Closed Bug 1438277 Opened 8 years ago Closed 8 years ago

Crash in nssCryptokiObject_Create | create_objects_from_handles

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox-esr52 unaffected, firefox58 wontfix, firefox59 wontfix, firefox60 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- wontfix
firefox59 --- wontfix
firefox60 --- fixed

People

(Reporter: philipp, Assigned: keeler)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 obsolete file)

This bug was filed from the Socorro interface and is report bp-d97a8b07-82ef-4797-95e8-a80f10180214. ============================================================= Top 10 frames of crashing thread: 0 nss3.dll nssCryptokiObject_Create security/nss/lib/dev/devutil.c:43 1 nss3.dll create_objects_from_handles security/nss/lib/dev/devtoken.c:230 2 nss3.dll find_objects security/nss/lib/dev/devtoken.c:336 3 nss3.dll nssToken_FindObjectsByTemplate security/nss/lib/dev/devtoken.c:425 4 nss3.dll nssToken_FindCertificatesBySubject security/nss/lib/dev/devtoken.c:620 5 nss3.dll nssTrustDomain_FindCertificatesBySubject security/nss/lib/pki/trustdomain.c:614 6 nss3.dll CERT_CreateSubjectCertList security/nss/lib/certdb/stanpcertdb.c:744 7 xul.dll mozilla::psm::NSSCertDBTrustDomain::FindIssuer security/certverifier/NSSCertDBTrustDomain.cpp:155 8 xul.dll mozilla::pkix::BuildForward security/pkix/lib/pkixbuild.cpp:340 9 xul.dll mozilla::pkix::BuildCertChain security/pkix/lib/pkixbuild.cpp:376 ============================================================= this crash signature is regressing in volume since firefox 58 and subsequent versions.
status-firefox58: affectedwontfix
Flags: needinfo?(ttaubert)
Flags: needinfo?(dkeeler)
I'll have a look and see if I can figure out anything that's obviously wrong here.
Flags: needinfo?(dkeeler)
Interestingly, I can find reports only from Fx 52-59. Nothing for 60...
Flags: needinfo?(ttaubert)
The crashes in 58 are probably bug 1421788. The more recent ones seem to be crashing when we dereference the memory returned by whatever the token implementation is. Maybe we need to follow-up with some more judicious null checks?
Assignee: nobody → dkeeler
Component: Security: PSM → Libraries
Product: Core → NSS
Version: 58 Branch → other
Comment on attachment 8953563 [details] bug 1438277 - be even more defensive about bad token implementations in nssCryptokiObject_Create r?ttaubert Tim Taubert [:ttaubert] has approved the revision. https://phabricator.services.mozilla.com/D640
Attachment #8953563 - Flags: review+
Comment on attachment 8953563 [details] bug 1438277 - be even more defensive about bad token implementations in nssCryptokiObject_Create r?ttaubert Tim Taubert [:ttaubert] has been removed from the revision. https://phabricator.services.mozilla.com/D640
Attachment #8953563 - Flags: review+
Attachment #8953563 - Attachment is obsolete: true
https://hg.mozilla.org/projects/nss/rev/ea519bc56872
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.36
Seems unlikely we're going to fix this for 59 at this point.
status-firefox59: affectedwontfix
status-firefox60: affectedfixed
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: