[Bug 1214003] Chromium crashed on page loading since last update (signal 11 SEGV_MAPERR __strlen_avx2)
https://bugzilla.suse.com/show_bug.cgi?id=1214003 https://bugzilla.suse.com/show_bug.cgi?id=1214003#c15 --- Comment #15 from Arnav Singh <opensuse@arnavion.dev> --- (In reply to Arnav Singh from comment #10)
The strange thing is that the disassembly of the chromium frame is:
<_ZN10extensions14FormDataParser27CreateFromContentTypeHeader...+941> xor edi,edi <_ZN10extensions14FormDataParser27CreateFromContentTypeHeader...+943> call 0x56094fe55260 <strlen@plt>
This is `strlen(NULL)` so it's not surprising that it segfaults, but why this is here I can't tell. There's no -debugsource and I can't line up the surrounding assembly with the upstream source at https://github.com/chromium/chromium/blob/115.0.5790.170/extensions/browser/ api/web_request/form_data_parser.cc#L327
This appears to be this line https://github.com/chromium/chromium/blob/115.0.5790.170/extensions/browser/... If I'm reading the offsets right, the `strlen(NULL)` is being used to populate the `source_` field defined on this line https://github.com/chromium/chromium/blob/115.0.5790.170/extensions/browser/... with its default value. `re2::StringPiece` is a typedef for `abseil::string_view` which does claim to have a well-defined default ctor. In any case, I don't believe avx2 is a requirement for this bug since `strlen(NULL)` is illegal regardless of whether that eventually forwards to `strlen_avx2` or not, unless the non-avx2 impls happen to support being called with `NULL` for some reason. If someone can test with a non-avx2 CPU that would be good. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com