search

google / perfetto

Performance instrumentation and tracing for Android, Linux and Chrome (read-only mirror of https://android.googlesource.com/platform/external/perfetto/)
https://www.perfetto.dev
Apache License 2.0
2.81k stars 350 forks source link

[UI] WASM memory out of bounds crash when opening some JSON traces #911

Closed cphlipot1 closed 6 hours ago

cphlipot1 commented 10 hours ago

Currently crashes on autopush (V48.1), but not on canary or stable (V47) when opening certain JSON traces

This works fine with some traces bundled in perfetto's test/data folder like "test/data/sfgate.json" but crashes with others like "test/data/v8-samples.json"

Image

UI: https://ui.perfetto.dev/v48.1-fffb94e33

RuntimeError: memory access out of bounds @ perfetto::trace_processor::StringPool::Get(perfetto::trace_processor::StringPool::Id) const
 - perfetto::trace_processor::StringPool::Get(perfetto::trace_processor::StringPool::Id) const (wasm://wasm/0241f9a6:wasm-function[1691]:0x16bac4)
 - perfetto::trace_processor::ColumnLegacy::GetAtIdx(unsigned int) const (wasm://wasm/0241f9a6:wasm-function[5042]:0x34896e)
 - perfetto::trace_processor::DbSqliteModule::Column(sqlite3_vtab_cursor*, sqlite3_context*, int) (wasm://wasm/0241f9a6:wasm-function[5067]:0x34d9d1)
 - sqlite3VdbeExec (wasm://wasm/0241f9a6:wasm-function[623]:0x50438)
 - sqlite3_step (wasm://wasm/0241f9a6:wasm-function[614]:0x4ae67)
 - perfetto::trace_processor::SqliteEngine::PreparedStatement::Step() (wasm://wasm/0241f9a6:wasm-function[5124]:0x353b02)
 - perfetto::trace_processor::PerfettoSqlEngine::ExecuteUntilLastStatement(perfetto::trace_processor::SqlSource) (wasm://wasm/0241f9a6:wasm-function[4957]:0x33a1ab)
 - perfetto::trace_processor::TraceProcessorImpl::ExecuteQuery(std::__2::basic_string<char, std::__2::char_traits<char>, std::__2::allocator<char> > const&) (wasm://wasm/0241f9a6:wasm-function[257]:0x172ac)
 - perfetto::trace_processor::Rpc::ParseRpcRequest(unsigned char const*, unsigned long) (wasm://wasm/0241f9a6:wasm-function[6286]:0x429ce7)
 - perfetto::trace_processor::Rpc::OnRpcRequest(void const*, unsigned long) (wasm://wasm/0241f9a6:wasm-function[6285]:0x427f14)
 -  (stderr: )
 - Loading trace 21.09 MB (26.0 MB/s)

Trace: not available (FILE). Provide repro steps.
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referrer:

How to reproduce

Can easily be reproduced by opening the v8-samples.json included with Perfetto's test data.

./tools/install-build-deps
./tools/open_trace_in_ui test/data/v8-samples.json

Crash will automatically appear while the UI is loading the trace

LalitMaganti commented 9 hours ago

Investigating. Strange because we use that trace in our all our automated testing and nothing is crashing. Maybe it's some specific query which is at fault?

hahnicity commented 8 hours ago

We have at least 3 users now across our organization who are running into the issue.

LalitMaganti commented 7 hours ago

I can reproduce, bisecting to find the commit at fault. Should have the fix shortly.

LalitMaganti commented 7 hours ago

Will be fixed when https://r.android.com/3311138 lands.