Closed
Bug 1136140
Opened 9 years ago
Closed 9 years ago
Firefox on Windows crashes when opening secure websocket connections through an HTTPS proxy
Categories
(Core :: Networking: WebSockets, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
People
(Reporter: alex, Assigned: mcmanus)
References
Details
(Keywords: crash, crashreportid)
Crash Data
Attachments
(1 file)
1.48 KB,
patch
|
u408661
:
review+
lsblakk
:
approval-mozilla-aurora+
lsblakk
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 Steps to reproduce: 1. Setup a secure web proxy: that is, an HTTP proxy over a TLS connection. Assuming the proxy has been set up on proxy.example.com:443 2. Create a PAC script that looks like the following: function FindProxyForURL(url,host) { return "HTTPS proxy.example.com:443"; } 3. Open Tools -> Options -> Advanced -> Network -> Settings. Select "Automatic proxy configuration URL" and type an URL to the PAC script you created in step 2. 4. Open Tools -> Web Developer -> Scratch pad. Paste the following code var ws = new WebSocket("wss://echo.websocket.org/") and press "Run". Actual results: Firefox crashes reliably, producing the following crash report: https://crash-stats.mozilla.com/report/index/f5765143-8ea1-42ef-963a-d220a2150224 Expected results: Firefox should keep running. A websocket connection to wss://echo.websocket.org/ should be established
Reporter | ||
Comment 1•9 years ago
|
||
User-agent string in the description is unrelated to the bug. The actual User-Agent string for the firefox in question is Mozilla/5.0 (Windows NT 6.3; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0
Reporter | ||
Updated•9 years ago
|
Crash Signature: mozilla::net::SocketInWrapper::AsyncWait(nsIInputStreamCallback*, unsigned int, unsigned int, nsIEventTarget*)
OS: Mac OS X → Windows 8
Reporter | ||
Updated•9 years ago
|
Severity: normal → critical
Updated•9 years ago
|
Crash Signature: mozilla::net::SocketInWrapper::AsyncWait(nsIInputStreamCallback*, unsigned int, unsigned int, nsIEventTarget*) → [@ mozilla::net::SocketInWrapper::AsyncWait(nsIInputStreamCallback*, unsigned int, unsigned int, nsIEventTarget*) ]
QA Whiteboard: [bugday-20150302]
Component: Untriaged → Networking: WebSockets
Keywords: crash,
crashreportid
Product: Firefox → Core
Assignee | ||
Comment 2•9 years ago
|
||
this will crash for me on any channel-build (even nightly), but when I build my own tree with debug options (and use the same profile) its fine.
Assignee | ||
Comment 3•9 years ago
|
||
the same smart pointer is used as both an input argument and a output argument (via getter_AddRefs()) here: https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/nsHttpConnection.cpp#1125 it depends on the compiler optimization strategy in play, but that can result in nulling of the input argument.
Assignee | ||
Comment 4•9 years ago
|
||
alex, thanks for filing the bug!
Assignee | ||
Comment 5•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=c7cd66f9cb74
Assignee | ||
Comment 6•9 years ago
|
||
Attachment #8574847 -
Flags: review?(hurley)
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → mcmanus
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8574847 -
Flags: review?(hurley) → review+
Assignee | ||
Comment 7•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2766bae39188
Comment 8•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2766bae39188
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Comment 9•9 years ago
|
||
Comment on attachment 8574847 [details] [diff] [review] wss inside https proxy null deref Approval Request Comment [Feature/regressing bug #]: feature 378637 [User impact if declined]: using a combination of secure proxy and secure websockets can lead to a safe crash [Describe test coverage new/current, TreeHerder]:reproduced problem report [Risks and why]: very small simple and safe fix [String/UUID change made/needed]: none
Attachment #8574847 -
Flags: approval-mozilla-beta?
Attachment #8574847 -
Flags: approval-mozilla-aurora?
Updated•9 years ago
|
Attachment #8574847 -
Flags: approval-mozilla-beta?
Attachment #8574847 -
Flags: approval-mozilla-beta+
Attachment #8574847 -
Flags: approval-mozilla-aurora?
Attachment #8574847 -
Flags: approval-mozilla-aurora+
You need to log in
before you can comment on or make changes to this bug.
Description
•