Closed
Bug 689107
Opened 13 years ago
Closed 13 years ago
Firefox crashes [@ mozJSComponentLoader::Import(const nsACString_internal&) ] with FIPS enabled
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 675221
Tracking | Status | |
---|---|---|
firefox8 | --- | affected |
firefox9 | --- | affected |
firefox10 | - | affected |
firefox11 | --- | unaffected |
People
(Reporter: ginnchen+exoracle, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [native-crash])
Crash Data
I have repeatedly seen crashes with FIPS enabled. And I found a lot of crashes at https://crash-stats.mozilla.com/report/list?product=Firefox&platform=windows&platform=mac&platform=linux&query_search=signature&query_type=startswith&query=mozJSComponentLoader&reason_type=contains&date=09%2F26%2F2011%2000%3A49%3A37&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=mozJSComponentLoader%3A%3AImport%28nsACString_internal%20const%26%29 The stack on my machine (Solaris) is similar as https://crash-stats.mozilla.com/report/index/e2862ff9-471a-4018-a1d9-06d4e2110922 I can reproduce it with following steps 1) Create a new profile, set a master password, enable FIPS 2) Restart Firefox. 3) Open http://hg.mozilla.org, it should not ask you master password. 4) Leave it alone for several minutes. 5) Crash. It didn't crash if I change step 3) to 3) Open https://bugzilla.mozilla.org, it should ask you master password. Enter your master password. Open http://hg.mozilla.org Stack on my box: ----------------- lwp# 18 / thread# 18 -------------------- feec8785 _lwp_kill (12, b, f25fdd78, fee70d31) + 15 fee70d3d raise (b, f25fdd90, 0, fce0286d) + 25 fce028fe void nsProfileLock::FatalSignalHandler(int,siginfo*,void*) (b, f25fe094, f25fde94, fee9db07, b, fef62000) + 9e feec3cd5 __sighndlr (b, f25fe094, f25fde94, fce02860) + 15 feeb72ab call_user_handler (b) + 2af feeb7507 sigacthandler (b, f25fe094, f25fde94) + ee --- called from signal handler with signal 11 (SIGSEGV) --- fdbd95a8 unsigned mozJSComponentLoader::Import(const nsACString_internal&) (fb111bc0) + 84 fdaa9bbe unsigned nsXPCComponents_Utils::Import(const nsACString_internal&) (f1f77c00, f1b30730, 1, fea45fa8, f1f77c00, 7) + 4e fe1beab7 NS_InvokeByIndex_P (f1f77c00, 7, 1, f25fe2d4) + 51 fdad724b int XPCWrappedNative::CallMethod(XPCCallContext&,XPCWrappedNative::CallMode) (f25fe470) + 8fb fdae4cef int XPC_WN_CallMethod(JSContext*,unsigned,unsigned long long*) (fb19b8e0, 1, f8200060, f2ca5370) + 13b fe6a22d3 bool js::Interpret(JSContext*,js::StackFrame*,unsigned,js::InterpMode) (fb19b8e0, f8200030, 0, 0) + 144eb fe43757c bool js::Execute(JSContext*,JSObject&,JSScript*,js::StackFrame*,unsigned,js::Value*) (fb19b8e0, f2c4f190, f1f5e800, 0, 0) + 630 fe3b1e38 JS_ExecuteScript (fb19b8e0, f2c4f190, f2c4f1e0, 0) + 2c fe3b1f1d JS_ExecuteScriptVersion (fb19b8e0, f2c4f190, f2c4f1e0, 0, b9, f2600290) + a1 fdbd6f4a unsigned mozJSComponentLoader::GlobalForLocation(nsILocalFile*,nsIURI*,JSObject**,char**,unsigned long long*) (fb111bc0, fb13cb60, f1fb3f10, f1fb3f60, f1fb3f64, 0) + b8e fdbd2ec9 const mozilla::Module*mozJSComponentLoader::LoadModuleImpl(nsILocalFile*,nsAString_internal&,nsIURI*) (fb111bc0) + c1 fdbd2cf6 const mozilla::Module*mozJSComponentLoader::LoadModuleFromJAR(nsILocalFile*,const nsACString_internal&) (fb111bc0, fb13cb60, f9e55628, fe19fee2) + 31a fe1a00ef unsigned nsComponentManagerImpl::CreateInstanceByContractID(const char*,nsISupports*,const nsID&,void**) (f9e29040, fe8d1230, 0, fea6cf98, f26009fc) + 21b fe1a0a73 unsigned nsComponentManagerImpl::GetServiceByContractID(const char*,const nsID&,void**) (f9e29040, fe8d1230, fea6cf98, f2600a6c) + 1ef fe148ed0 unsigned nsGetServiceByContractIDWithError::operator()(const nsID&,void**)const (f2600a98, fea6cf98, f2600a6c, fe147a65) + 30 fe147a7e void nsCOMPtr_base::assign_from_gs_contractid_with_error(const nsGetServiceByContractIDWithError&,const nsID&) (f2600a94, f2600a98, fea6cf98, fdc5be2a) + 26 fdc5be5e unsigned nsWindowWatcher::GetNewPrompter(nsIDOMWindow*,nsIPrompt**) (f94e1260, 0, f2600af0, fdcff429) + 42 fdcff5d6 char*PK11PasswordPrompt(PK11SlotInfoStr*,int,void*) (f284b000, 0, 0, fc29aab2) + 1be fc29ab39 PK11_DoPassword (f284b000, 1, 0, fc29a504) + 95 fc29a540 PK11_Authenticate (f284b000, 1, 0, 0) + 48 fc2c98e9 PK11_GetBestSlotMultiple (f2600d90, 1, 0, fc2c9a0c, f2600df8) + 19d fc2c9a24 PK11_GetBestSlot (350, 0, fec401f0, fdd578fa) + 24 fdd579ca unsigned nsKeyObjectFactory::KeyFromString(short,const nsACString_internal&,nsIKeyObject**) (f6d7add8, 101, f284c5d8, f2600e24) + de fdce039b unsigned nsUrlClassifierDBServiceWorker::BeginStream(const nsACString_internal&,const nsACString_internal&) (f284c400, f1b30590, f1b30630, f1fb3eb0, fea45fa8, f284c400) + 10f fe1beab7 NS_InvokeByIndex_P (f284c400, 7, 2, f1f1ff20) + 51 fe1adc24 unsigned nsProxyObjectCallInfo::Run() (f1fb3eb0, 1, f2600edc, 0) + 28 fe1a7601 unsigned nsThread::ProcessNextEvent(int,int*) (f2870880, 1, f2600f4c, fe14e549) + 121 fe14e567 int NS_ProcessNextEvent_P(nsIThread*,int) (f2870880, 1, f2600f78, fe1a6887) + 2b fe1a6903 void nsThread::ThreadFunc(void*) (f2870880) + 9b fc2023e2 _pt_root (f34c0660, fef62000, f2600fe8, feec38f9) + 9e feec394c _thrp_setup (fa7c7a40) + 9d feec3bf0 _lwp_start (fa7c7a40, 0, 0, 0, 0, 0)
Comment 1•13 years ago
|
||
This is because we're creating the prompt service from off the main thread, which xpconnect rightly refuses to do. bsmith I believe has a patch to make all the prompting use the main thread, but I'm surprised that this crashes. It's a null-deref at http://hg.mozilla.org/releases/mozilla-release/annotate/5b6c2f8ff6da/js/src/xpconnect/loader/mozJSComponentLoader.cpp#l1353 which presumably indicates that cc is null which means that the prior call to GetCurrentNativeCallContext returned a success code but didn't actually hand back a call context.
Updated•13 years ago
|
Crash Signature: [@ mozJSComponentLoader::Import(nsACString_internal const&) ]
Comment 2•13 years ago
|
||
I was experiencing a very similar crash, which is now resolved for me after the removal of XPCOM proxies from PSM (see bug 675221). Try current mozilla-aurora?
I didn't reproduce it with mozilla-central. I got "Password Required" dialog after a few minutes.
Also occurs on Nightly Birch: https://crash-stats.mozilla.com/report/index/b8498f7b-d334-4dec-b5ef-e97c92111205
Whiteboard: [native-crash]
(In reply to Naoki Hirata :nhirata from comment #4) > Also occurs on Nightly Birch: > https://crash-stats.mozilla.com/report/index/b8498f7b-d334-4dec-b5ef- > e97c92111205 looks like a different cause.
Comment 7•13 years ago
|
||
(In reply to Ginn Chen from comment #5) > (In reply to Naoki Hirata :nhirata from comment #4) > > Also occurs on Nightly Birch: > > https://crash-stats.mozilla.com/report/index/b8498f7b-d334-4dec-b5ef- > > e97c92111205 > > looks like a different cause. That is a similar problem, in a different component. I filed bug 711820 for it. This was already fixed in the PSM parts of bug 675221, specifically [1] which landed on mozilla-central on 2011-11-03. Too late for Firefox 9. I might be able to pare down the patch that fixes this in order to fix it for Firefox 10, but it is pretty late for that too. [1] https://hg.mozilla.org/mozilla-central/rev/7d4f0ef1ef33
No longer blocks: 711820
Status: NEW → RESOLVED
Closed: 13 years ago
status-firefox10:
--- → affected
status-firefox11:
--- → unaffected
status-firefox8:
--- → affected
status-firefox9:
--- → affected
tracking-firefox10:
--- → ?
Component: XPConnect → Security: PSM
QA Contact: xpconnect → psm
Resolution: --- → DUPLICATE
Comment 8•13 years ago
|
||
From my read of crash-stats, this does not appear to be a top crasher or a new regression.
You need to log in
before you can comment on or make changes to this bug.
Description
•