Jump to content
Nytro

Google Chrome 21.0.1180.57 NULL Pointer

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Google Chrome 21.0.1180.57 NULL Pointer

Authored by Heyder Andrade

Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.

---| overview

Vulnerability: Chrome Null Pointer in InspectDataSource::StartDataRequest
Date: 03/14/2012
Author: @HeyderAndrade (heyder.andrade[at]gmail[dot]com)
Chrome Version: =< 21.0.1180.57 stable
Operating System Tested: Win XP SP2, WIN7, Mac OS X 10.6.8 (10K549),Linux Ubuntu 12.04
Architecture: x86 and Amd64

---| steps will reproduce this crash

1. Open the browser and visit any site that has an SSL certificate signed by a CA not trusted.
an ssl error will be showed, DON'T click "proceed anayway".
2. Open a new tab and access chrome://inspect

ps. I believe it should work with any ssl error, but i tested only  with no valid CA error.

---| original OSX Crash Report

 Process:         Google Chrome [767]
 Path:            /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
 Identifier:      com.google.Chrome
 Version:         21.0.1180.57 (1180.57)
 Code Type:       X86 (Native)
 Parent Process:  launchd [158]

 Date/Time:       2012-08-08 22:53:09.442 -0300
 OS Version:      Mac OS X 10.6.8 (10K549)
 Report Version:  6

 Interval Since Last Report:          19713 sec
 Crashes Since Last Report:           1
 Per-App Interval Since Last Report:  19374 sec
 Per-App Crashes Since Last Report:   1
 Anonymous UUID:                      B5BA5F00-E166-4923-9393-E0FC63561975

 Exception Type:  EXC_BAD_ACCESS (SIGBUS)
 Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
 Crashed Thread:  0  CrBrowserMain  Dispatch queue: com.apple.main-thread

---| source code

This vulnerability lies in the function call DCHECK (line 118 of the inspect_ui.cc)
the render_process_host can be NULL.

 file:     browser/ui/webui/inspect_ui.cc
 line:     188
 function: DCHECK(render_process_host);

---| source code fix

if (!render_process_host->HasConnection())
  continue;


---| timeline of disclosure

- discovery vulnerability      - Ago 08, 2012
- code.google.com report     - Aug 15, 2012
- Chromium community fix     - Oct 11, 2012
- This disclosure                - Mar 14, 2013

---| references

https://chromiumcodereview.appspot.com/11066114/ (for some reason this issue was removed)
https://code.google.com/p/chromium/issues/detail?id=142979 (no public)


Starting program: /home/user/chrome-linux/chrome --debug https://caixa.gov.br
[Thread debugging using libthread_db enabled]
[New Thread 0xb2735b70 (LWP 10475)]
[New Thread 0xb1f34b70 (LWP 10476)]
[New Thread 0xb1733b70 (LWP 10477)]
[New Thread 0xb280db70 (LWP 10478)]
[New Thread 0xb0666b70 (LWP 10479)]
[New Thread 0xafe65b70 (LWP 10480)]
[New Thread 0xaf664b70 (LWP 10481)]
[New Thread 0xaee63b70 (LWP 10482)]
[New Thread 0xae662b70 (LWP 10483)]
[New Thread 0xade61b70 (LWP 10484)]
[New Thread 0xad660b70 (LWP 10485)]
[New Thread 0xace5fb70 (LWP 10486)]
[New Thread 0xace3eb70 (LWP 10487)]
[New Thread 0xace1db70 (LWP 10488)]
[New Thread 0xacdfcb70 (LWP 10489)]
[New Thread 0xac4eeb70 (LWP 10490)]
[Thread 0xac4eeb70 (LWP 10490) exited]
[New Thread 0xac4eeb70 (LWP 10491)]
[New Thread 0xab0fbb70 (LWP 10492)]
[New Thread 0xaa8fab70 (LWP 10497)]
[New Thread 0xaa0f9b70 (LWP 10498)]
[New Thread 0xa9282b70 (LWP 10515)]
[Thread 0xa9282b70 (LWP 10515) exited]
[New Thread 0xa97abb70 (LWP 10516)]
[New Thread 0xa978ab70 (LWP 10519)]
[New Thread 0xa9769b70 (LWP 10520)]

Program received signal SIGSEGV, Segmentation fault.
0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#0  0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#1  0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource:)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) ()
#2  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#3  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#4  0xb498cc31 in MessageLoop::DoWork() ()
#5  0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) ()
#6  0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
#7  0xb498846e in MessageLoop::RunInternal() ()
#8  0xb49a4ae9 in base::RunLoop::Run() ()
#9  0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) ()
#10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() ()
#11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() ()
#12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) ()
#13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ()
#14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() ()
#15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ()
#16 0xb3fbe60b in ChromeMain ()
#17 0xb3fbe5c2 in main ()

Thread 25 (Thread 0xa9769b70 (LWP 10520)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 24 (Thread 0xa978ab70 (LWP 10519)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 23 (Thread 0xa97abb70 (LWP 10516)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 21 (Thread 0xaa0f9b70 (LWP 10498)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) ()
#4  0xb49bec19 in base::SequencedWorkerPool::Worker::Run() ()
#5  0xb49bf733 in base::SimpleThread::ThreadMain() ()
#6  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 20 (Thread 0xaa8fab70 (LWP 10497)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) ()
#3  0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#5  0xb498846e in MessageLoop::RunInternal() ()
#6  0xb49a4ae9 in base::RunLoop::Run() ()
#7  0xb498775e in MessageLoop::Run() ()
#8  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#9  0xb49bfa91 in base::Thread::ThreadMain() ()
#10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 19 (Thread 0xab0fbb70 (LWP 10492)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) ()
#4  0xb49bec19 in base::SequencedWorkerPool::Worker::Run() ()
#5  0xb49bf733 in base::SimpleThread::ThreadMain() ()
#6  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 18 (Thread 0xac4eeb70 (LWP 10491)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 16 (Thread 0xacdfcb70 (LWP 10489)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) ()
#3  0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#5  0xb498846e in MessageLoop::RunInternal() ()
#6  0xb49a4ae9 in base::RunLoop::Run() ()
#7  0xb498775e in MessageLoop::Run() ()
#8  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#9  0xb49bfa91 in base::Thread::ThreadMain() ()
#10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 15 (Thread 0xace1db70 (LWP 10488)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 14 (Thread 0xace3eb70 (LWP 10487)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 13 (Thread 0xace5fb70 (LWP 10486)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask:)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 12 (Thread 0xad660b70 (LWP 10485)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb652797d in content::BrowserThreadImpl::IOThreadRun(MessageLoop*) ()
#11 0xb6529da3 in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 11 (Thread 0xade61b70 (LWP 10484)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527a1d in content::BrowserThreadImpl::CacheThreadRun(MessageLoop*) ()
#11 0xb6529db1 in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 10 (Thread 0xae662b70 (LWP 10483)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527abd in content::BrowserThreadImpl::ProcessLauncherThreadRun(MessageLoop*) ()
#11 0xb6529dbf in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 9 (Thread 0xaee63b70 (LWP 10482)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527b5d in content::BrowserThreadImpl::FileUserBlockingThreadRun(MessageLoop*) ()
#11 0xb6529dce in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 8 (Thread 0xaf664b70 (LWP 10481)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527bfd in content::BrowserThreadImpl::FileThreadRun(MessageLoop*) ()
#11 0xb6529dde in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 7 (Thread 0xafe65b70 (LWP 10480)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527c9d in content::BrowserThreadImpl::WebKitThreadRun(MessageLoop*) ()
#11 0xb6529dee in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 6 (Thread 0xb0666b70 (LWP 10479)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527d3d in content::BrowserThreadImpl::DBThreadRun(MessageLoop*) ()
#11 0xb6529dfe in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xb280db70 (LWP 10478)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3367f5b in read () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb4254037 in (anonymous namespace)::ShutdownDetector::ThreadMain() ()
#3  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#4  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#5  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xb1733b70 (LWP 10477)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb1f34b70 (LWP 10476)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f3d971 in select () from /lib/tls/i686/cmov/libc.so.6
#2  0xb497f952 in base::files::(anonymous namespace)::InotifyReaderCallback(base::files::(anonymous namespace)::InotifyReader*, int, int) ()
#3  0xb497cc19 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int), void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>::Run(base::internal::BindStateBase*) ()
#4  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#5  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#6  0xb498cc31 in MessageLoop::DoWork() ()
#7  0xb498e06b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#8  0xb498846e in MessageLoop::RunInternal() ()
#9  0xb49a4ae9 in base::RunLoop::Run() ()
#10 0xb498775e in MessageLoop::Run() ()
#11 0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (Thread 0xb2735b70 (LWP 10475)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb2977990 (LWP 10468)):
#0  0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#1  0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource:)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) ()
#2  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#3  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#4  0xb498cc31 in MessageLoop::DoWork() ()
#5  0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) ()
#6  0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
#7  0xb498846e in MessageLoop::RunInternal() ()
#8  0xb49a4ae9 in base::RunLoop::Run() ()
#9  0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) ()
#10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() ()
#11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() ()
#12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) ()
#13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ()
#14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() ()
#15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ()
#16 0xb3fbe60b in ChromeMain ()
#17 0xb3fbe5c2 in main ()
eax            0x4  4
ecx            0xb81187c0  -1206810688
edx            0x0  0
ebx            0xb8158ff4  -1206546444
esp            0xbfffdfa0  0xbfffdfa0
ebp            0xbfffe588  0xbfffe588
esi            0xbfffe4b0  -1073748816
edi            0xb8829880  -1199400832
eip            0xb40ea92b  0xb40ea92b <(anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int)+1899>
eflags         0x210286  [ PF SF IF RF ID ]
cs             0x73  115
ss             0x7b  123
ds             0x7b  123
es             0x7b  123
fs             0x0  0
gs             0x33  51
=> 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>:  mov    (%edx),%eax
   0xb40ea92d <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1901>:  mov    %edx,(%esp)
   0xb40ea930 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1904>:  call   *0x28(%eax)
   0xb40ea933 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1907>:  mov    %eax,-0x580(%ebp)
edx            0x0  0
eax            0x4  4
1: x/i $pc
=> 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>:  mov    (%edx),%eax

Sursa: Google Chrome 21.0.1180.57 NULL Pointer ? Packet Storm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...