Closed Bug 1401019 Opened 8 years ago Closed 8 years ago

[U2F] Crash upon signing credential without registering one first

Categories

(Core :: DOM: Device Interfaces, defect, P2)

Product:
Core
Component:
DOM: Device Interfaces
Version:
57 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: mwobensmith, Assigned: ttaubert)

References

(Blocks 1 open bug,
URL
)

Details

Attachments

(1 file)

Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj
44 bytes, text/x-phabricator-request
jcj
: review+
Details | Review
With Nightly 57, turn on all webauth prefs except soft token. Do not use USB hardware token. 1. Go to test site https://u2f.bin.coffee 2. Click "U2F Register" 3. Click "U2F Sign" Tab crashes. If you wait another minute or so, the browser itself also crashes.
Priority: -- → P2
Summary: (U2F) Crash upon signing credential without registering one first → [U2F] Crash upon signing credential without registering one first
I can see this is hanging in u2fhid::capi::rust_u2f_mgr_free(), probably another dupe of bug 1400940. Will try to reproduce before I'll dupe it.
Hmm no, it's mix actually. The shutdown crash/hang is indeed bug 1400940. After the active tab crashes you can't load any new pages. The crash itself is something we need to fix separately though.
GDB stack trace: > Thread 1 "Web Content" received signal SIGSEGV, Segmentation fault. > mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >::Track (this=0x7f94dc87d0a8, > aRequest=<error reading variable: DWARF-2 expression error: `DW_OP_stack_value' operations must be used either alone or in conjunction with DW_OP_piece or DW_OP_bit_piece.>) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:1303 > 1303 MOZ_DIAGNOSTIC_ASSERT(!Exists()); > (gdb) bt > #0 0x00007f95077cf799 in mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >::Track(already_AddRefed<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::Request>) (this=0x7f94dc87d0a8, aRequest=<error reading variable: DWARF-2 expression error: `DW_OP_stack_value' operations must be used either alone or in conjunction with DW_OP_piece or DW_OP_bit_piece.>) > at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:1303 > #1 0x00007f95077cf799 in mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::ThenCommand<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false>::ThenValue<mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&)::$_2, mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&)::$_3> >::Track(mozilla::MozPromiseRequestHolder<mozilla::MozPromise<nsTString<char16_t>, mozilla::dom::ErrorCode, false> >&) (aRequestHolder=..., this=<optimized out>) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dist/include/mozilla/MozPromise.h:948 > #2 0x00007f95077cf799 in mozilla::dom::U2F::Sign(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::dom::Sequence<mozilla::dom::RegisteredKey> const&, mozilla::dom::U2FSignCallback&, mozilla::dom::Optional<mozilla::dom::Nullable<int> > const&, mozilla::ErrorResult&) (this=<optimized out>, aAppId= > ..., aChallenge=..., aRegisteredKeys=..., aCallback=..., opt_aTimeoutSeconds=..., aRv=...) at /home/tim/workspace/gecko-dev/dom/u2f/U2F.cpp:385 > #3 0x00007f9506ab166f in mozilla::dom::U2FBinding::sign(JSContext*, JS::Handle<JSObject*>, mozilla::dom::U2F*, JSJitMethodCallArgs const&) (cx=<optimized out>, obj=..., self=<optimized out>, args=...) at /home/tim/workspace/gecko-dev/obj-x86_64-pc-linux-gnu/dom/bindings/U2FBinding.cpp:1636
We're running into one of the promise asserts, those are fatal on Nightlies.
Assertion failure: !mPromiseHolder.Exists(), at gecko-dev/dom/u2f/U2F.cpp:323
/me steals
Assignee: jjones → ttaubert
Status: NEW → ASSIGNED
Pushed by ttaubert@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/8d3d707fe048 Cancel the current U2F API request before starting a new one r=jcj
https://hg.mozilla.org/mozilla-central/rev/8d3d707fe048
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox57: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
Comment on attachment 8909777 [details] Bug 1401019 - Cancel the current U2F API request before starting a new one r=jcj J.C. Jones [:jcj] has approved the revision. https://phabricator.services.mozilla.com/D70
Attachment #8909777 - Flags: review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: