Closed Bug 1001240 Opened 10 years ago Closed 8 years ago

crash in SECITEM_CompareItem_Util

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Platform:
All
Android
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox28 --- affected
firefox29 --- affected
firefox30 --- affected
firefox31 --- affected
fennec + ---

People

(Reporter: kbrosnan, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-6fed364e-88ff-4a5e-8508-2378a2140410.
=============================================================

0 	libc.so 	libc.so@0x21e1c 	
1 	libnss3.so 	SECITEM_CompareItem_Util 	security/nss/lib/util/secitem.c
2 	libnss3.so 	CERT_CompareCerts 	security/nss/lib/certdb/certdb.c
3 	libnss3.so 	pkix_pl_Cert_Equals 	security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
4 	libnss3.so 	PKIX_PL_Object_Equals 	security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
5 	libnss3.so 	PKIX_PL_Cert_VerifySignature 	security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
6 	libnss3.so 	pkix_SignatureChecker_Check 	security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
7 	libnss3.so 	pkix_CheckChain 	security/nss/lib/libpkix/pkix/top/pkix_validate.c
8 	libnss3.so 	pkix_Build_ValidateEntireChain 	security/nss/lib/libpkix/pkix/top/pkix_build.c
9 	libnss3.so 	pkix_BuildForwardDepthFirstSearch 	security/nss/lib/libpkix/pkix/top/pkix_build.c
10 	libnss3.so 	pkix_Build_InitiateBuildChain 	security/nss/lib/libpkix/pkix/top/pkix_build.c
11 	libnss3.so 	PKIX_BuildChain 	security/nss/lib/libpkix/pkix/top/pkix_build.c
12 	libnss3.so 	CERT_PKIXVerifyCert 	security/nss/lib/certhigh/certvfypkix.c
13 	libxul.so 	mozilla::psm::CertVerifier::VerifyCert(CERTCertificateStr*, long long, long long, nsIInterfaceRequestor*, unsigned int, CERTCertListStr**, SECOidTag*, CERTVerifyLogStr*) 	security/manager/ssl/src/CertVerifier.cpp
14 	libxul.so 	nsNSSCertificate::hasValidEVOidTag(SECOidTag&, bool&) 	security/manager/ssl/src/nsIdentityChecking.cpp
15 	libxul.so 	nsNSSCertificate::getValidEVOidTag(SECOidTag&, bool&) 	security/manager/ssl/src/nsIdentityChecking.cpp
16 	libxul.so 	nsNSSCertificate::GetIsExtendedValidation(bool*) 	security/manager/ssl/src/nsIdentityChecking.cpp
17 	libxul.so 	nsSSLStatus::GetIsExtendedValidation(bool*) 	security/manager/ssl/src/nsIdentityChecking.cpp
18 	libxul.so 	nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest*, nsISupports*, bool) 	security/manager/boot/src/nsSecureBrowserUIImpl.cpp
19 	libxul.so 	nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) 	security/manager/boot/src/nsSecureBrowserUIImpl.cpp
20 	libxul.so 	nsDocLoader::FireOnLocationChange(nsIWebProgress*, nsIRequest*, nsIURI*, unsigned int) 	uriloader/base/nsDocLoader.cpp
21 	libxul.so 	nsDocShell::CreateContentViewer(char const*, nsIRequest*, nsIStreamListener**) 	docshell/base/nsDocShell.cpp
22 	libxul.so 	nsDSURIContentListener::DoContent(char const*, bool, nsIRequest*, nsIStreamListener**, bool*) 	docshell/base/nsDSURIContentListener.cpp
23 	libxul.so 	nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*, nsIChannel*) 	uriloader/base/nsURILoader.cpp
24 	libxul.so 	nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*) 	uriloader/base/nsURILoader.cpp
25 	libxul.so 	nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) 	uriloader/base/nsURILoader.cpp
26 	libxul.so 	mozilla::net::nsHttpChannel::CallOnStartRequest() 	netwerk/protocol/http/nsHttpChannel.cpp
27 	libxul.so 	mozilla::net::nsHttpChannel::ContinueProcessNormal(tag_nsresult) 	netwerk/protocol/http/nsHttpChannel.cpp
28 	libxul.so 	mozilla::net::nsHttpChannel::ProcessNormal() 	netwerk/protocol/http/nsHttpChannel.cpp
29 	libxul.so 	mozilla::net::nsHttpChannel::ProcessResponse() 	netwerk/protocol/http/nsHttpChannel.cpp
30 	libxul.so 	mozilla::net::nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) 	netwerk/protocol/http/nsHttpChannel.cpp
31 	libxul.so 	nsInputStreamPump::OnStateStart() 	netwerk/base/src/nsInputStreamPump.cpp
32 	libxul.so 	nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) 	netwerk/base/src/nsInputStreamPump.cpp
33 	libxul.so 	nsInputStreamReadyEvent::Run() 	
34 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
35 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
36 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
37 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
38 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
39 	libxul.so 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
40 	libxul.so 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
41 	libxul.so 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
42 	libxul.so 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
43 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp
44 	libxul.so 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp
45 		@0x51412507 	
46 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x353a26 	
47 	libdvm.so 	libdvm.so@0x1ea52 	
48 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x1b2186 	
49 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2334e 	
50 	libdvm.so 	libdvm.so@0x4f3d5 	
51 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x1b2184 	
52 	libc.so 	libc.so@0x112f9 	
53 	libc.so 	libc.so@0x49ffe 	
54 	libc.so 	libc.so@0xdcdb 	
55 	libdvm.so 	libdvm.so@0x51005 	
56 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x6 	
57 	libdvm.so 	libdvm.so@0xb22c6 	
58 	dalvik-aux-structure (deleted) 	dalvik-aux-structure (deleted)@0x1645a 	
59 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2b425e 	
60 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2b425e 	
61 	libdvm.so 	libdvm.so@0x74647 	
62 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x353a3a 	
63 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2334e 	
64 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x353a26 	
65 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 	
66 	libdvm.so 	libdvm.so@0x6d2ad 	
67 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 	
68 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x4959e 	
69 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2334e 	
70 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0x1d0594 	
71 		@0x512e8ffe 	
72 	libdvm.so 	libdvm.so@0x50f0b 	
73 	libdvm.so 	libdvm.so@0xadc6a 	
74 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x353a26 	
75 	libdvm.so 	libdvm.so@0x4f247 	
76 	libdvm.so 	libdvm.so@0xb22c6 	
77 	libdvm.so 	libdvm.so@0xadc6a 	
78 	libdvm.so 	libdvm.so@0x50dc1 	
79 	data@app@org.mozilla.firefox-1.apk@classes.dex 	data@app@org.mozilla.firefox-1.apk@classes.dex@0xc1288 	
80 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2334e 	
81 	libdvm.so 	libdvm.so@0x1ebbe 	
82 	libdvm.so 	libdvm.so@0x27ea2 	
83 	libdvm.so 	libdvm.so@0x2f2da 	
84 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x36977e 	
85 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x17ee8e 	
86 	libdvm.so 	libdvm.so@0x2f32a 	
87 	libdvm.so 	libdvm.so@0xb22c6 	
88 	libdvm.so 	libdvm.so@0x2f2da 	
89 	libdvm.so 	libdvm.so@0x2c9ce

Frequent crash on Firefox for Android. Not device specific, not Android version specific. NI on blassey for suggestions of next steps. Not able to nom tracking-fennec.
Flags: needinfo?(blassey.bugs)
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
Version: 3.16.1 → unspecified
tracking-fennec: --- → ?
Are you sure this affects Firefox 31? Because we don't normally execute this code in Firefox 31 since we use mozilla::pkix in that version.
This looks more like dougt's domain, NI to him
Flags: needinfo?(blassey.bugs) → needinfo?(dougt)
Yes there is one instance of a 31a1 crash on FxAndroid. https://crash-stats.mozilla.com/report/index/06c7e3fa-70a8-40ba-94b2-70e2c2140422 is the crash
Flags: needinfo?(dougt)
mozilla::pkix is not enabled in android. As of today, there is patch for this on bug 915930. So of that patch, this failure will go away (on default configuration).
Chrome is also seeing this crash ( http://crbug.com/368369 ), so I suspect we're going to dig in soon.
tracking-fennec: ? → +
filter on [mass-p5]
Priority: -- → P5
We've long since moved away from using libpkix.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.