Closed Bug 689107 Opened 13 years ago Closed 13 years ago

Firefox crashes [@ mozJSComponentLoader::Import(const nsACString_internal&) ] with FIPS enabled

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 675221
Tracking Flags:
Tracking Status
firefox8 --- affected
firefox9 --- affected
firefox10 - affected
firefox11 --- unaffected

People

(Reporter: ginnchen+exoracle, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [native-crash])

Crash Data

I have repeatedly seen crashes with FIPS enabled.

And I found a lot of crashes at
https://crash-stats.mozilla.com/report/list?product=Firefox&platform=windows&platform=mac&platform=linux&query_search=signature&query_type=startswith&query=mozJSComponentLoader&reason_type=contains&date=09%2F26%2F2011%2000%3A49%3A37&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=mozJSComponentLoader%3A%3AImport%28nsACString_internal%20const%26%29

The stack on my machine (Solaris) is similar as
https://crash-stats.mozilla.com/report/index/e2862ff9-471a-4018-a1d9-06d4e2110922

I can reproduce it with following steps
1) Create a new profile, set a master password, enable FIPS
2) Restart Firefox.
3) Open http://hg.mozilla.org, it should not ask you master password.
4) Leave it alone for several minutes.
5) Crash.

It didn't crash if I change step 3) to
3) Open https://bugzilla.mozilla.org, it should ask you master password. Enter your master password. Open http://hg.mozilla.org

Stack on my box:
-----------------  lwp# 18 / thread# 18  --------------------
 feec8785 _lwp_kill (12, b, f25fdd78, fee70d31) + 15
 fee70d3d raise    (b, f25fdd90, 0, fce0286d) + 25
 fce028fe void nsProfileLock::FatalSignalHandler(int,siginfo*,void*) (b, f25fe094, f25fde94, fee9db07, b, fef62000) + 9e
 feec3cd5 __sighndlr (b, f25fe094, f25fde94, fce02860) + 15
 feeb72ab call_user_handler (b) + 2af
 feeb7507 sigacthandler (b, f25fe094, f25fde94) + ee
 --- called from signal handler with signal 11 (SIGSEGV) ---
 fdbd95a8 unsigned mozJSComponentLoader::Import(const nsACString_internal&) (fb111bc0) + 84
 fdaa9bbe unsigned nsXPCComponents_Utils::Import(const nsACString_internal&) (f1f77c00, f1b30730, 1, fea45fa8, f1f77c00, 7) + 4e
 fe1beab7 NS_InvokeByIndex_P (f1f77c00, 7, 1, f25fe2d4) + 51
 fdad724b int XPCWrappedNative::CallMethod(XPCCallContext&,XPCWrappedNative::CallMode) (f25fe470) + 8fb
 fdae4cef int XPC_WN_CallMethod(JSContext*,unsigned,unsigned long long*) (fb19b8e0, 1, f8200060, f2ca5370) + 13b
 fe6a22d3 bool js::Interpret(JSContext*,js::StackFrame*,unsigned,js::InterpMode) (fb19b8e0, f8200030, 0, 0) + 144eb
 fe43757c bool js::Execute(JSContext*,JSObject&,JSScript*,js::StackFrame*,unsigned,js::Value*) (fb19b8e0, f2c4f190, f1f5e800, 0, 0) + 630
 fe3b1e38 JS_ExecuteScript (fb19b8e0, f2c4f190, f2c4f1e0, 0) + 2c
 fe3b1f1d JS_ExecuteScriptVersion (fb19b8e0, f2c4f190, f2c4f1e0, 0, b9, f2600290) + a1
 fdbd6f4a unsigned mozJSComponentLoader::GlobalForLocation(nsILocalFile*,nsIURI*,JSObject**,char**,unsigned long long*) (fb111bc0, fb13cb60, f1fb3f10, f1fb3f60, f1fb3f64, 0) + b8e
 fdbd2ec9 const mozilla::Module*mozJSComponentLoader::LoadModuleImpl(nsILocalFile*,nsAString_internal&,nsIURI*) (fb111bc0) + c1
 fdbd2cf6 const mozilla::Module*mozJSComponentLoader::LoadModuleFromJAR(nsILocalFile*,const nsACString_internal&) (fb111bc0, fb13cb60, f9e55628, fe19fee2) + 31a
 fe1a00ef unsigned nsComponentManagerImpl::CreateInstanceByContractID(const char*,nsISupports*,const nsID&,void**) (f9e29040, fe8d1230, 0, fea6cf98, f26009fc) + 21b
 fe1a0a73 unsigned nsComponentManagerImpl::GetServiceByContractID(const char*,const nsID&,void**) (f9e29040, fe8d1230, fea6cf98, f2600a6c) + 1ef
 fe148ed0 unsigned nsGetServiceByContractIDWithError::operator()(const nsID&,void**)const (f2600a98, fea6cf98, f2600a6c, fe147a65) + 30
 fe147a7e void nsCOMPtr_base::assign_from_gs_contractid_with_error(const nsGetServiceByContractIDWithError&,const nsID&) (f2600a94, f2600a98, fea6cf98, fdc5be2a) + 26
 fdc5be5e unsigned nsWindowWatcher::GetNewPrompter(nsIDOMWindow*,nsIPrompt**) (f94e1260, 0, f2600af0, fdcff429) + 42
 fdcff5d6 char*PK11PasswordPrompt(PK11SlotInfoStr*,int,void*) (f284b000, 0, 0, fc29aab2) + 1be
 fc29ab39 PK11_DoPassword (f284b000, 1, 0, fc29a504) + 95
 fc29a540 PK11_Authenticate (f284b000, 1, 0, 0) + 48
 fc2c98e9 PK11_GetBestSlotMultiple (f2600d90, 1, 0, fc2c9a0c, f2600df8) + 19d
 fc2c9a24 PK11_GetBestSlot (350, 0, fec401f0, fdd578fa) + 24
 fdd579ca unsigned nsKeyObjectFactory::KeyFromString(short,const nsACString_internal&,nsIKeyObject**) (f6d7add8, 101, f284c5d8, f2600e24) + de
 fdce039b unsigned nsUrlClassifierDBServiceWorker::BeginStream(const nsACString_internal&,const nsACString_internal&) (f284c400, f1b30590, f1b30630, f1fb3eb0, fea45fa8, f284c400) + 10f
 fe1beab7 NS_InvokeByIndex_P (f284c400, 7, 2, f1f1ff20) + 51
 fe1adc24 unsigned nsProxyObjectCallInfo::Run() (f1fb3eb0, 1, f2600edc, 0) + 28
 fe1a7601 unsigned nsThread::ProcessNextEvent(int,int*) (f2870880, 1, f2600f4c, fe14e549) + 121
 fe14e567 int NS_ProcessNextEvent_P(nsIThread*,int) (f2870880, 1, f2600f78, fe1a6887) + 2b
 fe1a6903 void nsThread::ThreadFunc(void*) (f2870880) + 9b
 fc2023e2 _pt_root (f34c0660, fef62000, f2600fe8, feec38f9) + 9e
 feec394c _thrp_setup (fa7c7a40) + 9d
 feec3bf0 _lwp_start (fa7c7a40, 0, 0, 0, 0, 0)
Severity: normal → critical
Keywords: crash
This is because we're creating the prompt service from off the main thread, which xpconnect rightly refuses to do. bsmith I believe has a patch to make all the prompting use the main thread, but I'm surprised that this crashes.

It's a null-deref at http://hg.mozilla.org/releases/mozilla-release/annotate/5b6c2f8ff6da/js/src/xpconnect/loader/mozJSComponentLoader.cpp#l1353 which presumably indicates that cc is null which means that the prior call to GetCurrentNativeCallContext returned a success code but didn't actually hand back a call context.
Crash Signature: [@ mozJSComponentLoader::Import(nsACString_internal const&) ]
I was experiencing a very similar crash, which is now resolved for me after the removal of XPCOM proxies from PSM (see bug 675221). Try current mozilla-aurora?
I didn't reproduce it with mozilla-central.
I got "Password Required" dialog after a few minutes.
(In reply to Naoki Hirata :nhirata from comment #4)
> Also occurs on Nightly Birch:
> https://crash-stats.mozilla.com/report/index/b8498f7b-d334-4dec-b5ef-
> e97c92111205

looks like a different cause.
(In reply to Ginn Chen from comment #5)
> (In reply to Naoki Hirata :nhirata from comment #4)
> > Also occurs on Nightly Birch:
> > https://crash-stats.mozilla.com/report/index/b8498f7b-d334-4dec-b5ef-
> > e97c92111205
> 
> looks like a different cause.

That is a similar problem, in a different component. I filed bug 711820 for it.

This was already fixed in the PSM parts of bug 675221, specifically [1] which landed on mozilla-central on 2011-11-03.

Too late for Firefox 9. I might be able to pare down the patch that fixes this in order to fix it for Firefox 10, but it is pretty late for that too.

[1] https://hg.mozilla.org/mozilla-central/rev/7d4f0ef1ef33
No longer blocks: 711820
Status: NEW → RESOLVED
Closed: 13 years ago
status-firefox10: --- → affected
status-firefox11: --- → unaffected
status-firefox8: --- → affected
status-firefox9: --- → affected
tracking-firefox10: --- → ?
Component: XPConnect → Security: PSM
QA Contact: xpconnect → psm
Resolution: --- → DUPLICATE
From my read of crash-stats, this does not appear to be a top crasher or a new regression.
tracking-firefox10: ?-
You need to log in before you can comment on or make changes to this bug.