[Pkg-chromium-maint] Bug#660187: #660187 chromium-browser: Entry #3 in data pack points off end of file. Was the file corrupted?
Timo Juhani Lindfors
timo.lindfors at iki.fi
Fri Jun 1 09:41:45 UTC 2012
Hi,
src/ui/base/resource/data_pack.cc
bool DataPack::Load(const FilePath& path) {
mmap_.reset(new file_util::MemoryMappedFile);
if (!mmap_->Initialize(path)) {
DLOG(ERROR) << "Failed to mmap datapack";
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", INIT_FAILED,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
// Sanity check the header of the file.
if (kHeaderLength > mmap_->length()) {
DLOG(ERROR) << "Data pack file corruption: incomplete file header.";
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", HEADER_TRUNCATED,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
// Parse the header of the file.
// First uint32: version; second: resource count;
const uint32* ptr = reinterpret_cast<const uint32*>(mmap_->data());
uint32 version = ptr[0];
if (version != kFileFormatVersion) {
LOG(ERROR) << "Bad data pack version: got " << version << ", expected "
<< kFileFormatVersion;
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", BAD_VERSION,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
resource_count_ = ptr[1];
// third: text encoding.
const uint8* ptr_encoding = reinterpret_cast<const uint8*>(ptr + 2);
text_encoding_type_ = static_cast<TextEncodingType>(*ptr_encoding);
if (text_encoding_type_ != UTF8 && text_encoding_type_ != UTF16 &&
text_encoding_type_ != BINARY) {
LOG(ERROR) << "Bad data pack text encoding: got " << text_encoding_type_
<< ", expected between " << BINARY << " and " << UTF16;
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", WRONG_ENCODING,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
// Sanity check the file.
// 1) Check we have enough entries.
if (kHeaderLength + resource_count_ * sizeof(DataPackEntry) >
mmap_->length()) {
LOG(ERROR) << "Data pack file corruption: too short for number of "
"entries specified.";
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", INDEX_TRUNCATED,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
// 2) Verify the entries are within the appropriate bounds. There's an extra
// entry after the last item which gives us the length of the last item.
for (size_t i = 0; i < resource_count_ + 1; ++i) {
const DataPackEntry* entry = reinterpret_cast<const DataPackEntry*>(
mmap_->data() + kHeaderLength + (i * sizeof(DataPackEntry)));
if (entry->file_offset > mmap_->length()) {
LOG(ERROR) << "Entry #" << i << " in data pack points off end of file. "
<< "Was the file corrupted?";
UMA_HISTOGRAM_ENUMERATION("DataPack.Load", ENTRY_NOT_FOUND,
LOAD_ERRORS_COUNT);
mmap_.reset();
return false;
}
}
return true;
}
$ chromium --debug --no-sandbox
(gdb) break ui::DataPack::Load(FilePath const&)
(gdb) run
(gdb) bt
#0 ui::DataPack::Load (this=0x2d38cbd8, path=...) at ui/base/resource/data_pack.cc:70
#1 0x2ad09e98 in ui::ResourceBundle::LoadResourcesDataPak (path=...) at ui/base/resource/resource_bundle.cc:72
#2 0x2ad0c078 in ui::ResourceBundle::LoadCommonResources (this=0x2d38ca60) at ui/base/resource/resource_bundle_posix.cc:55
#3 0x2ad0ab00 in ui::ResourceBundle::InitSharedInstanceWithLocale (pref_locale=...) at ui/base/resource/resource_bundle.cc:57
#4 0x2a934688 in ChromeBrowserMainParts::PreCreateThreadsImpl (this=0x2d351788) at chrome/browser/chrome_browser_main.cc:1191
#5 0x2a9354b8 in ChromeBrowserMainParts::PreCreateThreads (this=0x2d351788) at chrome/browser/chrome_browser_main.cc:1118
#6 0x2be1922c in content::BrowserMainLoop::RunMainMessageLoopParts (this=<optimized out>, completed_main_message_loop=0x2d342158) at content/browser/browser_main_loop.cc:321
#7 0x2be177f0 in BrowserMain (parameters=...) at content/browser/browser_main.cc:100
#8 0x2ab2ef9c in RunNamedProcessTypeMain (delegate=<optimized out>, main_function_params=..., process_type=...) at content/app/content_main.cc:264
#9 content::ContentMain (argc=29927, argv=0xbeb93214, delegate=0xbeb93094) at content/app/content_main.cc:457
#10 0x2a1bb974 in ChromeMain (argc=3, argv=0xbeb93214) at chrome/app/chrome_main.cc:32
#11 0x2a1baba8 in main (argc=<optimized out>, argv=<optimized out>) at chrome/app/chrome_exe_main_gtk.cc:18
(gdb) p path
$1 = (const FilePath &) @0xbeb921b8: {static kSeparators = 0x2c5c1f1c "/", static kCurrentDirectory = <same as static member of an already seen type>,
static kParentDirectory = <same as static member of an already seen type>, static kExtensionSeparator = 46 '.', path_ = {static npos = <optimized out>,
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x2d38cb9c "/usr/lib/chromium/chrome.pak"}}}
# The file /usr/lib/chromium/chrome.pak is identical (md5sum
# 74e9a2d34aaeb9c096c9c7a382b9b3d5) on amd64 and armel so it should not
# be corrupted specifically on armel (chromium 18.0.1025.168~r134367-1).
This looks like a classic unaligned word access to me. If I
sudo sh -c 'echo 3 > /proc/cpu/alignment'
the error does not occur and kernel logs a lot of warnings:
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5d1 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5d3 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5d7 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5d9 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5dd FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5df FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5e3 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5e5 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5e9 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5eb FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5ef FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5f1 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5f5 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5f7 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5fb FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5fd FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb601 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb603 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb607 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb609 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb60d FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb60f FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb613 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb615 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb619 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb61b FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb61f FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb621 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb625 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb627 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb62b FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb62d FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb631 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb633 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb637 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb639 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb63d FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb63f FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb643 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb645 FSR 0x001
Jun 1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb649 FSR 0x001
After a while I get a screen that says "Welcome to Chromium"! o/
Tested a few sites (still under debugger and with --no-sandbox):
1) debian.org loads, clicking a few links works
2) www.openstreetmap.org loads, zooming and panning the map works.
3) www.reittiopas.fi loads and can search for routes. The maps are shown
too so this closes #595680!
4) facebook.com loads, didn't try to login.
5) sunspider javascript benchmark loads. Results in the end of
http://lindi.iki.fi/lindi/chromium/benchmark/results.txt
We are bit slower than 11.0.696.71~r86024-1 (7674.2ms vs. 10658.4ms)
I repeated sunspider without debugger and --no-sandbox, got 10115.9 ms.
I tested the above also on openmoko. Still waiting for sunspider to complete..
-Timo
More information about the Pkg-chromium-maint
mailing list