Skip to content

[macOS] Memory sanitizer violated when encoding indirect strings #142101

New issue
New issue
Closed
flutter/engine
#49995
Closed
[macOS] Memory sanitizer violated when encoding indirect strings#142101
flutter/engine
#49995
Labels
a: desktopRunning on desktopplatform-macBuilding on or for macOS specifically
@dkwingsmt

Description

@dkwingsmt
dkwingsmt
opened on Jan 24, 2024

Some NSStrings can have its C-string pointer simply returned by CFStringGetCStringPtr, while others not (which, I assume, are usually strings generated by format or concatenation). If the latter kind of strings are encoded by the macOS standard encoder, the memory sanitizer complains if the engine is compiled with --asan and crashes the app.

Reproduction:

  • Use framework 90e4a12
  • Use the corresponding engine 220416cfa6ca6b5129c11e29e32e6d272eeaca5f
  • Use the latest flutter/gallery flutter/gallery@cfcb9db
    • The gallery app uses the package:path_provider plugin, which sends a directory path through the message channel.
  • Compile the engine with --asan, and run with local engine.
  • The app crashes immediately with a long list of core dump.
Details 
Launching lib/main.dart on macOS in debug mode...
Building macOS application...                                           
2024-01-23 16:36:04.924 Flutter Gallery[37199:82059411] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.
flutter: A message on the flutter/lifecycle channel was discarded before it could be handled.
This happens when a plugin sends messages to the framework side before the framework has had an opportunity to register a listener. See the ChannelBuffers API documentation for details on how to configure the channel to expect more messages, or to expect messages to get discarded:
  https://api.flutter.dev/flutter/dart-ui/ChannelBuffers-class.html
The capacity of the flutter/lifecycle channel is 1 message.
=================================================================
==37199==ERROR: AddressSanitizer: container-overflow on address 0x6110001a3640 at pc 0x00010d1402c6 bp 0x00030caf5400 sp 0x00030caf4bb0
READ of size 71 at 0x6110001a3640 thread T0
==37199==WARNING: Can't read from symbolizer at fd 14
==37199==WARNING: atos failed to symbolize address "0x10d1402c5"
==37199==WARNING: Can't write to symbolizer at fd 14
Syncing files to device macOS...                                    48ms

Flutter run key commands.

r Hot reload. 🔥🔥🔥

R Hot restart.

h List all available interactive commands.

d Detach (terminate "flutter run" but leave application running).

c Clear the screen

q Quit (terminate the application on the device).


A Dart VM Service on macOS is available at: http://127.0.0.1:54886/sI3ntKPL-Zw=/

==37199==WARNING: Can't read from symbolizer at fd 15

==37199==WARNING: atos failed to symbolize address "0x7ff81232fbc8"

==37199==WARNING: Can't write to symbolizer at fd 15

==37199==WARNING: Can't read from symbolizer at fd 16

==37199==WARNING: atos failed to symbolize address "0x127a67942"

==37199==WARNING: Can't write to symbolizer at fd 16

The Flutter DevTools debugger and profiler on macOS is available at: http://127.0.0.1:9101?uri=http://127.0.0.1:54886/sI3ntKPL-Zw=/

==37199==WARNING: Can't read from symbolizer at fd 17

==37199==WARNING: atos failed to symbolize address "0x127a6829e"

==37199==WARNING: Can't write to symbolizer at fd 17

==37199==WARNING: Failed to use and restart external symbolizer!

#0 0x10d1402c5 in memcpy+0x3f5 (/Users/tongmu/dev/engine/src/buildtools/mac-x64/clang/lib/clang/18/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x542c5)

#1 0x7ff81232fbc8 in -[NSConcreteMutableData appendBytes:length:]+0x1de (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x2abc8)

#2 0x127a67942 in FlutterStandardCodecHelperWriteBytes+0x32 (/Users/tongmu/dev/gallery/build/macos/Build/Products/Debug/Flutter Gallery.app/Contents/Frameworks/FlutterMacOS.framework/Versions/A/FlutterMacOS:x86_64+0x7ee8942)

#3 0x127a6829e in FlutterStandardCodecHelperWriteUTF8+0x4ee (/Users/tongmu/dev/gallery/build/macos/Build/Products/Debug/Flutter Gallery.app/Contents/Frameworks/FlutterMacOS.framework/Versions/A/FlutterMacOS:x86_64+0x7ee929e)

...

Cause:

  • The function used to encode strings, FlutterStandardCodecHelperWriteUTF8, deals generated strings differently from constant strings.
  • The process of encoding generated strings involves dumping the bytes to a bytebuffer hosted by a std::vector.
  • However, the vector is only .reserved. Although the buffer memory is safe to use, the size() is still 0, which is probably detected by the memory sanitizer.

Metadata

Metadata

Assignees

No one assigned

    Labels

    a: desktopRunning on desktopplatform-macBuilding on or for macOS specifically

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions