Ubuntu 14.04.1 64-bit
CEF version 3.2171.1932
What steps will reproduce the problem?
1. Build CEF with AddressSanitizer enabled:
http://www.chromium.org/developers/testing/addresssanitizer
2. Run unit tests with any command-line flag:
marshall@ubuntu:~/code/chromium_git/chromium/src$ ./out/Release/cef_unittests
--gtest_filter=NoExisting 2>&1 | tools/valgrind/asan/asan_symbolize.py
What is the expected output? What do you see instead?
Program should exit cleanly. Instead, get the following crash:
==50319==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000a020 at pc 0x000000aaf4e6 bp 0x7fff23f69030 sp 0x7fff23f69028
READ of size 8 at 0x60200000a020 thread T0 (cef_unittests)
#0 0xaaf4e5 in void testing::internal::ParseGoogleTestFlagsOnlyImpl<char>(int*, char**) /home/marshall/code/chromium_git/chromium/src/out/Release/../../testing/gtest/src/gtest.cc:5207:9
#1 0xaafa51 in ParseGoogleTestFlagsOnly /home/marshall/code/chromium_git/chromium/src/out/Release/../../testing/gtest/src/gtest.cc:5236:3
#2 0xaafa51 in void testing::internal::InitGoogleTestImpl<char>(int*, char**) /home/marshall/code/chromium_git/chromium/src/out/Release/../../testing/gtest/src/gtest.cc:5266:0
#3 0xa65368 in InitializeFromCommandLine /home/marshall/code/chromium_git/chromium/src/out/Release/../../base/test/test_suite.cc:118:3
#4 0xa65368 in base::TestSuite::TestSuite(int, char**) /home/marshall/code/chromium_git/chromium/src/out/Release/../../base/test/test_suite.cc:94:0
#5 0x81428d in CefTestSuite::CefTestSuite(int, char**) /home/marshall/code/chromium_git/chromium/src/out/Release/../../cef/tests/unittests/test_suite.cc:27:27
#6 0x76e274 in main /home/marshall/code/chromium_git/chromium/src/out/Release/../../cef/tests/unittests/run_all_unittests.cc:140:3
#7 0x7fd44f64eec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287:0
#8 0x43045f in _start ??:0:0
0x60200000a020 is located 0 bytes to the right of 16-byte region
[0x60200000a010,0x60200000a020)
allocated by thread T0 (cef_unittests) here:
#0 0x4b2ceb in operator new[](unsigned long) ??:0:0
#1 0x76ea86 in CefScopedArgArray::CefScopedArgArray(int, char**) /home/marshall/code/chromium_git/chromium/src/out/Release/../../cef/include/wrapper/cef_helpers.h:59:5
#2 0x76de7b in main /home/marshall/code/chromium_git/chromium/src/out/Release/../../cef/tests/unittests/run_all_unittests.cc:90:3
#3 0x7fd44f64eec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287:0
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c047fff93b0: fa fa 00 00 fa fa 00 07 fa fa 00 03 fa fa 00 00
0x0c047fff93c0: fa fa fd fa fa fa fd fd fa fa 00 04 fa fa 00 04
0x0c047fff93d0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 04
0x0c047fff93e0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa 00 04
0x0c047fff93f0: fa fa 00 04 fa fa 00 04 fa fa 00 04 fa fa fd fa
=>0x0c047fff9400: fa fa 00 00[fa]fa 00 fa fa fa 00 00 fa fa 00 fa
0x0c047fff9410: fa fa fd fa fa fa fd fa fa fa 00 fa fa fa 00 fa
0x0c047fff9420: fa fa 00 00 fa fa 00 fa fa fa fd fa fa fa fd fd
0x0c047fff9430: fa fa 00 fa fa fa fd fa fa fa fd fa fa fa 00 fa
0x0c047fff9440: fa fa 00 04 fa fa 00 fa fa fa fd fa fa fa fd fd
0x0c047fff9450: fa fa 00 fa fa fa fd fa fa fa fd fa fa fa 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
ASan internal: fe
==50319==ABORTING
Original issue reported on code.google.com by magreenb...@gmail.com on 26 Nov 2014 at 11:24
Original issue reported on code.google.com by
magreenb...@gmail.com
on 26 Nov 2014 at 11:24