Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GeminiAPIBrowserTest.NewTabHasGeminiAPIAccess crashes when ASAN is enabled #11899

Closed
jumde opened this issue Sep 29, 2020 · 0 comments · Fixed by brave/brave-core#7262
Closed

Comments

@jumde
Copy link
Contributor

jumde commented Sep 29, 2020

$ npm run build -- --is_asan
$ npm run test -- brave_browser_tests --filter=GeminiAPIBrowserTest.NewTabHasGeminiAPIAccess
=================================================================
==6600==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00e423af6120 at pc 0x7ffb22c77e27 bp 0x00e423af5820 sp 0x00e423af5868
READ of size 37 at 0x00e423af6120 thread T0
==6600==*** WARNING: Failed to initialize DbgHelp!              ***
==6600==*** Most likely this means that the app is already      ***
==6600==*** using DbgHelp, possibly with incompatible flags.    ***
==6600==*** Due to technical reasons, symbolization might crash ***
==6600==*** or produce wrong results.                           ***
    #0 0x7ffb22c77e4f in _asan_wrap_strlen+0x1af (C:\bb\src\out\Component\clang_rt.asan_dynamic-x86_64.dll+0x180027e4f)
    #1 0x7ff695936d27 in ntp_widget_utils::GetCryptoRandomString C:\bb\src\brave\components\ntp_widget_utils\browser\ntp_widget_utils_oauth.cc:25
    #2 0x7ff695949090 in GeminiService::GetOAuthClientUrl C:\bb\src\brave\components\gemini\browser\gemini_service.cc:152
    #3 0x7ff6958f3c6f in extensions::api::GeminiGetClientUrlFunction::Run C:\bb\src\brave\browser\extensions\api\gemini_api.cc:40
    #4 0x7ff693a0263e in ExtensionFunction::RunWithValidation C:\bb\src\extensions\browser\extension_function.cc:442
    #5 0x7ff693a0a682 in extensions::ExtensionFunctionDispatcher::DispatchWithCallbackInternal C:\bb\src\extensions\browser\extension_function_dispatcher.cc:345
    #6 0x7ff693a097a1 in extensions::ExtensionFunctionDispatcher::Dispatch C:\bb\src\extensions\browser\extension_function_dispatcher.cc:257
    #7 0x7ff693a97c34 in extensions::ExtensionWebContentsObserver::OnRequest C:\bb\src\extensions\browser\extension_web_contents_observer.cc:311
    #8 0x7ff693a978ae in IPC::MessageT<ExtensionHostMsg_Request_Meta,std::__1::tuple<ExtensionHostMsg_Request_Params>,void>::Dispatch<extensions::ExtensionWebContentsObserver,extensions::ExtensionWebContentsObserver,content::RenderFrameHost,void (extensions::ExtensionWebContentsObserver::*)(content::RenderFrameHost *, const ExtensionHostMsg_Request_Params &)> C:\bb\src\ipc\ipc_message_templates.h:140
    #9 0x7ff693a97608 in extensions::ExtensionWebContentsObserver::OnMessageReceived C:\bb\src\extensions\browser\extension_web_contents_observer.cc:235
    #10 0x7ff699b35812 in extensions::ChromeExtensionWebContentsObserver::OnMessageReceived C:\bb\src\chrome\browser\extensions\chrome_extension_web_contents_observer.cc:94
    #11 0x7ffb2e778051 in content::WebContentsImpl::OnMessageReceived C:\bb\src\content\browser\web_contents\web_contents_impl.cc:1113
    #12 0x7ffb2d9bd2bf in content::RenderFrameHostImpl::OnMessageReceived C:\bb\src\content\browser\frame_host\render_frame_host_impl.cc:1764
    #13 0x7ffb2e1f5d13 in content::RenderProcessHostImpl::OnMessageReceived C:\bb\src\content\browser\renderer_host\render_process_host_impl.cc:3701
    #14 0x7ffb49c747c5 in IPC::ChannelProxy::Context::OnDispatchMessage C:\bb\src\ipc\ipc_channel_proxy.cc:327
    #15 0x7ffb42ec6d62 in base::TaskAnnotator::RunTask C:\bb\src\base\task\common\task_annotator.cc:142
    #16 0x7ffb42f28d42 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl C:\bb\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:332
    #17 0x7ffb42f28299 in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork C:\bb\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:252
    #18 0x7ffb4305173a in base::MessagePumpForUI::DoRunLoop C:\bb\src\base\message_loop\message_pump_win.cc:219
    #19 0x7ffb4304e1d8 in base::MessagePumpWin::Run C:\bb\src\base\message_loop\message_pump_win.cc:75
    #20 0x7ffb42f2a96f in base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run C:\bb\src\base\task\sequence_manager\thread_controller_with_message_pump_impl.cc:446
    #21 0x7ffb42e50a6a in base::RunLoop::Run C:\bb\src\base\run_loop.cc:124
    #22 0x7ff697711f24 in content::DOMMessageQueue::WaitForMessage C:\bb\src\content\public\test\browser_test_utils.cc:2466
    #23 0x7ff6977096c7 in content::`anonymous namespace'::ExecuteScriptHelper C:\bb\src\content\public\test\browser_test_utils.cc:185
    #24 0x7ff697709f7f in content::ExecuteScriptAndExtractBool C:\bb\src\content\public\test\browser_test_utils.cc:1283
    #25 0x7ff69276b967 in GeminiAPIBrowserTest_NewTabHasGeminiAPIAccess_Test::RunTestOnMainThread C:\bb\src\brave\components\gemini\browser\gemini_service_browsertest.cc:543
    #26 0x7ff6976f4b6f in content::BrowserTestBase::ProxyRunTestOnMainThreadLoop C:\bb\src\content\public\test\browser_test_base.cc:707
    #27 0x7ff692914928 in base::OnceCallback<void ()>::Run C:\bb\src\base\callback.h:99
    #28 0x7ff69781bdf5 in ChromeBrowserMainParts::PreMainMessageLoopRunImpl C:\bb\src\chrome\browser\chrome_browser_main.cc:1657
    #29 0x7ff6978194bb in ChromeBrowserMainParts::PreMainMessageLoopRun C:\bb\src\chrome\browser\chrome_browser_main.cc:1032
    #30 0x7ffb2d3dd2b0 in content::BrowserMainLoop::PreMainMessageLoopRun C:\bb\src\content\browser\browser_main_loop.cc:985
    #31 0x7ffb2e69850c in base::OnceCallback<int ()>::Run C:\bb\src\base\callback.h:99
    #32 0x7ffb2e69835d in content::StartupTaskRunner::RunAllTasksNow C:\bb\src\content\browser\startup_task_runner.cc:41
    #33 0x7ffb2d3da32f in content::BrowserMainLoop::CreateStartupTasks C:\bb\src\content\browser\browser_main_loop.cc:895
    #34 0x7ffb2d3e3d98 in content::BrowserMainRunnerImpl::Initialize C:\bb\src\content\browser\browser_main_runner_impl.cc:130
    #35 0x7ffb2d3d5207 in content::BrowserMain C:\bb\src\content\browser\browser_main.cc:43
    #36 0x7ffb2f7c2528 in content::RunBrowserProcessMain C:\bb\src\content\app\content_main_runner_impl.cc:525
    #37 0x7ffb2f7c4eb6 in content::ContentMainRunnerImpl::RunServiceManager C:\bb\src\content\app\content_main_runner_impl.cc:997
    #38 0x7ffb2f7c3fa9 in content::ContentMainRunnerImpl::Run C:\bb\src\content\app\content_main_runner_impl.cc:881
    #39 0x7ffaf001261a in service_manager::Main C:\bb\src\services\service_manager\embedder\main.cc:453
    #40 0x7ffb2f7c227e in content::ContentMain C:\bb\src\content\app\content_main.cc:19
    #41 0x7ff6976f39fd in content::BrowserTestBase::SetUp C:\bb\src\content\public\test\browser_test_base.cc:544
    #42 0x7ff6976e1520 in InProcessBrowserTest::SetUp C:\bb\src\chrome\test\base\in_process_browser_test.cc:331
    #43 0x7ff6928de021 in testing::Test::Run C:\bb\src\third_party\googletest\src\googletest\src\gtest.cc:2684
    #44 0x7ff6928df9df in testing::TestInfo::Run C:\bb\src\third_party\googletest\src\googletest\src\gtest.cc:2866
    #45 0x7ff6928e1297 in testing::TestSuite::Run C:\bb\src\third_party\googletest\src\googletest\src\gtest.cc:3020
    #46 0x7ff6928f8de0 in testing::internal::UnitTestImpl::RunAllTests C:\bb\src\third_party\googletest\src\googletest\src\gtest.cc:5730
    #47 0x7ff6928f82be in testing::UnitTest::Run C:\bb\src\third_party\googletest\src\googletest\src\gtest.cc:5313
    #48 0x7ff6977a9c25 in base::TestSuite::Run C:\bb\src\base\test\test_suite.cc:480
    #49 0x7ff69d86ff0c in ChromeTestSuiteRunner::RunTestSuite C:\bb\src\chrome\test\base\chrome_test_launcher.cc:86
    #50 0x7ff699038f6b in content::LaunchTests C:\bb\src\content\public\test\test_launcher.cc:372
    #51 0x7ff69d870a6f in LaunchChromeTests C:\bb\src\chrome\test\base\chrome_test_launcher.cc:245
    #52 0x7ff69d86fcfd in main C:\bb\src\brave\test\base\browser_tests_main.cc:36
    #53 0x7ff69dbc43f3 in __scrt_common_main_seh d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #54 0x7ffb72e27973 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180017973)
    #55 0x7ffb730ca270 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x18006a270)

Address 0x00e423af6120 is located in stack of thread T0 at offset 64 in frame
    #0 0x7ff695936bf3 in ntp_widget_utils::GetCryptoRandomString C:\bb\src\brave\components\ntp_widget_utils\browser\ntp_widget_utils_oauth.cc:17

  This frame has 2 object(s):
    [32, 64) 'random_seed_bytes' (line 19)
    [96, 112) 'ref.tmp' (line 24) <== Memory access at offset 64 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp, SEH and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (C:\bb\src\out\Component\clang_rt.asan_dynamic-x86_64.dll+0x180027e4f) in _asan_wrap_strlen+0x1af
Shadow bytes around the buggy address:
  0x029b583debd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583debe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583debf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583dec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583dec10: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x029b583dec20: 00 00 00 00[f2]f2 f2 f2 00 00 f3 f3 00 00 00 00
  0x029b583dec30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583dec40: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
  0x029b583dec50: 00 00 00 f2 f2 f2 f2 f2 00 00 f2 f2 00 00 00 f2
  0x029b583dec60: f2 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8 f8
  0x029b583dec70: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==6600==ABORTING
[1/1] GeminiAPIBrowserTest.NewTabHasGeminiAPIAccess (CRASHED)
1 test crashed:
    GeminiAPIBrowserTest.NewTabHasGeminiAPIAccess (../../brave/components/gemini/browser/gemini_service_browsertest.cc:540)
null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants