首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Google Chrome 21.0.1180.57 NULL Pointer
来源:heyder.andrade[at]gmail[dot]com 作者:Andrade 发布时间:2013-03-15  
---| overview

Vulnerability: Chrome Null Pointer in InspectDataSource::StartDataRequest
Date: 03/14/2012
Author: @HeyderAndrade (heyder.andrade[at]gmail[dot]com)
Chrome Version: =< 21.0.1180.57 stable
Operating System Tested: Win XP SP2, WIN7, Mac OS X 10.6.8 (10K549),Linux Ubuntu 12.04
Architecture: x86 and Amd64

---| steps will reproduce this crash

1. Open the browser and visit any site that has an SSL certificate signed by a CA not trusted.
an ssl error will be showed, DON'T click "proceed anayway".
2. Open a new tab and access chrome://inspect

ps. I believe it should work with any ssl error, but i tested only  with no valid CA error.

---| original OSX Crash Report

 Process:         Google Chrome [767]
 Path:            /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
 Identifier:      com.google.Chrome
 Version:         21.0.1180.57 (1180.57)
 Code Type:       X86 (Native)
 Parent Process:  launchd [158]

 Date/Time:       2012-08-08 22:53:09.442 -0300
 OS Version:      Mac OS X 10.6.8 (10K549)
 Report Version:  6

 Interval Since Last Report:          19713 sec
 Crashes Since Last Report:           1
 Per-App Interval Since Last Report:  19374 sec
 Per-App Crashes Since Last Report:   1
 Anonymous UUID:                      B5BA5F00-E166-4923-9393-E0FC63561975

 Exception Type:  EXC_BAD_ACCESS (SIGBUS)
 Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
 Crashed Thread:  0  CrBrowserMain  Dispatch queue: com.apple.main-thread

---| source code

This vulnerability lies in the function call DCHECK (line 118 of the inspect_ui.cc)
the render_process_host can be NULL.

 file:     browser/ui/webui/inspect_ui.cc
 line:     188
 function: DCHECK(render_process_host);

---| source code fix

if (!render_process_host->HasConnection())
  continue;


---| timeline of disclosure

- discovery vulnerability  		- Ago 08, 2012
- code.google.com report   	- Aug 15, 2012
- Chromium community fix   	- Oct 11, 2012
- This disclosure          			- Mar 14, 2013

---| references

https://chromiumcodereview.appspot.com/11066114/ (for some reason this issue was removed)
https://code.google.com/p/chromium/issues/detail?id=142979 (no public)


Starting program: /home/user/chrome-linux/chrome --debug https://caixa.gov.br
[Thread debugging using libthread_db enabled]
[New Thread 0xb2735b70 (LWP 10475)]
[New Thread 0xb1f34b70 (LWP 10476)]
[New Thread 0xb1733b70 (LWP 10477)]
[New Thread 0xb280db70 (LWP 10478)]
[New Thread 0xb0666b70 (LWP 10479)]
[New Thread 0xafe65b70 (LWP 10480)]
[New Thread 0xaf664b70 (LWP 10481)]
[New Thread 0xaee63b70 (LWP 10482)]
[New Thread 0xae662b70 (LWP 10483)]
[New Thread 0xade61b70 (LWP 10484)]
[New Thread 0xad660b70 (LWP 10485)]
[New Thread 0xace5fb70 (LWP 10486)]
[New Thread 0xace3eb70 (LWP 10487)]
[New Thread 0xace1db70 (LWP 10488)]
[New Thread 0xacdfcb70 (LWP 10489)]
[New Thread 0xac4eeb70 (LWP 10490)]
[Thread 0xac4eeb70 (LWP 10490) exited]
[New Thread 0xac4eeb70 (LWP 10491)]
[New Thread 0xab0fbb70 (LWP 10492)]
[New Thread 0xaa8fab70 (LWP 10497)]
[New Thread 0xaa0f9b70 (LWP 10498)]
[New Thread 0xa9282b70 (LWP 10515)]
[Thread 0xa9282b70 (LWP 10515) exited]
[New Thread 0xa97abb70 (LWP 10516)]
[New Thread 0xa978ab70 (LWP 10519)]
[New Thread 0xa9769b70 (LWP 10520)]

Program received signal SIGSEGV, Segmentation fault.
0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#0  0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#1  0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource::*)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) ()
#2  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#3  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#4  0xb498cc31 in MessageLoop::DoWork() ()
#5  0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) ()
#6  0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
#7  0xb498846e in MessageLoop::RunInternal() ()
#8  0xb49a4ae9 in base::RunLoop::Run() ()
#9  0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) ()
#10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() ()
#11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() ()
#12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) ()
#13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ()
#14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() ()
#15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ()
#16 0xb3fbe60b in ChromeMain ()
#17 0xb3fbe5c2 in main ()

Thread 25 (Thread 0xa9769b70 (LWP 10520)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 24 (Thread 0xa978ab70 (LWP 10519)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 23 (Thread 0xa97abb70 (LWP 10516)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 21 (Thread 0xaa0f9b70 (LWP 10498)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) ()
#4  0xb49bec19 in base::SequencedWorkerPool::Worker::Run() ()
#5  0xb49bf733 in base::SimpleThread::ThreadMain() ()
#6  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 20 (Thread 0xaa8fab70 (LWP 10497)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) ()
#3  0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#5  0xb498846e in MessageLoop::RunInternal() ()
#6  0xb49a4ae9 in base::RunLoop::Run() ()
#7  0xb498775e in MessageLoop::Run() ()
#8  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#9  0xb49bfa91 in base::Thread::ThreadMain() ()
#10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 19 (Thread 0xab0fbb70 (LWP 10492)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) ()
#4  0xb49bec19 in base::SequencedWorkerPool::Worker::Run() ()
#5  0xb49bf733 in base::SimpleThread::ThreadMain() ()
#6  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#7  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 18 (Thread 0xac4eeb70 (LWP 10491)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 16 (Thread 0xacdfcb70 (LWP 10489)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) ()
#3  0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#5  0xb498846e in MessageLoop::RunInternal() ()
#6  0xb49a4ae9 in base::RunLoop::Run() ()
#7  0xb498775e in MessageLoop::Run() ()
#8  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#9  0xb49bfa91 in base::Thread::ThreadMain() ()
#10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 15 (Thread 0xace1db70 (LWP 10488)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 14 (Thread 0xace3eb70 (LWP 10487)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 13 (Thread 0xace5fb70 (LWP 10486)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#3  0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2
#4  0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2
#5  0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2
#6  0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#7  0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2
#8  0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6
#9  0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) ()
#13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) ()
#14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) ()
#15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() ()
#16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 12 (Thread 0xad660b70 (LWP 10485)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb652797d in content::BrowserThreadImpl::IOThreadRun(MessageLoop*) ()
#11 0xb6529da3 in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 11 (Thread 0xade61b70 (LWP 10484)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527a1d in content::BrowserThreadImpl::CacheThreadRun(MessageLoop*) ()
#11 0xb6529db1 in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 10 (Thread 0xae662b70 (LWP 10483)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527abd in content::BrowserThreadImpl::ProcessLauncherThreadRun(MessageLoop*) ()
#11 0xb6529dbf in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 9 (Thread 0xaee63b70 (LWP 10482)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527b5d in content::BrowserThreadImpl::FileUserBlockingThreadRun(MessageLoop*) ()
#11 0xb6529dce in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 8 (Thread 0xaf664b70 (LWP 10481)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527bfd in content::BrowserThreadImpl::FileThreadRun(MessageLoop*) ()
#11 0xb6529dde in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 7 (Thread 0xafe65b70 (LWP 10480)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527c9d in content::BrowserThreadImpl::WebKitThreadRun(MessageLoop*) ()
#11 0xb6529dee in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 6 (Thread 0xb0666b70 (LWP 10479)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb6527d3d in content::BrowserThreadImpl::DBThreadRun(MessageLoop*) ()
#11 0xb6529dfe in content::BrowserThreadImpl::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 5 (Thread 0xb280db70 (LWP 10478)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3367f5b in read () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb4254037 in (anonymous namespace)::ShutdownDetector::ThreadMain() ()
#3  0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#4  0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#5  0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 4 (Thread 0xb1733b70 (LWP 10477)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb49b1d48 in base::ConditionVariable::Wait() ()
#3  0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) ()
#4  0xb49b3736 in base::WaitableEvent::Wait() ()
#5  0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb1f34b70 (LWP 10476)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f3d971 in select () from /lib/tls/i686/cmov/libc.so.6
#2  0xb497f952 in base::files::(anonymous namespace)::InotifyReaderCallback(base::files::(anonymous namespace)::InotifyReader*, int, int) ()
#3  0xb497cc19 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (*)(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int), void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>::Run(base::internal::BindStateBase*) ()
#4  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#5  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#6  0xb498cc31 in MessageLoop::DoWork() ()
#7  0xb498e06b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#8  0xb498846e in MessageLoop::RunInternal() ()
#9  0xb49a4ae9 in base::RunLoop::Run() ()
#10 0xb498775e in MessageLoop::Run() ()
#11 0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#12 0xb49bfa91 in base::Thread::ThreadMain() ()
#13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (Thread 0xb2735b70 (LWP 10475)):
#0  0xb3d80430 in __kernel_vsyscall ()
#1  0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6
#2  0xb49e6410 in epoll_wait ()
#3  0xb49e5e75 in epoll_dispatch ()
#4  0xb49e42a7 in event_base_loop ()
#5  0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#6  0xb498846e in MessageLoop::RunInternal() ()
#7  0xb49a4ae9 in base::RunLoop::Run() ()
#8  0xb498775e in MessageLoop::Run() ()
#9  0xb49bfbb9 in base::Thread::Run(MessageLoop*) ()
#10 0xb49bfa91 in base::Thread::ThreadMain() ()
#11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) ()
#12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb2977990 (LWP 10468)):
#0  0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) ()
#1  0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource::*)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) ()
#2  0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) ()
#3  0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) ()
#4  0xb498cc31 in MessageLoop::DoWork() ()
#5  0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) ()
#6  0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) ()
#7  0xb498846e in MessageLoop::RunInternal() ()
#8  0xb49a4ae9 in base::RunLoop::Run() ()
#9  0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) ()
#10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() ()
#11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() ()
#12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) ()
#13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) ()
#14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() ()
#15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) ()
#16 0xb3fbe60b in ChromeMain ()
#17 0xb3fbe5c2 in main ()
eax            0x4	4
ecx            0xb81187c0	-1206810688
edx            0x0	0
ebx            0xb8158ff4	-1206546444
esp            0xbfffdfa0	0xbfffdfa0
ebp            0xbfffe588	0xbfffe588
esi            0xbfffe4b0	-1073748816
edi            0xb8829880	-1199400832
eip            0xb40ea92b	0xb40ea92b <(anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int)+1899>
eflags         0x210286	[ PF SF IF RF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51
=> 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>:	mov    (%edx),%eax
   0xb40ea92d <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1901>:	mov    %edx,(%esp)
   0xb40ea930 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1904>:	call   *0x28(%eax)
   0xb40ea933 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1907>:	mov    %eax,-0x580(%ebp)
edx            0x0	0
eax            0x4	4
1: x/i $pc
=> 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>:	mov    (%edx),%eax

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Fedora Linux SOCK_DIAG Local R
·Nitro Pro 8.0.3.1 - Crash PoC
·Ruby Gem Curl Command Executio
·OpenPLI Webif Arbitrary Comman
·Ruby Gem Minimagic Command Exe
·Sami FTP Server LIST Command B
·Ruby Gem Fastreader 1.0.8 Comm
·Sami FTP Server 2.0.1 PUT Comm
·Linux Kernel 'SCTP_GET_ASSOC_S
·Cool PDF Image Stream Buffer O
·Microsoft Office PowerPoint 20
·BlazeVideo HDTV Player 6.6.0.2
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved