Closed Bug 1001240 Opened 11 years ago Closed 9 years ago

crash in SECITEM_CompareItem_Util

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Platform:
All
Android
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox28 --- affected
firefox29 --- affected
firefox30 --- affected
firefox31 --- affected
fennec + ---

People

(Reporter: kbrosnan, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-6fed364e-88ff-4a5e-8508-2378a2140410. ============================================================= 0 libc.so libc.so@0x21e1c 1 libnss3.so SECITEM_CompareItem_Util security/nss/lib/util/secitem.c 2 libnss3.so CERT_CompareCerts security/nss/lib/certdb/certdb.c 3 libnss3.so pkix_pl_Cert_Equals security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c 4 libnss3.so PKIX_PL_Object_Equals security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c 5 libnss3.so PKIX_PL_Cert_VerifySignature security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c 6 libnss3.so pkix_SignatureChecker_Check security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c 7 libnss3.so pkix_CheckChain security/nss/lib/libpkix/pkix/top/pkix_validate.c 8 libnss3.so pkix_Build_ValidateEntireChain security/nss/lib/libpkix/pkix/top/pkix_build.c 9 libnss3.so pkix_BuildForwardDepthFirstSearch security/nss/lib/libpkix/pkix/top/pkix_build.c 10 libnss3.so pkix_Build_InitiateBuildChain security/nss/lib/libpkix/pkix/top/pkix_build.c 11 libnss3.so PKIX_BuildChain security/nss/lib/libpkix/pkix/top/pkix_build.c 12 libnss3.so CERT_PKIXVerifyCert security/nss/lib/certhigh/certvfypkix.c 13 libxul.so mozilla::psm::CertVerifier::VerifyCert(CERTCertificateStr*, long long, long long, nsIInterfaceRequestor*, unsigned int, CERTCertListStr**, SECOidTag*, CERTVerifyLogStr*) security/manager/ssl/src/CertVerifier.cpp 14 libxul.so nsNSSCertificate::hasValidEVOidTag(SECOidTag&, bool&) security/manager/ssl/src/nsIdentityChecking.cpp 15 libxul.so nsNSSCertificate::getValidEVOidTag(SECOidTag&, bool&) security/manager/ssl/src/nsIdentityChecking.cpp 16 libxul.so nsNSSCertificate::GetIsExtendedValidation(bool*) security/manager/ssl/src/nsIdentityChecking.cpp 17 libxul.so nsSSLStatus::GetIsExtendedValidation(bool*) security/manager/ssl/src/nsIdentityChecking.cpp 18 libxul.so nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest*, nsISupports*, bool) security/manager/boot/src/nsSecureBrowserUIImpl.cpp 19 libxul.so nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) security/manager/boot/src/nsSecureBrowserUIImpl.cpp 20 libxul.so nsDocLoader::FireOnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) uriloader/base/nsDocLoader.cpp 21 libxul.so nsDocShell::CreateContentViewer(char const*, nsIRequest*, nsIStreamListener**) docshell/base/nsDocShell.cpp 22 libxul.so nsDSURIContentListener::DoContent(char const*, bool, nsIRequest*, nsIStreamListener**, bool*) docshell/base/nsDSURIContentListener.cpp 23 libxul.so nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*, nsIChannel*) uriloader/base/nsURILoader.cpp 24 libxul.so nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*) uriloader/base/nsURILoader.cpp 25 libxul.so nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) uriloader/base/nsURILoader.cpp 26 libxul.so mozilla::net::nsHttpChannel::CallOnStartRequest() netwerk/protocol/http/nsHttpChannel.cpp 27 libxul.so mozilla::net::nsHttpChannel::ContinueProcessNormal(tag_nsresult) netwerk/protocol/http/nsHttpChannel.cpp 28 libxul.so mozilla::net::nsHttpChannel::ProcessNormal() netwerk/protocol/http/nsHttpChannel.cpp 29 libxul.so mozilla::net::nsHttpChannel::ProcessResponse() netwerk/protocol/http/nsHttpChannel.cpp 30 libxul.so mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) netwerk/protocol/http/nsHttpChannel.cpp 31 libxul.so nsInputStreamPump::OnStateStart() netwerk/base/src/nsInputStreamPump.cpp 32 libxul.so nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) netwerk/base/src/nsInputStreamPump.cpp 33 libxul.so nsInputStreamReadyEvent::Run() 34 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 35 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 36 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 37 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 38 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 39 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 40 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 41 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 42 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 43 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 44 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp 45 @0x51412507 46 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x353a26 47 libdvm.so libdvm.so@0x1ea52 48 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x1b2186 49 dalvik-heap (deleted) dalvik-heap (deleted)@0x2334e 50 libdvm.so libdvm.so@0x4f3d5 51 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x1b2184 52 libc.so libc.so@0x112f9 53 libc.so libc.so@0x49ffe 54 libc.so libc.so@0xdcdb 55 libdvm.so libdvm.so@0x51005 56 dalvik-heap (deleted) dalvik-heap (deleted)@0x6 57 libdvm.so libdvm.so@0xb22c6 58 dalvik-aux-structure (deleted) dalvik-aux-structure (deleted)@0x1645a 59 dalvik-heap (deleted) dalvik-heap (deleted)@0x2b425e 60 dalvik-heap (deleted) dalvik-heap (deleted)@0x2b425e 61 libdvm.so libdvm.so@0x74647 62 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x353a3a 63 dalvik-heap (deleted) dalvik-heap (deleted)@0x2334e 64 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x353a26 65 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 66 libdvm.so libdvm.so@0x6d2ad 67 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 68 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x4959e 69 dalvik-heap (deleted) dalvik-heap (deleted)@0x2334e 70 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 71 @0x512e8ffe 72 libdvm.so libdvm.so@0x50f0b 73 libdvm.so libdvm.so@0xadc6a 74 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x353a26 75 libdvm.so libdvm.so@0x4f247 76 libdvm.so libdvm.so@0xb22c6 77 libdvm.so libdvm.so@0xadc6a 78 libdvm.so libdvm.so@0x50dc1 79 data@app@org.mozilla.firefox-1.apk@classes.dex data@app@org.mozilla.firefox-1.apk@classes.dex@0xc1288 80 dalvik-heap (deleted) dalvik-heap (deleted)@0x2334e 81 libdvm.so libdvm.so@0x1ebbe 82 libdvm.so libdvm.so@0x27ea2 83 libdvm.so libdvm.so@0x2f2da 84 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc (deleted)@0x36977e 85 dalvik-heap (deleted) dalvik-heap (deleted)@0x17ee8e 86 libdvm.so libdvm.so@0x2f32a 87 libdvm.so libdvm.so@0xb22c6 88 libdvm.so libdvm.so@0x2f2da 89 libdvm.so libdvm.so@0x2c9ce Frequent crash on Firefox for Android. Not device specific, not Android version specific. NI on blassey for suggestions of next steps. Not able to nom tracking-fennec.
Flags: needinfo?(blassey.bugs)
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
Version: 3.16.1 → unspecified
tracking-fennec: --- → ?
Are you sure this affects Firefox 31? Because we don't normally execute this code in Firefox 31 since we use mozilla::pkix in that version.
This looks more like dougt's domain, NI to him
Flags: needinfo?(blassey.bugs) → needinfo?(dougt)
Yes there is one instance of a 31a1 crash on FxAndroid. https://crash-stats.mozilla.com/report/index/06c7e3fa-70a8-40ba-94b2-70e2c2140422 is the crash
Flags: needinfo?(dougt)
mozilla::pkix is not enabled in android. As of today, there is patch for this on bug 915930. So of that patch, this failure will go away (on default configuration).
Chrome is also seeing this crash ( http://crbug.com/368369 ), so I suspect we're going to dig in soon.
tracking-fennec: ? → +
filter on [mass-p5]
Priority: -- → P5
We've long since moved away from using libpkix.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.