Skip to content

Commit 88746be

Browse files
dwrobeldwrobel
authored
ONEMPERS-274 Fix accessing message->messsage (#16)
Fixes the following AddressSanitizer crash: ==259825==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000071f5 at pc 0x00000047a669 bp 0x7ffd7f40fdf0 sp 0x7ffd7f40f5a0 READ of size 118 at 0x60c0000071f5 thread T0 [Detaching after fork from child process 259840] #0 0x47a668 in __interceptor_strlen.part.0 (/home/dw/projects/flutter/dw-16/embedding/flutter_wayland/build-aot/flutter-launcher-wayland+0x47a668) #1 0x5195fd in std::char_traits<char>::length(char const*) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/char_traits.h:371:9 #2 0x513e18 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string<std::allocator<char> >(char const*, std::allocator<char> const&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/basic_string.h:536:36 #3 0x5320ae in flutter::WaylandDisplay::SetupEngine(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)::$_37::operator()(FlutterPlatformMessage const*, void*) const /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/wayland_display.cc:621:61 chinmaygarde#4 0x531e1c in flutter::WaylandDisplay::SetupEngine(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&)::$_37::__invoke(FlutterPlatformMessage const*, void*) /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/wayland_display.cc:620:36 chinmaygarde#5 0x7f7b7eeb04d0 in std::__1::__function::__func<FlutterEngineInitialize::$_48, std::__1::allocator<FlutterEngineInitialize::$_48>, void (std::__1::unique_ptr<flutter::PlatformMessage, std::__1::default_delete<flutter::PlatformMessage> >)>::operator()(std::__1::unique_ptr<flutter::PlatformMessage, std::__1::default_delete<flutter::PlatformMessage> >&&) (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0xe34d0) chinmaygarde#6 0x7f7b7eebbe52 in flutter::PlatformViewEmbedder::HandlePlatformMessage(std::__1::unique_ptr<flutter::PlatformMessage, std::__1::default_delete<flutter::PlatformMessage> >) (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0xeee52) chinmaygarde#7 0x7f7b7f31809a in std::__1::__function::__func<fml::internal::CopyableLambda<flutter::Shell::OnEngineHandlePlatformMessage(std::__1::unique_ptr<flutter::PlatformMessage, std::__1::default_delete<flutter::PlatformMessage> >)::$_16>, std::__1::allocator<fml::internal::CopyableLambda<flutter::Shell::OnEngineHandlePlatformMessage(std::__1::unique_ptr<flutter::PlatformMessage, std::__1::default_delete<flutter::PlatformMessage> >)::$_16> >, void ()>::operator()() (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0x54b09a) chinmaygarde#8 0x7f7b7eeb9e53 in flutter::EmbedderTaskRunner::PostTask(unsigned long) (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0xece53) chinmaygarde#9 0x7f7b7eea9816 in FlutterEngineRunTask (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0xdc816) chinmaygarde#10 0x52e454 in flutter::WaylandDisplay::RunFlutterTask(FlutterTask const*) /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/wayland_display.cc:1298:14 chinmaygarde#11 0x53ae56 in void std::__invoke_impl<void, void (flutter::WaylandDisplay::*&)(FlutterTask const*), flutter::WaylandDisplay*&, FlutterTask const*>(std::__invoke_memfun_deref, void (flutter::WaylandDisplay::*&)(FlutterTask const*), flutter::WaylandDisplay*&, FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/invoke.h:74:14 #12 0x53ac96 in std::__invoke_result<void (flutter::WaylandDisplay::*&)(FlutterTask const*), flutter::WaylandDisplay*&, FlutterTask const*>::type std::__invoke<void (flutter::WaylandDisplay::*&)(FlutterTask const*), flutter::WaylandDisplay*&, FlutterTask const*>(void (flutter::WaylandDisplay::*&)(FlutterTask const*), flutter::WaylandDisplay*&, FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/invoke.h:96:14 #13 0x53aba3 in void std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>::__call<void, FlutterTask const*&&, 0ul, 1ul>(std::tuple<FlutterTask const*&&>&&, std::_Index_tuple<0ul, 1ul>) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/functional:420:11 #14 0x53aa11 in void std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>::operator()<FlutterTask const*, void>(FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/functional:503:17 #15 0x53a901 in void std::__invoke_impl<void, std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>&, FlutterTask const*>(std::__invoke_other, std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>&, FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/invoke.h:61:14 #16 0x53a871 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>&, FlutterTask const*>, void>::type std::__invoke_r<void, std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>&, FlutterTask const*>(std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)>&, FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/invoke.h:111:2 #17 0x53a601 in std::_Function_handler<void (FlutterTask const*), std::_Bind<void (flutter::WaylandDisplay::* (flutter::WaylandDisplay*, std::_Placeholder<1>))(FlutterTask const*)> >::_M_invoke(std::_Any_data const&, FlutterTask const*&&) /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/std_function.h:291:9 #18 0x53d58b in std::function<void (FlutterTask const*)>::operator()(FlutterTask const*) const /usr/lib/gcc/x86_64-redhat-linux/11/../../../../include/c++/11/bits/std_function.h:560:9 #19 0x53bde7 in flutter::PlatformEventLoop::ProcessEvents() /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/event_loop.cc:60:7 #20 0x52de13 in flutter::WaylandDisplay::Run() /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/wayland_display.cc:1163:81 #21 0x5137d3 in flutter::Main(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >) /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/main.cc:111:18 #22 0x512f12 in main /home/dw/projects/flutter/dw-16/embedding/flutter_wayland/src/main.cc:121:10 #23 0x7f7b7e879b74 in __libc_start_main /usr/src/debug/glibc-2.33-20.fc34.x86_64/csu/../csu/libc-start.c:332:16 #24 0x432bdd in _start (/home/dw/projects/flutter/dw-16/embedding/flutter_wayland/build-aot/flutter-launcher-wayland+0x432bdd) 0x60c0000071f5 is located 0 bytes to the right of 117-byte region [0x60c000007180,0x60c0000071f5) allocated by thread T7 (io.flutter.ui) here: #0 0x4d8b5f in malloc (/home/dw/projects/flutter/dw-16/embedding/flutter_wayland/build-aot/flutter-launcher-wayland+0x4d8b5f) #1 0x7f7b7eeda247 in fml::MallocMapping::Copy(void const*, unsigned long) (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0x10d247) #2 0x7f7b6fd30917 (<unknown module>) Thread T7 (io.flutter.ui) created by T0 here: #0 0x449436 in pthread_create (/home/dw/projects/flutter/dw-16/embedding/flutter_wayland/build-aot/flutter-launcher-wayland+0x449436) #1 0x7f7b7eedeffd in fml::Thread::Thread(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (/home/dw/projects/flutter/dw-16/engine/src/out/linux_release_x64/lib.unstripped/libflutter_engine.so+0x111ffd) #2 0x69752e726573 (<unknown module>) SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/dw/projects/flutter/dw-16/embedding/flutter_wayland/build-aot/flutter-launcher-wayland+0x47a668) in __interceptor_strlen.part.0 Shadow bytes around the buggy address: 0x0c187fff8de0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c187fff8df0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 0x0c187fff8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c187fff8e10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c187fff8e20: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa^[1m =>0x0c187fff8e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[05]fa 0x0c187fff8e40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c187fff8e50: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c187fff8e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 0x0c187fff8e70: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c187fff8e80: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==259825==ABORTING Signed-off-by: Damian Wrobel <[email protected]>
1 parent 277ee2f commit 88746be

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/wayland_display.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -618,7 +618,7 @@ bool WaylandDisplay::SetupEngine(const std::string &bundle_path, const std::vect
618618
.command_line_argc = static_cast<int>(command_line_args_c.size()),
619619
.command_line_argv = command_line_args_c.data(),
620620
.platform_message_callback = [](const FlutterPlatformMessage *message, void *data) -> void {
621-
if (std::string(message->channel) == "flutter/platform" && std::string((char *)message->message).find("\"method\":\"freeMemory\"") != std::string::npos) {
621+
if (std::string(message->channel) == "flutter/platform" && std::string((char *)message->message, message->message_size).find("\"method\":\"freeMemory\"") != std::string::npos) {
622622
WaylandDisplay *const wd = get_wayland_display(data);
623623
if (wd->engine_) {
624624
auto ret = FlutterEngineNotifyLowMemoryWarning(wd->engine_);

0 commit comments

Comments
 (0)