683154 – www-client/firefox-{60.6.1,66.0.3} fails to build with "-mfunction-return=thunk -mindirect-branch=thunk" flags due to elf hack: malloc(): corrupted top size

Bug 683154 - www-client/firefox-{60.6.1,66.0.3} fails to build with "-mfunction-return=thunk -mindirect-branch=thunk" flags due to elf hack: malloc(): corrupted top size

Summary: www-client/firefox-{60.6.1,66.0.3} fails to build with "-mfunction-return=thu...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	Normal normal (vote)
Assignee:	Mozilla Gentoo Team

URL:	https://bugzilla.mozilla.org/show_bug...
Whiteboard:
Keywords:	InOverlay

Depends on:
Blocks:

Reported:	2019-04-12 13:24 UTC by Arfrever Frehtes Taifersar Arahesis
Modified:	2019-07-25 16:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
firefox-66.0.3:20190412-015523.log.xz (firefox-66.0.3:20190412-015523.log.xz,413.66 KB, application/x-xz) 2019-04-12 13:26 UTC, Arfrever Frehtes Taifersar Arahesis	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arfrever Frehtes Taifersar Arahesis 2019-04-12 13:24:42 UTC

33:09.24 gmake[4]: Entering directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.24 build/unix/elfhack/test-ctors.o
33:09.25 /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -o test-ctors.o -c  -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/system_wrappers -include /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/config/gcc_hidden.h -DNDEBUG=1 -DTRIMMED=1 -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/build/unix/elfhack -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/include -I/usr/include/nspr -I/usr/include/nss -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/include/nss -I/usr/include/pixman-1 -fPIC -include /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/mozilla-config.h -DMOZILLA_CLIENT -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -march=westmere -mfunction-return=thunk -mindirect-branch=thunk -pipe -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-aliasing -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -freorder-blocks -O2 -fomit-frame-pointer -funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-security -Wformat-overflow=2  -MD -MP -MF .deps/test-ctors.o.pp  -fdiagnostics-color -fno-lto /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/build/unix/elfhack/test-ctors.c
33:09.25 gmake[4]: Leaving directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.25 gmake[4]: Entering directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.25 build/unix/elfhack/test-array.o
33:09.25 /usr/bin/x86_64-pc-linux-gnu-gcc -std=gnu99 -o test-array.o -c  -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/system_wrappers -include /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/config/gcc_hidden.h -DNDEBUG=1 -DTRIMMED=1 -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/build/unix/elfhack -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/include -I/usr/include/nspr -I/usr/include/nss -I/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/include/nss -I/usr/include/pixman-1 -fPIC -include /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/mozilla-config.h -DMOZILLA_CLIENT -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -march=westmere -mfunction-return=thunk -mindirect-branch=thunk -pipe -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-aliasing -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -freorder-blocks -O2 -fomit-frame-pointer -funwind-tables -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wduplicated-cond -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-security -Wformat-overflow=2  -MD -MP -MF .deps/test-array.o.pp  -fdiagnostics-color -fno-lto /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/build/unix/elfhack/test-array.c
33:09.25 gmake[4]: Leaving directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.39 gmake[4]: Entering directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.39 /usr/bin/x86_64-pc-linux-gnu-g++ -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Wall -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wc++1z-compat -Wduplicated-cond -Wimplicit-fallthrough -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-security -Wformat-overflow=2 -fno-sized-deallocation -march=westmere -mfunction-return=thunk -mindirect-branch=thunk -pipe -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns -fno-schedule-insns2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -fexceptions -freorder-blocks -O2 -fomit-frame-pointer -funwind-tables  -fPIC -shared -Wl,-z,defs -Wl,--gc-sections -Wl,-h,test-array.so -o test-array.so  -lpthread -Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0 -Wl,--gc-sections -Wl,--sort-common -Wl,-z,now -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags -Wl,--compress-debug-sections=zlib -fuse-ld=bfd -Wl,-z,noexecstack -Wl,-z,text -Wl,-z,relro -Wl,-z,nocopyreloc -Wl,-Bsymbolic-functions -Wl,-rpath-link,/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/bin -Wl,-rpath-link,/usr/lib   -fdiagnostics-color test-array.o -nostartfiles
33:09.39 ===
33:09.39 === If you get failures below, please file a bug describing the error
33:09.39 === and your environment (compiler and linker versions), and
33:09.40 === provide the pre-elfhacked library as an attachment.
33:09.40 === Use --disable-elf-hack until this is fixed.
33:09.40 ===
33:09.40 # Fail if the library doesn't have INIT_ARRAY .dynamic info
33:09.40 readelf -d test-array.so | grep '(INIT_ARRAY)'
33:09.40  0x0000000000000019 (INIT_ARRAY)         0x9de0
33:09.40 /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack/elfhack -b -f test-array.so
33:09.40 test-array.so: malloc(): corrupted top size
33:09.40 gmake[4]: *** [Makefile:28: test-array.so] Aborted
33:09.40 gmake[4]: Leaving directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.40 gmake[4]: *** Waiting for unfinished jobs....
33:09.40 gmake[4]: Entering directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.40 /usr/bin/x86_64-pc-linux-gnu-g++ -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Wall -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wc++1z-compat -Wduplicated-cond -Wimplicit-fallthrough -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-security -Wformat-overflow=2 -fno-sized-deallocation -march=westmere -mfunction-return=thunk -mindirect-branch=thunk -pipe -fno-delete-null-pointer-checks -fno-lifetime-dse -fno-schedule-insns -fno-schedule-insns2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-sections -fno-math-errno -pthread -pipe -fexceptions -freorder-blocks -O2 -fomit-frame-pointer -funwind-tables  -fPIC -shared -Wl,-z,defs -Wl,--gc-sections -Wl,-h,test-ctors.so -o test-ctors.so  -lpthread -Wl,-O1 -Wl,--as-needed -Wl,--defsym=__gentoo_check_ldflags__=0 -Wl,--gc-sections -Wl,--sort-common -Wl,-z,now -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags -Wl,--compress-debug-sections=zlib -fuse-ld=bfd -Wl,-z,noexecstack -Wl,-z,text -Wl,-z,relro -Wl,-z,nocopyreloc -Wl,-Bsymbolic-functions -Wl,-rpath-link,/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/dist/bin -Wl,-rpath-link,/usr/lib   -fdiagnostics-color test-ctors.o -nostartfiles
33:09.40 ===
33:09.40 === If you get failures below, please file a bug describing the error
33:09.40 === and your environment (compiler and linker versions), and
33:09.40 === provide the pre-elfhacked library as an attachment.
33:09.40 === Use --disable-elf-hack until this is fixed.
33:09.41 ===
33:09.41 # Fail if the library doesn't have INIT .dynamic info
33:09.41 readelf -d test-ctors.so | grep '(INIT)'
33:09.41  0x000000000000000c (INIT)               0x5000
33:09.41 /var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack/elfhack -b -f test-ctors.so
33:09.41 test-ctors.so: malloc(): corrupted top size
33:09.41 gmake[4]: *** [Makefile:28: test-ctors.so] Aborted
33:09.41 gmake[4]: Leaving directory '/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/ff/build/unix/elfhack'
33:09.41 gmake[3]: *** [/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/config/recurse.mk:101: build/unix/elfhack/libs] Error 2
33:09.41 gmake[2]: *** [/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/config/recurse.mk:34: libs] Error 2
33:09.41 gmake[1]: *** [/var/tmp/portage/www-client/firefox-66.0.3/work/firefox-66.0.3/config/rules.mk:415: default] Error 2
33:09.41 gmake: *** [client.mk:125: build] Error 2
33:09.44 10 compiler warnings present.
 * ERROR: www-client/firefox-66.0.3::gentoo failed (compile phase):
 *   (no error message)
 * 
 * Call stack:
 *     ebuild.sh, line 124:  Called src_compile
 *   environment, line 5202:  Called die
 * The specific snippet of code:
 *       MOZ_MAKE_FLAGS="${MAKEOPTS} -O" SHELL="${SHELL:-${EPREFIX}/bin/bash}" MOZ_NOSPAM=1 ${_virtx} ./mach build --verbose || die


Using of -mfunction-return=thunk -mindirect-branch=thunk flags in CFLAGS / CXXFLAGS is required to reproduce this bug.
These flags are used for mitigation of Spectre vulnerability (variant 2).

Summary of available flags for mitigation of Spectre vulnerability (variant 2):
GCC (firstly released in 8, later backported to 7.3, 6.5): -mfunction-return=thunk -mindirect-branch=thunk -mindirect-branch-register
Clang (>=7): -mretpoline

Comment 1 Arfrever Frehtes Taifersar Arahesis 2019-04-12 13:26:13 UTC

Created attachment 572562 [details]
firefox-66.0.3:20190412-015523.log.xz

Comment 2 Arfrever Frehtes Taifersar Arahesis 2019-04-23 15:25:27 UTC

Upstream fixes:
https://hg.mozilla.org/mozilla-central/rev/04eccd9f23a1
https://hg.mozilla.org/mozilla-central/rev/09240f7397c1

Comment 3 Jory A. Pratt gentoo-dev

2019-04-24 10:59:37 UTC

I have rolled updated patchsets for esr and 67.0, the esr patchset wont be applied until the update which will happen in about 10 days or so. If you need them sooner, tb in the mozilla overlay uses the new patchset, you would have to either add the patches locally for firefox-60.x or patch an ebuild in overlay to update to the new patchset.

Comment 4 Arfrever Frehtes Taifersar Arahesis 2019-04-24 19:39:53 UTC

https://gitweb.gentoo.org/proj/mozilla.git/commit/?id=44d81d36170b55a473c0fc6c05cff0cd4e67c09b

commit 44d81d36170b55a473c0fc6c05cff0cd4e67c09b
Author:     Jory Pratt <anarchy@gentoo.org>
AuthorDate: 2019-04-24 10:06:39 +0000
Commit:     Jory Pratt <anarchy@gentoo.org>
CommitDate: 2019-04-24 10:06:39 +0000

    www-client/firefox: version bump 67.0b13
    
    Package-Manager: Portage-2.3.64, Repoman-2.3.12
    Signed-off-by: Jory Pratt <anarchy@gentoo.org>

https://gitweb.gentoo.org/proj/mozilla.git/commit/?id=15c4c05b7eaf5dbd26f2c8b0f96396ea79515612

commit 15c4c05b7eaf5dbd26f2c8b0f96396ea79515612
Author:     Jory Pratt <anarchy@gentoo.org>
AuthorDate: 2019-04-24 10:56:11 +0000
Commit:     Jory Pratt <anarchy@gentoo.org>
CommitDate: 2019-04-24 10:56:11 +0000

    mail-client/thunderbird: more elf fixes
    
    Package-Manager: Portage-2.3.64, Repoman-2.3.12
    Signed-off-by: Jory Pratt <anarchy@gentoo.org>

Comment 5 Arfrever Frehtes Taifersar Arahesis 2019-04-24 19:42:47 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cd270da0da24b11fb1ebda191c55aa58be42ee7

commit 7cd270da0da24b11fb1ebda191c55aa58be42ee7
Author:     Jory Pratt <anarchy@gentoo.org>
AuthorDate: 2019-04-24 15:29:25 +0000
Commit:     Jory Pratt <anarchy@gentoo.org>
CommitDate: 2019-04-24 15:29:25 +0000

    mail-client/thunderbird: elfhack build fixes
    
    Package-Manager: Portage-2.3.64, Repoman-2.3.12
    Signed-off-by: Jory Pratt <anarchy@gentoo.org>

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c45ad732da268bdeb9e2755655e16cbb16cca591

commit c45ad732da268bdeb9e2755655e16cbb16cca591
Author:     Jory Pratt <anarchy@gentoo.org>
AuthorDate: 2019-04-24 15:30:36 +0000
Commit:     Jory Pratt <anarchy@gentoo.org>
CommitDate: 2019-04-24 15:30:36 +0000

    www-client/firefox: elfhack build fixes
    
    Package-Manager: Portage-2.3.64, Repoman-2.3.12
    Signed-off-by: Jory Pratt <anarchy@gentoo.org>

Comment 6 Jory A. Pratt gentoo-dev

2019-07-25 16:46:21 UTC

Fixed in both esr branch and testing, thanks for reporting and working with upstream to fix.