Closed Bug 216234 Opened 21 years ago Closed 21 years ago

capability.principal prefs cause hang on exit and breaks duplicates.xul [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: asa, Assigned: caillon)

References

Details

(Keywords: crash, hang)

Crash Data

Attachments

(1 file)

Patch
525 bytes, patch
dbaron
: review+
dbaron
: superreview+
asa
: approval1.5b+
Details | Diff | Splinter Review 
After I've used jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul a
few lines are added to my prefs.js for capability.principal stuff. As soon as
these prefs are created then the app hangs on exit with 90something% CPU. I also
cannot run jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul a
second time without the app hanging. 

Steps to reproduce:
1. create a new profile
2. visit jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul and
agree to give the script priveleges and remember this decision.
3. exit the app

results:
do a "top" and see the app still running with likee 98% CPU

expected results: 
normal exit.

Tested with latest Firebird and SeaMonkey and reproduced in both. 
Additionally, if you attempt to visit
jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul again the
application hangs. 

I'll test with older build and try to narrow down the time of the regression.
The only older build I could find to test was 7/22 and things were working there
so it broke sometime between then and 8/5
Valgrind output from bryner:

<bryner> here's the output:
<bryner> ==30166== Invalid read of size 4
<bryner> ==30166==    at 0x403595C8: nsStrPrivate::Destroy(nsStr&) (nsStr.cpp:110)
<bryner> ==30166==    by 0x4035B35E: nsCString::~nsCString() (nsString.cpp:107)
<bryner> ==30166==    by 0x440C1487: nsPrincipal::~nsPrincipal()
(nsPrincipal.cpp:117)
<bryner> ==30166==    by 0x440C10C6: nsPrincipal::Release() (nsPrincipal.cpp:92)
<bryner> ==30166==    by 0x40361220: nsCOMPtr_base::~nsCOMPtr_base()
(nsCOMPtr.cpp:65)
<bryner> ==30166==    by 0x440CDB7E: nsBaseHashtableET<PrincipalKey,
nsCOMPtr<nsIPrincipal> >::~nsBaseHashtableET() (nsScriptSecurityManager.h:96)
<bryner> ...
<bryner> ==30166==    Address 0x44E3C168 is 20 bytes inside a block of size 32
free'd
<bryner> ==30166==    at 0x400296BF: free (in /usr/lib/valgrind/vgskin_memcheck.so)
<bryner> ==30166==    by 0x804DA1E: __builtin_delete (nsAppRunner.cpp:187)
<bryner> ==30166==    by 0x40029765: operator delete(void*) (in
/usr/lib/valgrind/vgskin_memcheck.so)
<bryner> ==30166==    by 0x440C1419: nsPrincipal::~nsPrincipal() (nsAutoPtr.h:82)
<bryner> ==30166==    by 0x440C10C6: nsPrincipal::Release() (nsPrincipal.cpp:92)
<bryner> ==30166==    by 0x40361220: nsCOMPtr_base::~nsCOMPtr_base()
(nsCOMPtr.cpp:65)
<bryner> ==30166==    by 0x440CDB7E: nsBaseHashtableET<PrincipalKey,
nsCOMPtr<nsIPrincipal> >::~nsBaseHashtableET() (nsScriptSecurityManager.h:96)
This hang seems to get "fixed" with the patch I attached in bug 143559.  I'm not
exactly sure why that patch "fixes" this problem, but that does need to get
fixed anyway...
This could be related to ~nsPrincipal doing |delete mCert| while |mCert| is an
nsAutoPtr.
Attached patch PatchSplinter Review 
Duh.  Thanks, David.
Attachment #130084 - Flags: superreview?(dbaron)
Attachment #130084 - Flags: review?(dbaron)
Attachment #130084 - Flags: superreview?(dbaron)
Attachment #130084 - Flags: superreview+
Attachment #130084 - Flags: review?(dbaron)
Attachment #130084 - Flags: review+
Comment on attachment 130084 [details] [diff] [review]
Patch

Silly hang fix.
Attachment #130084 - Flags: approval1.5b?
Comment on attachment 130084 [details] [diff] [review]
Patch

a=asa (on behalf of drivers) for checkin to 1.5beta
Attachment #130084 - Flags: approval1.5b? → approval1.5b+
Checked in.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
I think my bug is a dup of this.

chris, what do you think?

see bug #216481
*** Bug 216481 has been marked as a duplicate of this bug. ***
Severity: normal → critical
Keywords: crash
Summary: capability.principal prefs cause hang on exit and breaks duplicates.xul → capability.principal prefs cause hang on exit and breaks duplicates.xul [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]
*** Bug 215105 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: