Skip to content

[Asan] Crash in js::AsmJSModule::deserialize / DeserializeSig

Steps to reproduce:

  1. Open current tor browser alpha, hardened (6.5a1)
  2. surf on facebookcorewwwi.onion
  3. click somewhere to start composing a message
  4. as soon as you can, try to type (not sure this is required)

What happens: Tor browser crashes.

Date Time [notice] Bootstrapped 100%: Done
Date Time [notice] New control connection opened from 127.0.0.1.
Date Time [notice] New control connection opened from 127.0.0.1.
Time	addons.productaddons	ERROR	Request failed certificate checks: [Exception... "SSL is required and URI scheme is not https."  nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)"  location: "JS frame :: re[/gre/modules/CertUtils.jsm](/gre/modules/CertUtils.jsm) :: checkCert :: line 145"  data: no]
=================================================================
==5252==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f6dfe8c6000 at pc 0x7f6e4c3f2605 bp 0x7f6e009f23f0 sp 0x7f6e009f1ba0
READ of size 9437184 at 0x7f6dfe8c6000 thread T59 (DOM Worker)
ASAN:SIGSEGV
==5252==AddressSanitizer: while reporting a bug found another one. Ignoring.
Date Time [notice] Owning controller connection has closed -- exiting now.
Date Time [notice] Catching signal TERM, exiting cleanly.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information