Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

AddressSanitizer: heap-use-after-free brave_shields::AdBlockRegionalServiceManager #21228

Closed
tmancey opened this issue Feb 22, 2022 · 1 comment
Closed

AddressSanitizer: heap-use-after-free brave_shields::AdBlockRegionalServiceManager #21228

tmancey opened this issue Feb 22, 2022 · 1 comment
Labels
asan ci-concern closed/duplicate Issue has already been reported crash OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. security

Comments

@tmancey
Copy link
Contributor

tmancey commented Feb 22, 2022
edited
Loading 

==11682==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500006c638 at pc 0x00013c9b8afd bp 0x7ff7b10ba850 sp 0x7ff7b10ba848
READ of size 8 at 0x61500006c638 thread T0
==11682==WARNING: Can't read from symbolizer at fd 14
==11682==WARNING: Can't read from symbolizer at fd 15
==11682==WARNING: Can't read from symbolizer at fd 16
==11682==WARNING: Can't read from symbolizer at fd 18
==11682==WARNING: Failed to use and restart external symbolizer!
    #0 0x13c9b8afc in base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*)+0x58c (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfadafc) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #1 0x13c9c16a6 in brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager()+0x66 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfb66a6) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x13c9c197d in brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager()+0xd (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfb697d) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x13c9dd7f5 in brave_shields::AdBlockService::~AdBlockService()+0x235 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd27f5) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x135b27bd3 in BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x523 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511cbd3) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x135b27eb4 in non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x14 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511ceb4) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #6 0x1353ed489 in browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode)+0x149 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x49e2489) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #7 0x13524abc7 in ChromeBrowserMainParts::PostDestroyThreads()+0x227 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483fbc7) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #8 0x14a098a16 in content::BrowserMainLoop::ShutdownThreadsAndCleanUp()+0xee6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c5a16) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #9 0x14a09d017 in content::BrowserMainRunnerImpl::Shutdown()+0x247 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12ca017) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #10 0x14a0905b0 in content::BrowserMain(content::MainFunctionParams)+0x3d0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd5b0) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #11 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #12 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #13 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #14 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #15 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #16 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #17 0x10ee42b95 in main+0x205 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/Brave Browser Development:x86_64+0x100000b95) (BuildId: 4c4c44c155553144a11a8117654cb1fc2400000010000000000b0a0000030b00)
    #18 0x1186084fd  (/usr/lib/dyld:x86_64+0x54fd) (BuildId: 7de33963bbc53996ba6ef1d562c17c9532000000200000000100000000020c00)

0x61500006c638 is located 312 bytes inside of 488-byte region [0x61500006c500,0x61500006c6e8)
freed by thread T0 here:
    #0 0x10f666b0d in __sanitizer_finish_switch_fiber+0x59d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56b0d) (BuildId: f396a7b221393301b8029d68c040e0e0240000001000000000070a0000010b00)
    #1 0x13c9dd6ed in brave_shields::AdBlockService::~AdBlockService()+0x12d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd26ed) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x135b27bd3 in BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x523 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511cbd3) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x135b27eb4 in non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x14 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511ceb4) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x1353ed489 in browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode)+0x149 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x49e2489) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x13524abc7 in ChromeBrowserMainParts::PostDestroyThreads()+0x227 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483fbc7) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #6 0x14a098a16 in content::BrowserMainLoop::ShutdownThreadsAndCleanUp()+0xee6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c5a16) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #7 0x14a09d017 in content::BrowserMainRunnerImpl::Shutdown()+0x247 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12ca017) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #8 0x14a0905b0 in content::BrowserMain(content::MainFunctionParams)+0x3d0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd5b0) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #9 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #10 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #11 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #12 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #13 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #14 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #15 0x10ee42b95 in main+0x205 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/Brave Browser Development:x86_64+0x100000b95) (BuildId: 4c4c44c155553144a11a8117654cb1fc2400000010000000000b0a0000030b00)
    #16 0x1186084fd  (/usr/lib/dyld:x86_64+0x54fd) (BuildId: 7de33963bbc53996ba6ef1d562c17c9532000000200000000100000000020c00)

previously allocated by thread T0 here:
    #0 0x10f6666ed in __sanitizer_finish_switch_fiber+0x17d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x566ed) (BuildId: f396a7b221393301b8029d68c040e0e0240000001000000000070a0000010b00)
    #1 0x13c9dd2b8 in brave_shields::AdBlockService::AdBlockService(PrefService*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >, component_updater::ComponentUpdateService*, scoped_refptr<base::SequencedTaskRunner>, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> >)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd22b8) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x135b2a938 in std::__Cr::__unique_if<brave_shields::AdBlockService>::__unique_single std::__Cr::make_unique<brave_shields::AdBlockService, PrefService*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, component_updater::ComponentUpdateService*, scoped_refptr<base::SequencedTaskRunner>&, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> > >(PrefService*&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, component_updater::ComponentUpdateService*&&, scoped_refptr<base::SequencedTaskRunner>&, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> >&&)+0x3b8 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511f938) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x135b2a341 in BraveBrowserProcessImpl::ad_block_service()+0x451 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511f341) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x135bc8e14 in brave_shields::AdBlockPrefServiceFactory::BuildServiceInstanceFor(content::BrowserContext*) const+0x64 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x51bde14) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x114fd84b8 in KeyedServiceFactory::GetServiceForContext(void*, bool)+0x2d8 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_core.dylib:x86_64+0x164b8) (BuildId: 4c4c443f55553144a1f6c2b0883e0e0f2400000010000000000b0a0000030b00)
    #6 0x114fd4b9d in DependencyManager::CreateContextServices(void*, bool)+0x33d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_core.dylib:x86_64+0x12b9d) (BuildId: 4c4c443f55553144a1f6c2b0883e0e0f2400000010000000000b0a0000030b00)
    #7 0x11793b540 in BrowserContextDependencyManager::CreateBrowserContextServices(content::BrowserContext*)+0x130 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_content.dylib:x86_64+0x3540) (BuildId: 4c4c445755553144a1a6858435feed392400000010000000000b0a0000030b00)
    #8 0x1359193c2 in ProfileImpl::OnLocaleReady(Profile::CreateMode)+0x112 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f0e3c2) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #9 0x13590fb8b in ProfileImpl::OnPrefsLoaded(Profile::CreateMode, bool)+0x11b (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f04b8b) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #10 0x13590e57b in ProfileImpl::ProfileImpl(base::FilePath const&, Profile::Delegate*, Profile::CreateMode, base::Time, scoped_refptr<base::SequencedTaskRunner>)+0x66b (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f0357b) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #11 0x13362d098 in BraveProfileImpl::BraveProfileImpl(base::FilePath const&, Profile::Delegate*, Profile::CreateMode, base::Time, scoped_refptr<base::SequencedTaskRunner>)+0x158 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x2c22098) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #12 0x135908a50 in Profile::CreateProfile(base::FilePath const&, Profile::Delegate*, Profile::CreateMode)+0x2b0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4efda50) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #13 0x1359282d6 in ProfileManager::CreateAndInitializeProfile(base::FilePath const&)+0x1f6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f1d2d6) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #14 0x135923c32 in ProfileManager::GetProfile(base::FilePath const&)+0x72 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f18c32) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #15 0x13b321b93 in GetStartupProfile(base::FilePath const&, base::CommandLine const&)+0x1e3 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xa916b93) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #16 0x1352493d1 in (anonymous namespace)::CreateInitialProfile(content::MainFunctionParams const&, base::FilePath const&, base::CommandLine const&)+0x2a1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483e3d1) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #17 0x13524604c in ChromeBrowserMainParts::PreMainMessageLoopRunImpl()+0x82c (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483b04c) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #18 0x13524561d in ChromeBrowserMainParts::PreMainMessageLoopRun()+0x5d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483a61d) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #19 0x14a09582d in content::BrowserMainLoop::PreMainMessageLoopRun()+0x13d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c282d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #20 0x14b8e8660 in content::StartupTaskRunner::RunAllTasksNow()+0x1c0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x2b15660) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #21 0x14a094d45 in content::BrowserMainLoop::CreateStartupTasks()+0x695 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c1d45) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #22 0x14a09bf4d in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams)+0x19d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c8f4d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #23 0x14a09052d in content::BrowserMain(content::MainFunctionParams)+0x34d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd52d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #24 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #25 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #26 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #27 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #28 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #29 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)

SUMMARY: AddressSanitizer: heap-use-after-free (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfadafc) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00) in base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*)+0x58c
Shadow bytes around the buggy address:
  0x1c2a0000d870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d880: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x1c2a0000d890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2a0000d8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d8b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c2a0000d8c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
  0x1c2a0000d8d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x1c2a0000d8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2a0000d8f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11682==ABORTING
Received signal 6
0   libbase.dylib                       0x00000001112120a9 base::debug::CollectStackTrace(void**, unsigned long) + 9
1   libbase.dylib                       0x0000000110df7363 base::debug::StackTrace::StackTrace() + 19
2   libbase.dylib                       0x0000000111211a7b base::debug::(anonymous namespace)::StackDumpSignalHandler(int, __siginfo*, void*) + 2891
3   libsystem_platform.dylib            0x00007ff81312fe2d _sigtramp + 29
4   ???                                 0x00007ff7b10b9230 0x0 + 140701803975216
5   libsystem_c.dylib                   0x00007ff813066d10 abort + 123
6   libclang_rt.asan_osx_dynamic.dylib  0x000000010f67c586 __sanitizer_sandbox_on_notify + 998
7   libclang_rt.asan_osx_dynamic.dylib  0x000000010f67bcf4 __sanitizer_on_print + 24084
8   libclang_rt.asan_osx_dynamic.dylib  0x000000010f65fc47 __asan_on_error + 1559
9   libclang_rt.asan_osx_dynamic.dylib  0x000000010f65eedf __asan_unpoison_intra_object_redzone + 15087
10  libclang_rt.asan_osx_dynamic.dylib  0x000000010f6601f8 __asan_report_load8 + 40
11  libchrome_dll.dylib                 0x000000013c9b8afd base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*) + 1421
12  libchrome_dll.dylib                 0x000000013c9c16a7 brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager() + 103
13  libchrome_dll.dylib                 0x000000013c9c197e brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager() + 14
14  libchrome_dll.dylib                 0x000000013c9dd7f6 brave_shields::AdBlockService::~AdBlockService() + 566
15  libchrome_dll.dylib                 0x0000000135b27bd4 BraveBrowserProcessImpl::~BraveBrowserProcessImpl() + 1316
16  libchrome_dll.dylib                 0x0000000135b27eb5 non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl() + 21
17  libchrome_dll.dylib                 0x00000001353ed48a browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode) + 330
18  libchrome_dll.dylib                 0x000000013524abc8 ChromeBrowserMainParts::PostDestroyThreads() + 552
19  libcontent.dylib                    0x000000014a098a17 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() + 3815
20  libcontent.dylib                    0x000000014a09d018 content::BrowserMainRunnerImpl::Shutdown() + 584
21  libcontent.dylib                    0x000000014a0905b1 content::BrowserMain(content::MainFunctionParams) + 977
22  libcontent.dylib                    0x000000014cc09a82 content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*) + 690
23  libcontent.dylib                    0x000000014cc0d3df content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool) + 3183
24  libcontent.dylib                    0x000000014cc0c4e7 content::ContentMainRunnerImpl::Run() + 1175
25  libcontent.dylib                    0x000000014cc06629 content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) + 1337
26  libcontent.dylib                    0x000000014cc08762 content::ContentMain(content::ContentMainParams) + 242
27  libchrome_dll.dylib                 0x0000000130a14169 ChromeMain + 585
28  Brave Browser Development           0x000000010ee42b96 main + 518
29  dyld                                0x00000001186084fe start + 462
[end of stack trace]
[0222/123518.526643:WARNING:crash_report_exception_handler.cc(235)] UniversalExceptionRaise: (os/kern) failure (5)

Crash occurred after quitting browser
@rebron rebron added the priority/P2 A bad problem. We might uplift this to the next planned release. label Mar 4, 2022
@iefremov
Copy link
Contributor

This is fixed in https://github.com/brave/internal/issues/854

@iefremov iefremov added the closed/duplicate Issue has already been reported label May 18, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
asan ci-concern closed/duplicate Issue has already been reported crash OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@diracdeltas @wknapik @tmancey @iefremov @rebron