Re: Trying to crack the Firefox crashing issue

To: debian-powerpc@lists.debian.org
Subject: Re: Trying to crack the Firefox crashing issue
From: Damien Stewart <hypexed@yahoo.com.au>
Date: Mon, 12 May 2025 01:00:10 +1000
Message-id: <[🔎] 937802b2-d9ec-4c50-ad80-a6f67f614fe4@yahoo.com.au>
In-reply-to: <[🔎] e077de0a-9e3a-4904-8a44-dd3ac39a920e@yahoo.com.au>
References: <580988e1-ff10-4379-b729-cf92afa8869b.ref@yahoo.com.au> <[🔎] 580988e1-ff10-4379-b729-cf92afa8869b@yahoo.com.au> <[🔎] dc9ec10b0315964f0447319377a9b1ce4b7ef0b5.camel@physik.fu-berlin.de> <[🔎] e077de0a-9e3a-4904-8a44-dd3ac39a920e@yahoo.com.au>

On 11/5/25 1:20 am, Damien Stewart wrote:

Comparing with var_p0=var_p0@entry=262000 and var_p1=2016478208 p1looks corrupted. There could some possibility of endian corruption. Ireversed it and got $41578 or 267640 which is within range of 262000in p0. Why p0 looks fine only p1 doesn't I don't know. Being registerbased means PPC has less chance of endian errors if registers are usedto pass parameters. So if a code block could pass all generic data inregisters, process it natively, then return result in registers, therewould be less chance of endian errors. I've also read originally WASMwas endian agnostic or processed in the native endian of host CPU, andwas designed that way, but later they decided to change it to be nonportable and hack it to be little endian only because that's defactostandard endian now days. Or something like that.


Quoting myself here. I got it! I've got evidence it's endian corruption. :-)

I tried reversing 2016478208 bytes and it worked! My numbers were offfrom above, which I suspected were, but the right one works. So this2016478208 or $78310400 reverses to 274808 or $43178. I figured out whatcommand to set a register and plugged it into r5. It performed the load!

It's the static const char *const encodingNames[] array that's messedup. Or in reality the pointer offset reference. However it's coded itin. It's grabbed it from a data array off r30 at some point prior andgoing by the numbers stored the offsets are already corrupt. So whatevercode is setting the box offset for that string has managed to byte swapit. This would easily run deep. What ever codes those offsets, it couldbe anywhere, with some being fine and others like this one being backwards.


The source string reference being corrupted:

https://salsa.debian.org/search?search=KW_ISO_8859_1&nav_source=navbar&project_id=21123&group_id=2641&search_code=true&repository_ref=release%2Fmaster

I took a screen shot but not sure of the rules about attachments.


--
My regards,

Damien Stewart.

Reply to:

Follow-Ups:
- Re: Trying to crack the Firefox crashing issue
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

References:
- Trying to crack the Firefox crashing issue
  - From: Damien Stewart <hypexed@yahoo.com.au>
- Re: Trying to crack the Firefox crashing issue
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: Trying to crack the Firefox crashing issue
  - From: Damien Stewart <hypexed@yahoo.com.au>

Prev by Date: Re: Trying to crack the Firefox crashing issue
Next by Date: Re: Trying to crack the Firefox crashing issue
Previous by thread: Re: Trying to crack the Firefox crashing issue
Next by thread: Re: Trying to crack the Firefox crashing issue
Index(es):
- Date
- Thread