[tbb-bugs] #12418 [Applications/Tor Browser]: TBBs with UBSan create lots of errors when running

[Tor Bug Tracker & Wiki]

#12418: TBBs with UBSan create lots of errors when running
----------------------------------------+--------------------------
 Reporter:  gk                          |          Owner:  tbb-team
     Type:  defect                      |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:7 bugzilla]:
 > Maybe, it's better to start using UBSan on FF's components step by step
 (JS, NSS, etc).
 I'd start with the image decoders. I know of at least one 0day being
 traded actively which is exploitable in Tor Browser in the highest
 security setting, and none of the people who I trade with are going to
 report it (neither can I). But UBSan is very likely to mitigate it, if
 trapped to `ud2` with `-fsanitize-undefined-trap-on-error`, as well as
 others. After that, NSS is probably the most important, because it can't
 be turned off. JS has a huge surface area, but it can be disabled by the
 slider.

 If I have free time, I'll try building FF with the image decoders using
 UBSan, but I'd really rather it if someone else who's already testing this
 stuff out do it since I've been very busy with other things (I might take
 a while).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12418#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online