CFI violation locid.cpp line 1460

Description

This is found when I attempt to roll ICU68-1 to chrome

downstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1145094
About CFI
https://www.chromium.org/developers/testing/control-flow-integrity
http://clang.llvm.org/docs/ControlFlowIntegrity.html
Comment 6 by ftang@chromium.org on Tue, Nov 3, 2020, 12:45 PM PST (just now) Project Member

more_vert
../../third_party/icu/source/common/locid.cpp:1460:40: runtime error: control flow integrity check for type 'icu_68::UVector' failed during cast to unrelated type (vtable address 0x55b0f9c2800796e)
0x55b0f9c2800796e: note: invalid vtable
<memory cannot be printed>
../../third_party/icu/source/common/locid.cpp:1460:40: note: check failed in /b/s/w/ir/out/Release/content_browsertests, vtable located in (unknown)
#0 0x560554e16fbb in icu_68::(anonymous namespace)::AliasReplacer::outputToString(icu_68::CharString&, UErrorCode) ./../../third_party/icu/source/common/locid.cpp:1460:40
#1 0x560554e1627a in icu_68::(anonymous namespace)::AliasReplacer::replace(icu_68::Locale const&, icu_68::CharString&, UErrorCode) ./../../third_party/icu/source/common/locid.cpp:1565:5
#2 0x560554e14b05 in icu_68::(anonymous namespace)::canonicalizeLocale(icu_68::Locale const&, icu_68::CharString&, UErrorCode&) ./../../third_party/icu/source/common/locid.cpp:1588:21
#3 0x560554e14310 in icu_68::Locale::init(char const*, signed char) ./../../third_party/icu/source/common/locid.cpp:1759:21
#4 0x560554e1506f in icu_68::Locale::createCanonical(char const*) ./../../third_party/icu/source/common/locid.cpp:2014:9

Activity

Show:
Frank Yung-Fong Tang
November 4, 2020, 12:07 AM
Edited

Frank Yung-Fong Tang
November 3, 2020, 9:25 PM

somehow there is an extra unnecessary cast caused that

1460 .append((const char*)((UVector*)variants.elementAt(i)),
should be
1460 .append((const char*)(variants.elementAt(i)),

I must have made a mistake when I worked on the PR but it should have no impact on the release code, because then it is cast to (const char*) . But that would upset CFI since CFI is checking bad cast.

Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Frank Yung-Fong Tang

Reporter

Frank Yung-Fong Tang

Components

Priority

medium

Fix versions