozgnome components (all right -- a generic module!)
*** Registering nsInspectorModule components (all right -- a generic module!)
*** Registering TransformiixModule components (all right -- a generic module!)
*** Registering nsGfxGTKModule components (all right -- a generic module!)
*** Registering nsEditorModule components (all right -- a generic module!)
*** Registering nsPrefModule components (all right -- a generic module!)
*** Registering nsTransactionManagerModule components (all right -- a generic
module!)
*** Registering nsI18nModule components (all right -- a generic module!)
*** Registering nsXMLExtrasModule components (all right -- a generic module!)
*** Registering nsImageLib2Module components (all right -- a generic module!)
*** Registering nsFileViewModule components (all right -- a generic module!)
*** Registering nsBrowserCompsModule components (all right -- a generic
module!)*** Registering xpcomObsoleteModule components (all right -- a generic
module!)
*** Registering nsGnomeVFSModule components (all right -- a generic module!)
*** Registering nsCookieModule components (all right -- a generic module!)
*** Registering WSPProxyTestModule components (all right -- a generic module!)
*** Registering nsParserModule components (all right -- a generic module!)
*** Registering appshell components (all right -- a generic module!)
*** Registering NSS components (all right -- a generic module!)
*** Registering nsAccessibilityModule components (all right -- a generic
module!)
*** Registering PKI components (all right -- a generic module!)
*** Registering nsSoftwareUpdate components (all right -- a generic module!)
*** Registering nsGfxXprintModule components (all right -- a generic module!)
nsNativeComponentLoader: autoregistering succeeded
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

*** Deferring registration of sample JS components
nNCL: registering deferred (0)
*** Registering sample JS components
nNCL: registering deferred (0)
nNCL: registering deferred (0)
nNCL: registering deferred (0)
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsINIParser.cpp, line 51

nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: SelfRegisterDll(libgklayout.so) Load FAILED with
error: /usr/lib/MozillaFirefox/components/libgklayout.so: undefined symbol:
cairo_set_target_drawable(_cairo*, _XDisplay*, unsigned long)
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
GFX: dpi=96 t2p=0,0666667 p2t=15 depth=24
++WEBSHELL == 1
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsWebShellWindow.cpp,
line 327
###!!! ASSERTION: HiddenWindow not created: 'NS_SUCCEEDED(rv)', file
nsAppShellService.cpp, line 486
Break: at file nsAppShellService.cpp, line 486
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file nsAppRunner.cpp, line
1826
WARNING: nsExceptionService ignoring thread destruction after shutdown, file
nsExceptionService.cpp, line 191
*** Unloading sample JS components
nsStringStats
 => mAllocCount: 4541
 => mReallocCount: 1496
 => mFreeCount: 4538
 => mShareCount: 6502
 => mAdoptCount: 1767
 => mAdoptFreeCount: 1766
firefox-bin exited with non-zero status (1)


$ rm -rf ~/.mozilla


$ valgrind -v --tool=memcheck --trace-children=yes --log-file=firefox
/usr/lib/MozillaFirefox/firefox-bin

[log with the segfault attached]

Comment 6 Olivier Castan 2005-04-06 13:57:55 UTC

In my case the first error reported in mozilla log seems to be due to bug #87420 :
$ ldd -r /usr/lib/MozillaFirefox/components/libgklayout.so
[...]
undefined symbol: _Z25cairo_set_target_drawableP6_cairoP9_XDisplaym     (/usr/lib/MozillaFirefox/components/libgklayout.so)

the function name is C++ mangled but not in /usr/lib/libcairo.so.1.0.0

Comment 7 solar (RETIRED) gentoo-dev

2005-08-02 14:20:46 UTC

I've had the filter-flags -fstack-protector commented out in my local 
mozconfig.eclass for several versions of mozilla now. 

If this bug still exists then anybody have tips on how to trigger it? 

Does this only happen when -fstack-protector is in CFLAGS aka make.conf? 
If so can we just change the filter-flags to something good like this so that 
hardened does not have to suffer. Hardened already knows that -fstack-protector
in make/conf CFLAGS is not safe and handles the exceptions correctly.


solar@simple eclass $ scanelf -Bs__guard /usr/lib/mozilla/mozilla-bin 
ET_DYN __guard /usr/lib/mozilla/mozilla-bin 
solar@simple eclass $ pidof mozilla-bin
163 3427 15261 10264

Built mozilla-1.7.10-r1 with i686-pc-linux-gnu-3.4.4 is what I have here.

CFLAGS=${CFLAGS/-fstack-protector-all/}
CFLAGS="${CFLAGS/-fstack-protector/}
CXXFLAGS=${CXXFLAGS/-fstack-protector-all/}
CXXFLAGS="${CXXFLAGS/-fstack-protector/}

Comment 8 solar (RETIRED) gentoo-dev

2005-08-02 14:23:21 UTC

The web browser is one of the most ideal attack vectors. (bypasses firwalls cuz
the user initiates the connection) All files are downloaded and usually stored
on local disk. Running in the active users context.

Comment 9 Jakub Moc (RETIRED) gentoo-dev

2005-12-23 02:17:16 UTC

*** Bug 66028 has been marked as a duplicate of this bug. ***

Comment 10 Sascha G. 2005-12-30 06:38:41 UTC

(In reply to comment #7)
> I've had the filter-flags -fstack-protector commented out in my local 
> mozconfig.eclass for several versions of mozilla now. 

I want to confirm that it works on my x86 hardened system, I'm using thunderbird 1.5rc2 without filtering the protector stuff and I see no problems whatsoever.

> If this bug still exists then anybody have tips on how to trigger it? 

A quick search on google has shown me that this problem has been gone for a while now. Firefox, Thunderbird and Mozilla should work without problems even without filtering said flags.

Comment 11 Sascha G. 2005-12-30 06:42:38 UTC

(In reply to comment #10)

> I want to confirm that it works on my x86 hardened system, I'm using
> thunderbird 1.5rc2 without filtering the protector stuff and I see no problems
> whatsoever.

I'm sorry, I have just seen too late that this is an amd64 specific bug report.
But it may be worth some testing.

Comment 12 solar (RETIRED) gentoo-dev

2005-12-30 07:13:49 UTC

For a while the mozconfig.eclass blindly filtered all fstack flags. This
caused all mozilla & friends to be built without ssp enabled which was a
very bad thing. That filter has been removed. A more proper check if
this problem still happens would be to limit that filtering to only the
apps that are known to misbehave (ie FireFox). The real problem here as
far as I could tell was that the user had -fstack-protector in CFLAGS
directly vs using something like the hardened toolchain.

Comment 13 Jakub Moc (RETIRED) gentoo-dev

2006-06-11 02:02:28 UTC

*** Bug 136329 has been marked as a duplicate of this bug. ***

Comment 14 solar (RETIRED) gentoo-dev

2006-06-11 05:33:39 UTC

attachment #88865 [details, diff] looks good to me.

Comment 15 Rob M. 2006-06-11 14:47:39 UTC

PLEASE DO NOT MERGE THE CURRENT FIX.

hold the phone on this one.

apparently, Firefox 1.5.0.4 now includes a no-textrel patch (patch 009) and now compiles fine with SSP.

checked for __guard symbols with help of solar, they are fully enabled on all object files.

hopefully similar patches will get pushed out for other Moz projects.

I'd like for other people to confirm that the fix works for them.

I think we can resolve this as FIXED if we get some input from other people that this works for them, but again, please do not merge the patch for the mozconfig eclass file as it would actually undo this, now that it is actually working (finally!).

Comment 16 Jory A. Pratt 2006-06-11 15:24:25 UTC

(In reply to comment #15)
> PLEASE DO NOT MERGE THE CURRENT FIX.
> 
> hold the phone on this one.
> 
> apparently, Firefox 1.5.0.4 now includes a no-textrel patch (patch 009) and now
> compiles fine with SSP.
> 
> checked for __guard symbols with help of solar, they are fully enabled on all
> object files.
> 
> hopefully similar patches will get pushed out for other Moz projects.
> 
> I'd like for other people to confirm that the fix works for them.
> 
> I think we can resolve this as FIXED if we get some input from other people
> that this works for them, but again, please do not merge the patch for the
> mozconfig eclass file as it would actually undo this, now that it is actually
> working (finally!).
> 

The attachment is useless we do not use mozconfig anymore we use mozcoreconf and mozconfig-2 this should all be fixed already in the ebuild.

Comment 17 Michael Schachtebeck 2008-03-27 08:24:56 UTC

I tested mozilla-firefox-2.0.0.12, mozilla-firefox-2.0.0.13 and mozilla-thunderbird-2.0.0.12 - and all compile fine with -fstack-protector (tested by removing the 6 lines following

# -fstack-protector breaks us

from the ebuild - however, using a hardened gcc-4.2.3). Could someone confirm this? It would be great if those lines could be removed from the ebuilds as the browser and the mail-client are very critical components concerning security as solar already stated above.

Comment 18 Mr. B 2008-03-27 20:20:52 UTC

(In reply to comment #17)
> I tested mozilla-firefox-2.0.0.12, mozilla-firefox-2.0.0.13 and
> mozilla-thunderbird-2.0.0.12 - and all compile fine with -fstack-protector
> (tested by removing the 6 lines following
> 
> # -fstack-protector breaks us
> 
> from the ebuild - however, using a hardened gcc-4.2.3). Could someone confirm
> this? It would be great if those lines could be removed from the ebuilds as the
> browser and the mail-client are very critical components concerning security as
> solar already stated above.
> 
I've been removing said filtering for as long as I can remember, never had any problems. Works with 4.3.0 too (not that it shouldn't...).