[Bug][Desktop] Crash on ASAN build when initializing firebase #1796
Description
[REQUIRED] Please fill in the following fields:
- Pre-built SDK from the website or open-source from this repo: https://dl.google.com/firebase/sdk/cpp/firebase_cpp_sdk_12.8.0.zip
- Firebase C++ SDK version: 12.8.0
- Problematic Firebase Component: Firebase App
- Other Firebase Components in use: Firebase App
- Platform you are using the C++ SDK on: Windows
- Platform you are targeting: desktop
[REQUIRED] Please describe the issue here:
(Please list the full steps to reproduce the issue. Include device logs, Unity logs, and stack traces if available.)
Steps to reproduce:
What's the issue repro rate? 100%
Crash log:
=================================================================
==13208==ERROR: AddressSanitizer: container-overflow on address 0x08e2f39c at pc 0x00dd0a6b bp 0x173ff8e8 sp 0x173ff8dc
READ of size 4 at 0x08e2f39c thread T25
==13208==*** WARNING: Failed to initialize DbgHelp! ***
==13208==*** Most likely this means that the app is already ***
==13208==*** using DbgHelp, possibly with incompatible flags. ***
==13208==*** Due to technical reasons, symbolization might crash ***
==13208==*** or produce wrong results. ***
#0 0x00dd0a6a in std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xstring:453
#1 0x00de158c in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Take_contents C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xstring:1297
#2 0x00ddc611 in std::basic_string<char,std::char_traits<char>,std::allocator<char> >::basic_string<char,std::char_traits<char>,std::allocator<char> > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xstring:1030
#3 0x00ddab01 in std::_Uninitialized_backout_al<std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >::_Emplace_back<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xmemory:1844
#4 0x00ddb530 in std::_Uninitialized_move<std::basic_string<char,std::char_traits<char>,std::allocator<char> > *,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xmemory:1999
#5 0x00f24c23 in std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >::_Emplace_reallocate<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\vector:915
#6 0x027cdd9d in firebase::heartbeat::HeartbeatStorageDesktop::LoggedHeartbeatsFromFlatbuffer+0x3ad (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8dd9d)
#7 0x027ce5ef in firebase::heartbeat::HeartbeatStorageDesktop::ReadTo+0x24f (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8e5ef)
#8 0x027c87fd in std::map<firebase::Variant,firebase::Variant,std::less<firebase::Variant>,std::allocator<std::pair<firebase::Variant const ,firebase::Variant> > >::operator[]+0x37d (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f887fd)
#9 0x027cf7f9 in firebase::scheduler::Scheduler::WorkerThreadRoutine+0x1c9 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8f7f9)
#10 0x027d55ed in std::thread::_Invoke<std::tuple<void (__cdecl*)(void *),void *>,0,1>+0xd (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f955ed)
#11 0x0431afe4 in thread_start<unsigned int (__stdcall*)(void *),1> minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97
#12 0x6175bbe5 in _sanitizer_start_switch_fiber+0x12f5 (E:\Work\DML\trunk\build\Win32\clang_rt.asan_dynamic-i386.dll+0x1004bbe5)
#13 0x758f7ba8 in BaseThreadInitThunk+0x18 (C:\Windows\System32\KERNEL32.DLL+0x6b817ba8)
#14 0x779cc3aa in RtlInitializeExceptionChain+0x6a (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec3aa)
#15 0x779cc32e in RtlClearBits+0xbe (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec32e)
0x08e2f39c is located 140 bytes inside of 144-byte region [0x08e2f310,0x08e2f3a0)
allocated by thread T25 here:
#0 0x042fe1f9 in operator new D:\a\_work\1\s\src\vctools\asan\llvm\compiler-rt\lib\asan\asan_win_new_scalar_thunk.cpp:40
#1 0x00dceb11 in std::_Allocate<8,std::_Default_allocate_traits> C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xmemory:256
#2 0x00de19b8 in std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > >::allocate C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xmemory:990
#3 0x00dda859 in std::_Allocate_at_least_helper<std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xmemory:2303
#4 0x00f24b44 in std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >::_Emplace_reallocate<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\vector:894
#5 0x027cdd9d in firebase::heartbeat::HeartbeatStorageDesktop::LoggedHeartbeatsFromFlatbuffer+0x3ad (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8dd9d)
#6 0x027ce5ef in firebase::heartbeat::HeartbeatStorageDesktop::ReadTo+0x24f (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8e5ef)
#7 0x027c87fd in std::map<firebase::Variant,firebase::Variant,std::less<firebase::Variant>,std::allocator<std::pair<firebase::Variant const ,firebase::Variant> > >::operator[]+0x37d (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f887fd)
#8 0x027cf7f9 in firebase::scheduler::Scheduler::WorkerThreadRoutine+0x1c9 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8f7f9)
#9 0x027d55ed in std::thread::_Invoke<std::tuple<void (__cdecl*)(void *),void *>,0,1>+0xd (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f955ed)
#10 0x0431afe4 in thread_start<unsigned int (__stdcall*)(void *),1> minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:97
#11 0x6175bbe5 in _sanitizer_start_switch_fiber+0x12f5 (E:\Work\DML\trunk\build\Win32\clang_rt.asan_dynamic-i386.dll+0x1004bbe5)
#12 0x758f7ba8 in BaseThreadInitThunk+0x18 (C:\Windows\System32\KERNEL32.DLL+0x6b817ba8)
#13 0x779cc3aa in RtlInitializeExceptionChain+0x6a (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec3aa)
#14 0x779cc32e in RtlClearBits+0xbe (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec32e)
Thread T25 created by T0 here:
#0 0x6175bebf in CreateThread+0x7f (E:\Work\DML\trunk\build\Win32\clang_rt.asan_dynamic-i386.dll+0x1004bebf)
#1 0x0431b137 in _beginthreadex minkernel\crts\ucrt\src\appcrt\startup\thread.cpp:209
#2 0x027d56a8 in firebase::Thread::Thread+0x38 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f956a8)
#3 0x027cf48b in firebase::scheduler::Scheduler::Schedule+0x3b (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8f48b)
#4 0x027cf446 in firebase::scheduler::Scheduler::Schedule+0x56 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8f446)
#5 0x027ca255 in firebase::heartbeat::HeartbeatController::LogHeartbeat+0x35 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f8a255)
#6 0x027918e0 in firebase::App::Create+0x430 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f518e0)
#7 0x027914a0 in firebase::App::Create+0x10 (E:\Work\DML\trunk\build\Win32\DML_Client_x86_asan.exe+0x1f514a0)
#8 0x02142d5b in InitializeFirebase E:\Work\DML\trunk\src\Modules\Firebase\FirebaseModule.cpp:55
#9 0x0215534b in gll::Game::Init E:\Work\DML\trunk\src\Modules\GLLegacy\GLLegacyGame.cpp:684
#10 0x00e018d2 in gll::Application::Update E:\Work\DML\trunk\src\BUD_Utils\Modules\GLLegacy\Application.cpp:457
#11 0x00e01b8f in gll::Application::Update E:\Work\DML\trunk\src\BUD_Utils\Modules\GLLegacy\Application.cpp:389
#12 0x027f9926 in glf::App::RunWithResult E:\Work\DML\trunk\Externals\glf\source\app\app.cpp:791
#13 0x027f89d7 in glf::Main E:\Work\DML\trunk\Externals\glf\source\app\app_win32_.hpp:1266
#14 0x042fea63 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#15 0x758f7ba8 in BaseThreadInitThunk+0x18 (C:\Windows\System32\KERNEL32.DLL+0x6b817ba8)
#16 0x779cc3aa in RtlInitializeExceptionChain+0x6a (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec3aa)
#17 0x779cc32e in RtlClearBits+0xbe (C:\Windows\SYSTEM32\ntdll.dll+0x4b2ec32e)
HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.44.35207\include\xstring:453 in std::_String_val<std::_Simple_types<char> >::_Large_mode_engaged
Shadow bytes around the buggy address:
0x08e2f100: 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 00 00
0x08e2f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04
0x08e2f200: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x08e2f280: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
0x08e2f300: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x08e2f380: 00 fc fc[fc]fa fa fa fa fa fa fa fa fa fa fa fa
0x08e2f400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08e2f480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08e2f500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08e2f580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x08e2f600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Stats: 141M malloced (5M for red zones) by 137626 calls
Stats: 0M realloced by 328 calls
Stats: 101M freed by 141967 calls
Stats: 0M really freed by 0 calls
Stats: 186M (186M-0M) mmaped; 187 maps, 0 unmaps
mallocs by size class: 2:26084; 3:39155; 4:11288; 6:22464; 7:2658; 8:1108; 11:849; 12:1574; 13:1188; 14:440; 15:671; 16:6136; 17:1616; 18:1090; 19:710; 20:5097; 21:5065; 22:1252; 23:1091; 24:496; 25:553; 26:595; 27:339; 28:229; 29:4867; GLOTv3_LibVersion_19.0.330:52; 31:41; 32:18; 33:147; 34:16; 35:111; 36:16; 37:66; 38:9; 39:29; 40:21; 41:27; 42:230; 43:10; 44:4; 45:69; 46:4; 47:8; 48:3; 49:12; 50:4; 51:9;
Stats: malloc large: 106
Stats: StackDepot: 24617 ids; 5M allocated
Stats: LargeMmapAllocator: allocated 108 times, remains 108 (108124 K) max 105 M; by size logs: 17:58; 18:14; 19:18; 20:8; 21:6; 22:2; 23:1; 24:1;
Quarantine limits: global: 256Mb; thread local: 256Kb
Global quarantine stats: batches: 132; bytes: 53046390 (user: 52505718); chunks: 69807 (capacity: 134772); 51% chunks used; 1% memory overhead
==13208==ABORTING
Relevant Code:
const char* desktopSettingsFileName = "google-services-desktop.json";
Json::Value root;
std::string content;
if (File::LoadContent(desktopSettingsFileName, content) && Json::Reader().parse(content, root))
{
firebase::AppOptions options{};
firebase::AppOptions::LoadFromJsonConfig(content.c_str(), &options);
firebaseApp.reset(firebase::App::Create(options));
}