Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ffpuppet does not work with older version of Firefox #65

Closed
ZihanYe opened this issue Jan 1, 2020 · 6 comments
Closed

ffpuppet does not work with older version of Firefox #65

ZihanYe opened this issue Jan 1, 2020 · 6 comments

Comments

@ZihanYe
Copy link

ZihanYe commented Jan 1, 2020
edited
Loading

I have build Firefox 57.0 and Firefox 63.0.3 (with ASAN) by myself. Running python -m ffpuppet ../../firefox-57.0/objdir-ff-asan/dist/bin/firefox -p $CODE/browsers/prefs.js -d -u /home/ug16zy2/test.html -v --xvfb --log ./out/ gives:

I ffpuppet [2020-01-01 19:55:44] Launching Firefox...
D ffpuppet [2020-01-01 19:55:44] requested location: '/home/ug16zy2/test.html'
D ffpuppet [2020-01-01 19:55:44] launch timeout: 300
D ffpuppet [2020-01-01 19:55:44] profile directory: '/tmp/ffprof_VspYuS'
D ffpuppet [2020-01-01 19:55:44] using prefs.js: '/home/ug16zy2/fuzz/browsers/prefs.js'
D ffpuppet [2020-01-01 19:55:44] launch command: '/home/ug16zy2/firefox-57.0/objdir-ff-asan/dist/bin/firefox -no-remote -profile /tmp/ffprof_VspYuS http://127.0.0.1:46027'
D ffpuppet [2020-01-01 19:55:44] launched firefox with pid: 21507
D ffpuppet [2020-01-01 19:55:48] crash report found
I ffpuppet [2020-01-01 19:55:48] Shutting down...
D ffpuppet [2020-01-01 19:55:48] close(force_close=False) called
D ffpuppet [2020-01-01 19:55:48] browser pid: 21507
D ffpuppet [2020-01-01 19:55:48] 1 crash report(s) are available
D ffpuppet [2020-01-01 19:55:53] reviewing 0 check(s)
D ffpuppet [2020-01-01 19:55:53] scan_path '/tmp/ffprof_VspYuS/minidumps' does not exist
D ffpuppet [2020-01-01 19:55:53] exit reason code 'ALERT'
I ffpuppet [2020-01-01 19:55:53] Firefox process is closed. (Reason: 'ALERT')
I ffpuppet [2020-01-01 19:55:53] Saving logs to '/home/ug16zy2/fuzz/ffpuppet/out'
D ffpuppet [2020-01-01 19:55:53] save_logs() called, dest='./out/', logs_only=False, meta=False
I ffpuppet [2020-01-01 19:55:53] Displaying logs...

and the ASAN log is:

=== Dumping 'log_ffp_asan_21493.log.21507.txt' (1.83KB)
==21507==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f9c17e13646 bp 0x7fffd3f6b340 sp 0x7fffd3f6aab8 T0)
==21507==The signal is caused by a READ memory access.
==21507==Hint: address points to the zero page.
#0 0x7f9c17e13645 (/lib/x86_64-linux-gnu/libc.so.6+0xb1645)
#1 0x7f9c18ef7146 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x42146)
#2 0x7f9c11652660 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x39660)
#3 0x7f9c11652806 in g_dgettext (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x39806)
#4 0x7f9c144f13ae in gtk_get_option_group (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x22f3ae)
#5 0x7f9c144f15fb in gtk_parse_args (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x22f5fb)
#6 0x7f9bfb69192f in XREMain::XRE_mainStartup(bool*) /home/ug16zy2/firefox-57.0/toolkit/xre/nsAppRunner.cpp:3911
#7 0x7f9bfb698931 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ug16zy2/firefox-57.0/toolkit/xre/nsAppRunner.cpp:4852
#8 0x7f9bfb699030 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ug16zy2/firefox-57.0/toolkit/xre/nsAppRunner.cpp:4962
#9 0x7f9bfb6c3d6d in mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) /home/ug16zy2/firefox-57.0/toolkit/xre/Bootstrap.cpp:45
#10 0x55fa5cd415df in do_main /home/ug16zy2/firefox-57.0/browser/app/nsBrowserApp.cpp:236
#11 0x55fa5cd41c87 in main /home/ug16zy2/firefox-57.0/browser/app/nsBrowserApp.cpp:309
#12 0x7f9c17d83b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#13 0x55fa5cd408d9 in _start (/home/ug16zy2/firefox-57.0/objdir-ff-asan/dist/bin/firefox+0x3e8d9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0xb1645)
==21507==ABORTING

When I run FFPuppet with /usr/bin/firefox, it works fine and Firefox instance pops up with the input HTML file.

Does FFPuppet support older version of Firefox?
@ZihanYe ZihanYe changed the title ffpuppt does not work with older version of Firefox ffpuppet does not work with older version of Firefox Jan 1, 2020
@pyoor
Copy link
Collaborator

pyoor commented Jan 2, 2020
edited
Loading

My guess is that it's due to the prefs you're using. Can you try either excluding the prefs altogether or using the prefs here.

@ZihanYe
Copy link
Author

ZihanYe commented Jan 2, 2020

My guess is that it's due to the prefs you're using. Can you try either excluding the prefs altogether or using the prefs here.

I used the prefs in your link: python -m ffpuppet ../firefox-63.0.3/objdir-ff-asan/dist/bin/firefox -p /home/ug16zy2/fuzz/browsers/prefs-default-e10s.js -d -u /home/ug16zy2/test.html --xvfb -v

It still gives the same error.
BTW, after dumping the ASAN report, it shows:

[ffpuppet] Launch command: /home/ug16zy2/firefox-63.0.3/objdir-ff-asan/dist/bin/firefox -no-remote -profile /tmp/ffprof_CBjT5n http://127.0.0.1:10552
ASAN:DEADLYSIGNAL
[ffpuppet] Reason code: ALERT
D ffpuppet [2020-01-02 22:33:28] clean_up() called
D ffpuppet [2020-01-02 22:33:28] close(force_close=True) called
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/home/ug16zy2/.local/lib/python2.7/site-packages/ffpuppet/main.py", line 9, in
main()
File "/home/ug16zy2/.local/lib/python2.7/site-packages/ffpuppet/main.py", line 203, in main
extension=args.extension)
File "/home/ug16zy2/.local/lib/python2.7/site-packages/ffpuppet/core.py", line 632, in launch
bootstrapper.wait(self.is_healthy, timeout=launch_timeout, url=location)
File "/home/ug16zy2/.local/lib/python2.7/site-packages/ffpuppet/helpers.py", line 137, in wait
raise BrowserTerminatedError("Failure during browser startup")
ffpuppet.exceptions.BrowserTerminatedError: Failure during browser startup

@pyoor
Copy link
Collaborator

pyoor commented Jan 3, 2020

Can I ask where you got that build from? Or did you build it yourself.

@ZihanYe
Copy link
Author

ZihanYe commented Jan 4, 2020
edited
Loading

Can I ask where you got that build from? Or did you build it yourself.

I got the source code from https://ftp.mozilla.org/pub/firefox/releases/63.0.3/source/ (because for exploiting a particular vulnerability I need this specific version of Firefox), then configured mozconfig for an ASAN build and followed the instructions in https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_build/Linux_and_MacOS_build_preparation.

@pyoor
Copy link
Collaborator

pyoor commented Jan 6, 2020

I haven't tried specifically with 57 or 63 but using the earliest release available on Taskcluster (64.0), I'm unable to reproduce.

https://tools.taskcluster.net/index/gecko.v2.mozilla-release.pushdate.2019.01.08.20190108160530.firefox/linux64-asan-opt

I suspect it's either something with your build or the prefs. Can you try rerunning without specifying a prefs file. If that still doesn't work, can you rerun with the DEBUG=1 env variable and post those results here.

@ZihanYe
Copy link
Author

ZihanYe commented Jan 27, 2020

@pyoor , I have checked again. Whether it is working or not indeed depends on my build of Firefox. Although I haven't found out why ffpuppet des not work with some of my builds, there are working ones.

@ZihanYe ZihanYe closed this as completed Jan 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pyoor @ZihanYe