Getting mojo::internal::DecodePointer SEVG by moving files

[Yutaka Hirano]

Hi,

I moved[1] a mojom file from third_party/WebKit to services/network with changing the namespace from ::blink::mojom to ::network::mojom, and got some SEVG errors as shown below[2].

I have no idea what caused this SEGV and how to fix it. Any suggestions will be appreciated.

Thanks!

signal 11 (SIGSEGV), code 1, fault addr 0x2395a54a in tid 5137 (Chrome_InProcRe)

pid: 5100, tid: 5137, name: Chrome_InProcRe  >>> org.chromium.webview_shell <<<

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2395a54a

     r0 2395a542  r1 a3377164  r2 a3377188  r3 00000000

     r4 b8f9d94c  r5 a33771bc  r6 2395a542  r7 a337718c

     r8 b8e4b598  r9 00000002  sl b925fde0  fp a337728c

     ip a80205c4  sp a3377150  lr a717f97d  pc a717fdbe

Stack Trace:

RELADDR   FUNCTION

v------>  mojo::internal::DecodePointer(unsigned long long const*)

v------> mojo::internal::Pointer<network::mojom::internal::WebSocketHandshakeRequest_Data>::Get()      01781dbe  bool network::mojom::WebSocketClient_OnStartOpeningHandshake_ParamsDataView::ReadRequest<mojo::StructPtr<network::mojom::blink::WebSocketHandshakeRequest> >(mojo::StructPtr<network::mojom::blink::WebSocketHandshakeRequest>*)

1: https://chromium-review.googlesource.com/c/chromium/src/+/961173

2: https://crbug.com/822732

[Ken Rockot]

It seems like DecodePointer could only possibly segfault if called by an invalid Pointer, which means that in your case |data_| would have to be invalid here. |data_| is always a pointer into message buffer memory though, so this is surprising.

I haven't thought about *how* this is possible yet, but I'd bet the problem is that the mojom target you've moved this to has lazy serialization enabled. If you want to land the move for now (and confirm this theory), you could try adding a separate temporary mojom target for it? I can also investigate the lazy serialization issue further.

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-mojo+unsubscribe@chromium.org.
To post to this group, send email to chromi...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CABihn6GRS603LLOcfi6k2AOKyUz-qp_vo%3DFsYKhrdLTuFzWQ_g%40mail.gmail.com.

[Yutaka Hirano]

Thank you for the reply. 

Is https://chromium-review.googlesource.com/c/chromium/src/+/975361/2..4 what you suggested?

On Thu, Mar 22, 2018 at 7:38 PM Ken Rockot <roc...@chromium.org> wrote:

It seems like DecodePointer could only possibly segfault if called by an invalid Pointer, which means that in your case |data_| would have to be invalid here. |data_| is always a pointer into message buffer memory though, so this is surprising.

I haven't thought about *how* this is possible yet, but I'd bet the problem is that the mojom target you've moved this to has lazy serialization enabled. If you want to land the move for now (and confirm this theory), you could try adding a separate temporary mojom target for it? I can also investigate the lazy serialization issue further.

On Wed, Mar 21, 2018 at 11:15 PM, Yutaka Hirano <yhi...@chromium.org> wrote:

Hi,

I moved[1] a mojom file from third_party/WebKit to services/network with changing the namespace from ::blink::mojom to ::network::mojom, and got some SEVG errors as shown below[2].

I have no idea what caused this SEGV and how to fix it. Any suggestions will be appreciated.

Thanks!

signal 11 (SIGSEGV), code 1, fault addr 0x2395a54a in tid 5137 (Chrome_InProcRe)

pid: 5100, tid: 5137, name: Chrome_InProcRe  >>> org.chromium.webview_shell <<<

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2395a54a

     r0 2395a542  r1 a3377164  r2 a3377188  r3 00000000

     r4 b8f9d94c  r5 a33771bc  r6 2395a542  r7 a337718c

     r8 b8e4b598  r9 00000002  sl b925fde0  fp a337728c

     ip a80205c4  sp a3377150  lr a717f97d  pc a717fdbe

Stack Trace:

RELADDR   FUNCTION

v------>  mojo::internal::DecodePointer(unsigned long long const*)

v------> mojo::internal::Pointer<network::mojom::internal::WebSocketHandshakeRequest_Data>::Get()      01781dbe  bool network::mojom::WebSocketClient_OnStartOpeningHandshake_ParamsDataView::ReadRequest<mojo::StructPtr<network::mojom::blink::WebSocketHandshakeRequest> >(mojo::StructPtr<network::mojom::blink::WebSocketHandshakeRequest>*)

1: https://chromium-review.googlesource.com/c/chromium/src/+/961173

2: https://crbug.com/822732

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-moj...@chromium.org.

To post to this group, send email to chromi...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CABihn6GRS603LLOcfi6k2AOKyUz-qp_vo%3DFsYKhrdLTuFzWQ_g%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-moj...@chromium.org.

To post to this group, send email to chromi...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CA%2BapAgELkzphtQ7tiixaPapOATZwEK5eEd4-%3DKJd2N_voBnMAQ%40mail.gmail.com.

[Ken Rockot]

Essentially. Some comments left on the CL.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-mojo+unsubscribe@chromium.org.

To post to this group, send email to chromi...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CABihn6GRS603LLOcfi6k2AOKyUz-qp_vo%3DFsYKhrdLTuFzWQ_g%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-mojo+unsubscribe@chromium.org.

To post to this group, send email to chromi...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CA%2BapAgELkzphtQ7tiixaPapOATZwEK5eEd4-%3DKJd2N_voBnMAQ%40mail.gmail.com.

--

You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-mojo+unsubscribe@chromium.org.

To post to this group, send email to chromi...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CABihn6GmXYHWC7twXQkHrq1yG%2Bmmcgz5hX1ZMkupenn%2BQEGRPA%40mail.gmail.com.

[Yutaka Hirano]

Thanks! 

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-moj...@chromium.org.

To post to this group, send email to chromi...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CABihn6GRS603LLOcfi6k2AOKyUz-qp_vo%3DFsYKhrdLTuFzWQ_g%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-moj...@chromium.org.

To post to this group, send email to chromi...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-mojo/CA%2BapAgELkzphtQ7tiixaPapOATZwEK5eEd4-%3DKJd2N_voBnMAQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "chromium-mojo" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-moj...@chromium.org.

To post to this group, send email to chromi...@chromium.org.