Closed Bug 1401019 Opened 3 years ago Closed 3 years ago

[U2F] Crash upon signing credential without registering one first

Categories

(Core :: DOM: Device Interfaces, defect, P2, critical)

57 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla57
Tracking Status
firefox57 --- fixed

People

(Reporter: mwobensmith, Assigned: ttaubert)

References

(Blocks 1 open bug, )

Details

Attachments

(1 file)

With Nightly 57, turn on all webauth prefs except soft token.
Do not use USB hardware token.

1. Go to test site https://u2f.bin.coffee
2. Click "U2F Register"
3. Click "U2F Sign"

Tab crashes. If you wait another minute or so, the browser itself also crashes.
Priority: -- → P2
Summary: (U2F) Crash upon signing credential without registering one first → [U2F] Crash upon signing credential without registering one first
I can see this is hanging in u2fhid::capi::rust_u2f_mgr_free(), probably another dupe of bug 1400940. Will try to reproduce before I'll dupe it.
Hmm no, it's mix actually. The shutdown crash/hang is indeed bug 1400940. After the active tab crashes you can't load any new pages. The crash itself is something we need to fix separately though.
GDB stack trace:

> Thread 1 "Web Content" received signal SIGSEGV, Segmentation fault.
> mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >::Track (this=0x7f94dc87d0a8, 
>     aRequest=<error reading variable: DWARF-2 expression error: `DW_OP_stack_value' operations must be used either alone or in conjunction with DW_OP_piece or DW_OP_bit_piece.>) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:1303
> 1303	    MOZ_DIAGNOSTIC_ASSERT(!Exists());
> (gdb) bt
> #0  0x00007f95077cf799 in mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >::Track(already_AddRefed<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::Request>) (this=0x7f94dc87d0a8, aRequest=<error reading variable: DWARF-2 expression error: `DW_OP_stack_value' operations must be used either alone or in conjunction with DW_OP_piece or DW_OP_bit_piece.>)
>     at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:1303
> #1  0x00007f95077cf799 in mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::ThenCommand<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::ThenValue<mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&)::$_2, mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&)::$_3> >::Track(mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >&) (aRequestHolder=..., this=<optimized out>) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:948
> #2  0x00007f95077cf799 in mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&) (this=<optimized out>, aAppId=
>     ..., aChallenge=..., aRegisteredKeys=..., aCallback=..., opt_aTimeoutSeconds=..., aRv=...) at /home/tim/workspace/gecko-dev/dom/u2f/U2F.cpp:385
> #3  0x00007f9506ab166f in mozilla::dom::U2FBinding::sign(JSContext*, JS::Handle<JSObject*>, mozilla::dom::U2F*, JSJitMethodCallArgs const&) (cx=<optimized out>, obj=..., self=<optimized out>, args=...) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dom/bindings/U2FBinding.cpp:1636
We're running into one of the promise asserts, those are fatal on Nightlies.
Assertion failure: !mPromiseHolder.Exists(), at gecko-dev/dom/u2f/U2F.cpp:323
/me steals
Assignee: jjones → ttaubert
Status: NEW → ASSIGNED
Pushed by ttaubert@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8d3d707fe048
Cancel the current U2F API request before starting a new one r=jcj
https://hg.mozilla.org/mozilla-central/rev/8d3d707fe048
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Duplicate of this bug: 1401872
Comment on attachment 8909777 [details]
Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj

J.C. Jones [:jcj] has approved the revision.

https://phabricator.services.mozilla.com/D70
Attachment #8909777 - Flags: review+
You need to log in before you can comment on or make changes to this bug.