Closed
Bug 1475936
Opened 6 years ago
Closed 5 years ago
Crash in PLDHashTable::Add | pref_SetPref (Citrix)
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox-esr60 wontfix)
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | wontfix |
People
(Reporter: philipp, Unassigned)
Details
(Keywords: crash, csectype-wildptr, sec-vector)
Crash Data
This bug was filed from the Socorro interface and is report bp-96af3b26-7ed1-42cb-9d1a-79f4c0180715. ============================================================= Top 10 frames of crashing thread: 0 @0x7fed24828e0 1 xul.dll PLDHashTable::Add xpcom/ds/PLDHashTable.cpp:588 2 xul.dll pref_SetPref modules/libpref/Preferences.cpp:962 3 xul.dll Parser::HandlePref modules/libpref/Preferences.cpp:1146 4 xul.dll prefs_parser::prefs_parser_parse modules/libpref/parser/src/lib.rs:144 5 xul.dll Parser::Parse modules/libpref/Preferences.cpp:1119 6 xul.dll mozilla::pref_ReadPrefFromJar modules/libpref/Preferences.cpp:3769 7 xul.dll mozilla::Preferences::InitInitialObjects modules/libpref/Preferences.cpp:3824 8 xul.dll mozilla::Preferences::GetInstanceForService modules/libpref/Preferences.cpp:2947 9 xul.dll PreferencesConstructor modules/libpref/Preferences.cpp:4748 ============================================================= these browser crashes with involvement of modules belonging to Citrix have become more common in firefox 60esr.
|
||
Comment 1•6 years ago
|
||
Nick, any idea what Citrix might be doing here to hit these crashes?
Flags: needinfo?(n.nethercote)
|
||
Comment 2•6 years ago
|
||
Hm. It looks like we're trying to jump to an invalid address when computing the hash for the entry key. The hash function is specified as a function pointer in the PLDHashTableOps struct for the hashtable, so my best guess is that they might be trying to hook that code to override some behavior of the prefs service. That's basically just a guess, though. They could be trying to hook something else and breaking the prefs hash table by accident.
|
||
Comment 3•6 years ago
|
||
kmag's suggestion is as good as anything I can think of.
Flags: needinfo?(n.nethercote)
|
Reporter | |
Comment 4•6 years ago
|
||
can we try to reach out to citrix in this matter?
Flags: needinfo?(astevenson)
|
||
Comment 5•6 years ago
|
||
Jimm - I think you have some contacts at Citrix. Maybe you can help with outreach?
Flags: needinfo?(astevenson) → needinfo?(jmathies)
|
|
||
Comment 6•6 years ago
|
||
The dlls here look like they are part of a long term service release [1] of their products. Win7 only, 47 install count currently and very low volume. Not too worried about it. [1] https://www.citrix.com/support/product-lifecycle/product-matrix.html
Flags: needinfo?(jmathies)
|
|
Reporter | |
Comment 7•6 years ago
|
||
this signature is accounting for 5% of browser crashes on 60esr at the moment. the overall volume is small, but we still have very few users on 60esr (~200k) vs 52esr (~6m). since this signature is regressing in firefox 60esr, i think it would be beneficial to look into it before we start automatically updating all the users on 52esr to the new branch in september.
|
||
Updated•6 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•6 years ago
|
Keywords: sec-vector
|
|
||
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•10 months ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•