[Pkg-chromium-maint] Bug#660187: #660187 chromium-browser: Entry #3 in data pack points off end of file. Was the file corrupted?

shawn shawnlandden at gmail.com
Fri Jun 1 18:41:39 UTC 2012


On Fri, 2012-06-01 at 12:41 +0300, Timo Juhani Lindfors wrote: 
> Hi,
> 
> src/ui/base/resource/data_pack.cc
> 
> 
> bool DataPack::Load(const FilePath& path) {
>   mmap_.reset(new file_util::MemoryMappedFile);
>   if (!mmap_->Initialize(path)) {
>     DLOG(ERROR) << "Failed to mmap datapack";
>     UMA_HISTOGRAM_ENUMERATION("DataPack.Load", INIT_FAILED,
>                               LOAD_ERRORS_COUNT);
>     mmap_.reset();
>     return false;
>   }
> 
>   // Sanity check the header of the file.
>   if (kHeaderLength > mmap_->length()) {
>     DLOG(ERROR) << "Data pack file corruption: incomplete file header.";
>     UMA_HISTOGRAM_ENUMERATION("DataPack.Load", HEADER_TRUNCATED,
>                               LOAD_ERRORS_COUNT);
>     mmap_.reset();
>     return false;
>   }
> 
>   // Parse the header of the file.
>   // First uint32: version; second: resource count;
>   const uint32* ptr = reinterpret_cast<const uint32*>(mmap_->data());
>   uint32 version = ptr[0];
>   if (version != kFileFormatVersion) {
>     LOG(ERROR) << "Bad data pack version: got " << version << ", expected "
>                << kFileFormatVersion;
>     UMA_HISTOGRAM_ENUMERATION("DataPack.Load", BAD_VERSION,
>                               LOAD_ERRORS_COUNT);
>     mmap_.reset();
>     return false;
>   }
>   resource_count_ = ptr[1];
> 
>   // third: text encoding.
>   const uint8* ptr_encoding = reinterpret_cast<const uint8*>(ptr + 2);
>   text_encoding_type_ = static_cast<TextEncodingType>(*ptr_encoding);
>   if (text_encoding_type_ != UTF8 && text_encoding_type_ != UTF16 &&
>       text_encoding_type_ != BINARY) {
>     LOG(ERROR) << "Bad data pack text encoding: got " << text_encoding_type_
>                << ", expected between " << BINARY << " and " << UTF16;
>     UMA_HISTOGRAM_ENUMERATION("DataPack.Load", WRONG_ENCODING,
>                               LOAD_ERRORS_COUNT);
>     mmap_.reset();
>     return false;
>   }
> 
>   // Sanity check the file.
>   // 1) Check we have enough entries.
>   if (kHeaderLength + resource_count_ * sizeof(DataPackEntry) >
>       mmap_->length()) {
>     LOG(ERROR) << "Data pack file corruption: too short for number of "
>                   "entries specified.";
>     UMA_HISTOGRAM_ENUMERATION("DataPack.Load", INDEX_TRUNCATED,
>                               LOAD_ERRORS_COUNT);
>     mmap_.reset();
>     return false;
>   }
>   // 2) Verify the entries are within the appropriate bounds. There's an extra
>   // entry after the last item which gives us the length of the last item.
>   for (size_t i = 0; i < resource_count_ + 1; ++i) {
>     const DataPackEntry* entry = reinterpret_cast<const DataPackEntry*>(
>         mmap_->data() + kHeaderLength + (i * sizeof(DataPackEntry)));
>     if (entry->file_offset > mmap_->length()) {
>       LOG(ERROR) << "Entry #" << i << " in data pack points off end of file. "
>                  << "Was the file corrupted?";
>       UMA_HISTOGRAM_ENUMERATION("DataPack.Load", ENTRY_NOT_FOUND,
>                                 LOAD_ERRORS_COUNT);
>       mmap_.reset();
>       return false;
>     }
>   }
> 
>   return true;
> }
> 
> $ chromium --debug --no-sandbox
> (gdb) break ui::DataPack::Load(FilePath const&)
> (gdb) run
> (gdb) bt
> #0  ui::DataPack::Load (this=0x2d38cbd8, path=...) at ui/base/resource/data_pack.cc:70
> #1  0x2ad09e98 in ui::ResourceBundle::LoadResourcesDataPak (path=...) at ui/base/resource/resource_bundle.cc:72
> #2  0x2ad0c078 in ui::ResourceBundle::LoadCommonResources (this=0x2d38ca60) at ui/base/resource/resource_bundle_posix.cc:55
> #3  0x2ad0ab00 in ui::ResourceBundle::InitSharedInstanceWithLocale (pref_locale=...) at ui/base/resource/resource_bundle.cc:57
> #4  0x2a934688 in ChromeBrowserMainParts::PreCreateThreadsImpl (this=0x2d351788) at chrome/browser/chrome_browser_main.cc:1191
> #5  0x2a9354b8 in ChromeBrowserMainParts::PreCreateThreads (this=0x2d351788) at chrome/browser/chrome_browser_main.cc:1118
> #6  0x2be1922c in content::BrowserMainLoop::RunMainMessageLoopParts (this=<optimized out>, completed_main_message_loop=0x2d342158) at content/browser/browser_main_loop.cc:321
> #7  0x2be177f0 in BrowserMain (parameters=...) at content/browser/browser_main.cc:100
> #8  0x2ab2ef9c in RunNamedProcessTypeMain (delegate=<optimized out>, main_function_params=..., process_type=...) at content/app/content_main.cc:264
> #9  content::ContentMain (argc=29927, argv=0xbeb93214, delegate=0xbeb93094) at content/app/content_main.cc:457
> #10 0x2a1bb974 in ChromeMain (argc=3, argv=0xbeb93214) at chrome/app/chrome_main.cc:32
> #11 0x2a1baba8 in main (argc=<optimized out>, argv=<optimized out>) at chrome/app/chrome_exe_main_gtk.cc:18
> (gdb) p path
> $1 = (const FilePath &) @0xbeb921b8: {static kSeparators = 0x2c5c1f1c "/", static kCurrentDirectory = <same as static member of an already seen type>, 
>   static kParentDirectory = <same as static member of an already seen type>, static kExtensionSeparator = 46 '.', path_ = {static npos = <optimized out>, 
>     _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x2d38cb9c "/usr/lib/chromium/chrome.pak"}}}
> 
> # The file /usr/lib/chromium/chrome.pak is identical (md5sum
> # 74e9a2d34aaeb9c096c9c7a382b9b3d5) on amd64 and armel so it should not
> # be corrupted specifically on armel (chromium 18.0.1025.168~r134367-1).
> 
> 
> This looks like a classic unaligned word access to me. If I 
> 
> sudo sh -c 'echo 3 > /proc/cpu/alignment'
> 
> the error does not occur and kernel logs a lot of warnings:
> 
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5d1 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5d3 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5d7 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5d9 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5dd FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5df FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5e3 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5e5 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5e9 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5eb FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5ef FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5f1 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5f5 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5f7 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb5fb FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb5fd FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb601 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb603 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb607 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb609 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb60d FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb60f FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb613 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb615 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb619 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb61b FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb61f FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb621 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb625 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb627 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb62b FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb62d FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb631 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb633 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb637 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb639 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb63d FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb63f FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb643 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d4c Instr=0xe1d310b4 Address=0x43ceb645 FSR 0x001
> Jun  1 11:42:59 mv78100 kernel: Alignment trap: chromium (29999) PC=0x2ad08d48 Instr=0xe1d320b2 Address=0x43ceb649 FSR 0x001
> 
> 
> After a while I get a screen that says "Welcome to Chromium"! o/
EEK! on my computer I don't get that screen, but I see it on yours. IMHO
we should get rid of that screen. Chromium gives you plenty of
opurtunities down the road to pair your device (in fact it taunts you),
and we should remove this annoying wall on startup. 
> 
> Tested a few sites (still under debugger and with --no-sandbox):
> 
> 1) debian.org loads, clicking a few links works
> 
> 2) www.openstreetmap.org loads, zooming and panning the map works.
> 
> 3) www.reittiopas.fi loads and can search for routes. The maps are shown
> too so this closes #595680!
> 
> 4) facebook.com loads, didn't try to login.
> 
> 5) sunspider javascript benchmark loads. Results in the end of 
> 
> http://lindi.iki.fi/lindi/chromium/benchmark/results.txt
> 
> We are bit slower than 11.0.696.71~r86024-1 (7674.2ms vs. 10658.4ms)
> 
> I repeated sunspider without debugger and --no-sandbox, got 10115.9 ms.
> 
> 
> I tested the above also on openmoko. Still waiting for sunspider to complete..
> 
> -Timo
> 


-- 
-Shawn Landden






More information about the Pkg-chromium-maint mailing list