Closed
Bug 1418021
Opened 7 years ago
Closed 7 years ago
UBSan: null pointer passed as argument 2, which is declared to never be null [@ ssl3_HandleServerHello]
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.35
People
(Reporter: tsmith, Assigned: franziskus)
References
Details
(Keywords: csectype-undefined)
Attachments
(1 file)
This error is triggered by opening https://browserleaks.com/canvas when Firefox is built with: -fsanitize=nonnull-attribute /mozilla-central/security/nss/lib/ssl/ssl3con.c:6831:30: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:64:33: note: nonnull attribute specified here #0 0x7f8649780311 in ssl3_HandleServerHello /mozilla-central/security/nss/lib/ssl/ssl3con.c:6831:13 #1 0x7f864977c3ec in ssl3_HandleHandshakeMessage /mozilla-central/security/nss/lib/ssl/ssl3con.c:11876:18 #2 0x7f864978783c in ssl3_HandleHandshake /mozilla-central/security/nss/lib/ssl/ssl3con.c:12068:18 #3 0x7f8649781f2d in ssl3_HandleRecord /mozilla-central/security/nss/lib/ssl/ssl3con.c:12858:22 #4 0x7f86497b26e4 in ssl3_GatherCompleteHandshake /mozilla-central/security/nss/lib/ssl/ssl3gthr.c:518:22 #5 0x7f86497c3f79 in SSL_ForceHandshake /mozilla-central/security/nss/lib/ssl/sslsecur.c:403:24 #6 0x7f862365477b in nsNSSSocketInfo::DriveHandshake() /mozilla-central/security/manager/ssl/nsNSSIOLayer.cpp:423:18 #7 0x7f8618d893bd in mozilla::net::nsHttpConnection::EnsureNPNComplete(nsresult&, unsigned int&) /mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:481:19 #8 0x7f8618d8b8ff in mozilla::net::nsHttpConnection::OnSocketWritable() /mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:1786:21 #9 0x7f8618d8f048 in mozilla::net::nsHttpConnection::OnOutputStreamReady(nsIAsyncOutputStream*) /mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:2312:19 #10 0x7f8618d97b4c in non-virtual thunk to mozilla::net::nsHttpConnection::OnOutputStreamReady(nsIAsyncOutputStream*) /mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp #11 0x7f861839c39f in mozilla::net::nsSocketOutputStream::OnSocketReady(nsresult) /mozilla-central/netwerk/base/nsSocketTransport2.cpp:563:19 #12 0x7f86183a67fd in mozilla::net::nsSocketTransport::OnSocketReady(PRFileDesc*, short) /mozilla-central/netwerk/base/nsSocketTransport2.cpp:2199:21 #13 0x7f86183b54fd in mozilla::net::nsSocketTransportService::DoPollIteration(mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) /mozilla-central/netwerk/base/nsSocketTransportService2.cpp:1193:29 #14 0x7f86183b3b6c in mozilla::net::nsSocketTransportService::Run() /mozilla-central/netwerk/base/nsSocketTransportService2.cpp:947:13 #15 0x7f86183b602c in non-virtual thunk to mozilla::net::nsSocketTransportService::Run() /mozilla-central/netwerk/base/nsSocketTransportService2.cpp #16 0x7f8618151309 in nsThread::ProcessNextEvent(bool, bool*) /mozilla-central/xpcom/threads/nsThread.cpp:1037:14 #17 0x7f8618189f91 in NS_ProcessNextEvent(nsIThread*, bool) /mozilla-central/xpcom/threads/nsThreadUtils.cpp:513:10 #18 0x7f86192b8f43 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /mozilla-central/ipc/glue/MessagePump.cpp:334:20 #19 0x7f8619139c40 in MessageLoop::Run() /mozilla-central/ipc/chromium/src/base/message_loop.cc:299:3 #20 0x7f861814d84f in nsThread::ThreadFunc(void*) /mozilla-central/xpcom/threads/nsThread.cpp:425:11 #21 0x7f864a870d2d in _pt_root /mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:216:5 #22 0x7f864e06f7fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb) #23 0x7f864d09db0e in clone /build/glibc-CxtIbX/glibc-2.26/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Comment 1•7 years ago
|
||
Comment on attachment 8929350 [details] Bug 1418021 - check sidBytes item for NULL before copying, r=ttaubert Tim Taubert [:ttaubert] has approved the revision. https://phabricator.services.mozilla.com/D253#6067
Attachment #8929350 -
Flags: review+
Assignee | ||
Comment 2•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/6121674fd16307c05c4a1ffc1a3267796008d152
Assignee: nobody → franziskuskiefer
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.35
You need to log in
before you can comment on or make changes to this bug.
Description
•