906008 – www-client/chromium-113.0.5672.63: null pointer dereference in strlen() in ChromeContentRendererClient::ChromeContentRendererClient()

Bug 906008 - www-client/chromium-113.0.5672.63: null pointer dereference in strlen() in ChromeContentRendererClient::ChromeContentRendererClient()

Summary: www-client/chromium-113.0.5672.63: null pointer dereference in strlen() in Ch...

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Chromium Project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-09 06:43 UTC by Alexander Sergeyev
Modified:	2024-03-20 21:29 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info (emerge-info.txt,4.87 KB, text/plain) 2023-05-09 06:44 UTC, Alexander Sergeyev	Details
dependencies versions and use-flags (depedency-info.txt,10.73 KB, text/plain) 2023-05-09 06:45 UTC, Alexander Sergeyev	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Sergeyev 2023-05-09 06:43:43 UTC

I've just merged chromium-113.0.5672.63 and it crashes during startup on an new/empty profile. A window is opened, but the new tab is shown as crashed.

Startup log is listed below. Note that the lines are interleaved -- apparently, two processes are crashing in the same time. Chromium is built with -ggdb1 and with strip disabled, so the backtrace is readable.

[32358:310:0509/090907.725032:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:644:0509/090907.837807:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:644:0509/090907.837895:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:310:0509/090907.842799:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[32358:310:0509/090907.842864:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[32358:32358:0509/090907.851591:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled.
[32358:310:0509/090907.864516:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[32358:310:0509/090907.864620:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[32358:310:0509/090907.935984:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[32358:310:0509/090907.936035:ERROR:bus.cc(399)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
Received signal 11 SEGV_MAPERR 000000000008
#0 0x595b56026525 Received signal 11 SEGV_MAPERR 000000000008
#0 0x595b56026525 base::debug::CollectStackTrace()
#1 0x595b560097e6 base::debug::CollectStackTrace()
#1 0x595b560097e6 base::debug::StackTrace::StackTrace()
#2 0x595b56026a9b base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x772d0039d1f0 (/lib64/libc.so.6+0x381ef)
#4 0x772d0040a31a strlen
#5 0x595b55b4105d [32358:1245:0509/090908.024881:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:1245:0509/090908.024949:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:1245:0509/090908.025086:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:1245:0509/090908.025170:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[32358:1245:0509/090908.025246:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
base::debug::StackTrace::StackTrace()
#2 0x595b56026a9b base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x772d0039d1f0 (/lib64/libc.so.6+0x381ef)
#4 0x772d0040a31a strlen
#5 0x595b55b4105d std::_Rb_tree<>::_M_emplace_unique<>()
#6 0x595b5db3af72 ChromeContentRendererClient::ChromeContentRendererClient()
#7 0x595b4f2046e7 std::_Rb_tree<>::_M_emplace_unique<>()
#6 0x595b5db3af72 ChromeContentRendererClient::ChromeContentRendererClient()
#7 0x595b4f2046e7 ChromeMainDelegate::CreateContentRendererClient()
#8 0x595b54e3297d content::ContentClientInitializer::Set()
#9 0x595b54e30394 ChromeMainDelegate::CreateContentRendererClient()
#8 0x595b54e3297d content::ContentClientInitializer::Set()
#9 0x595b54e30394 content::RunZygote()
#10 0x595b54e30915 content::RunOtherNamedProcessTypeMain()
#11 0x595b54e31421 content::RunZygote()
#10 0x595b54e30915 content::ContentMainRunnerImpl::Run()
#12 0x595b54e2f02f content::RunOtherNamedProcessTypeMain()
#11 0x595b54e31421 content::RunContentProcess()
#13 0x595b54e2f4b1 content::ContentMainRunnerImpl::Run()
#12 0x595b54e2f02f content::RunContentProcess()
#13 0x595b54e2f4b1 content::ContentMain()
#14 0x595b4f20442d content::ContentMain()
#14 0x595b4f20442d ChromeMain
#15 0x772d00387790 (/lib64/libc.so.6+0x2278f)
#16 0x772d00387849 __libc_start_main
#17 0x595b4f2041f5 ChromeMain
#15 0x772d00387790 (/lib64/libc.so.6+0x2278f)
#16 0x772d00387849 __libc_start_main
#17 0x595b4f2041f5 _start
  r8: 0000000000000000  r9: 00007ffc2a9eefe0 r10: 0000595b63055868 r11: 00003c080024aee0
 r12: 00007ffc2a9ef240 r13: 00007ffc2a9ef248 r14: 0000000000000008 r15: 00007ffc2a9ef248
  di: 0000000000000008  si: 000000000000012e  bp: 00007ffc2a9ef1e0  bx: 00003c08002188a0
  dx: 0000000000000000  ax: 0000000000000008  cx: 0000000000000008  sp: 00007ffc2a9ef178
  ip: 0000772d0040a31a efl: 0000000000010297 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000008
[end of stack trace]
_start
  r8: 0000000000000000  r9: 00007ffc2a9eefe0 r10: 0000595b63055868 r11: 00003c080024aee0
 r12: 00007ffc2a9ef240 r13: 00007ffc2a9ef248 r14: 0000000000000008 r15: 00007ffc2a9ef248
  di: 0000000000000008  si: 000000000000012e  bp: 00007ffc2a9ef1e0  bx: 00003c08002188a0
  dx: 0000000000000000  ax: 0000000000000008  cx: 0000000000000008  sp: 00007ffc2a9ef178
  ip: 0000772d0040a31a efl: 0000000000010297 cgf: 002b000000000033 erf: 0000000000000004
 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000008
[end of stack trace]


Reproducible: Always




Version, use flags of chromium:

www-client/chromium:113.0.5672.63 X cups custom-cflags pic proprietary-codecs system-harfbuzz system-icu vaapi-cpu_flags_arm_neon-gtk4-headless-l10n_af-l10n_ar-l10n_bn-l10n_cs-l10n_de-l10n_en-GB-l10n_es-419-l10n_fa-l10n_fil-l10n_gu-l10n_hi-l10n_hu-l10n_it-l10n_kn-l10n_lt-l10n_ml-l10n_ms-l10n_nl-l10n_pt-BR-l10n_ro-l10n_sk-l10n_sr-l10n_sw-l10n_te-l10n_tr-l10n_ur-l10n_zh-CN-libcxx-official-pgo-qt5-selinux-system-av1-system-png-widevine

Emerge info and version of dependencies are attached as files.

Comment 1 Alexander Sergeyev 2023-05-09 06:44:08 UTC

Created attachment 861370 [details]
emerge --info

Comment 2 Alexander Sergeyev 2023-05-09 06:45:18 UTC

Created attachment 861371 [details]
dependencies versions and use-flags

Comment 3 Alexander Sergeyev 2023-05-09 06:48:31 UTC

I'll try clang (libcxx use-flag) and -ggdb2 to get line info.

Comment 4 Alexander Sergeyev 2023-05-09 12:44:30 UTC

> I'll try clang (libcxx use-flag) and -ggdb2 to get line info.

chromium[libcxx] does not crash.

Comment 5 Alexander Sergeyev 2023-05-10 06:32:39 UTC

-ggdb2 is too much for linking, I'm getting "relocation truncated to fit: R_X86_64_32 against `.debug_info'". So, no line info for the gcc-build.


python3.11 "../../build/toolchain/gcc_link_wrapper.py" --output="./v8_context_snapshot_generator" -- x86_64-pc-linux-gnu-g++ -Wl,--build-id -fPIC -Wl,-z,noexecstack -Wl,-z,r
elro -Wl,-z,now -rdynamic -Wl,-z,defs -Wl,--as-needed -pie -Wl,--disable-new-dtags -Wl,-z,now -Wl,-z,relro -Wl,-O1 -Wl,--as-needed -o "./v8_context_snapshot_generator" -Wl,-
-start-group @"./v8_context_snapshot_generator.rsp"  -Wl,--end-group  -latomic -ldl -lpthread -lrt -lgmodule-2.0 -lglib-2.0 -lgobject-2.0 -lgthread-2.0 -licui18n -licuuc -li
cudata -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lz -lresolv -lgio-2.0 -ljpeg -lxml2 -lxslt -lwebpdemux -lwebpmux -lwebp -lfreetype -lexpat -lfontconfig -lharfbuzz-
subset -lharfbuzz -lopenh264 -lm -lX11 -lXcomposite -lXdamage -lXext -lXfixes -lXrender -lXrandr -lXtst -ldrm -lxcb -lxkbcommon -lgbm -lXi -lpci -latk-1.0 -latk-bridge-2.0 -
lre2 -lpangocairo-1.0 -lpango-1.0 -lcairo -lasound -lFLAC -ldbus-1 -latspi 
obj/third_party/blink/renderer/core/core/ng_flex_layout_algorithm.o:(.debug_loclists+0x1dda): relocation truncated to fit: R_X86_64_32 against `.debug_info'

Comment 6 Matt Jolly gentoo-dev

2024-03-20 21:29:35 UTC

Hm.

Good news - we're currently forcing clang which masks this issue entirely. Until upstream fixes the issues with blink (etc) that were introduced with 120.

Bad news - I have no idea if this was fixed upstream and no easy way to test a modern version of Chromium built with GCC.