Closed Bug 1573853 Opened 6 years ago Closed 4 years ago

Crash in [@ logMessageSend] on macos 10.14

Categories

(Core :: Widget: Cocoa, defect, P1)

Product:
Core
Component:
Widget: Cocoa
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- wontfix
firefox68 --- wontfix
firefox69 --- wontfix
firefox70 --- wontfix

People

(Reporter: marcia, Unassigned)

Details

(5 keywords)

Crash Data

This bug is for crash report bp-63029747-b502-4868-a54b-a28ff0190814.

Not exactly sure where to bucket this, but filing since the signatures are almost all potential UAFs: https://bit.ly/2YOEOEs. All of the crashes occur on 10.14.

Some comments:

  • Had just downloaded a large pdf. File, which I had begun to read. As I then tried to return to Firefox search page, from the still open download, Firefox crashed. Hope this helps?
  • Closed with no notice suddenly
  • I was adding Excel attachments to an email I was sending.
  • Ready to send a document with an attachment and the system crashes. Then, I have to start over, with frustration
Top 10 frames of crashing thread:

0 libobjc.A.dylib logMessageSend 
1 Foundation KVO_IS_RETAINING_ALL_OBSERVERS_OF_THIS_OBJECT_IF_IT_CRASHES_AN_OBSERVER_WAS_OVERRELEASED_OR_SMASHED 
2 Foundation NSKeyValueWillChangeWithPerThreadPendingNotifications.llvm.15185137406513792962 
3 CloudDocs -[BRContainer setCurrentStatus:] 
4 CloudDocs __52-[BRContainerCache subscribeToContainerStatusUpdate]_block_invoke 
5 Foundation -[__NSObserver _doit:] 
6 CoreFoundation CFStringFindCharacterFromSet 
7 CoreFoundation CFStringFindCharacterFromSet 
8 Foundation __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ 
9 Foundation -[NSBlockOperation main]
Group: core-security → dom-core-security
Priority: -- → P1
Assignee: nobody → spohl.mozilla.bugs
Flags: needinfo?(spohl.mozilla.bugs)

Unfortunately, there doesn't seem to be anything immediately actionable here. We appear to crash off-main-thread in system code. It is suspicious that the main thread shows the following frames for many of the crash reports:

[...]
1 CoreFoundation __CFStringDecodeByteStream3
2 CoreFoundation +[__NSTaggedDate __new:]
3 CoreFoundation __CFRunLoopRun
[...]

I have not been able to reproduce the crash and we may need to wait until we can reproduce in house.

Flags: needinfo?(spohl.mozilla.bugs)
Assignee: spohl.mozilla.bugs → nobody

(In reply to Marcia Knous [:marcia - needinfo? me] from comment #0)

1 Foundation KVO_IS_RETAINING_ALL_OBSERVERS_OF_THIS_OBJECT_IF_IT_CRASHES_AN_OBSERVER_WAS_OVERRELEASED_OR_SMASHED

Heh. It sounds like "an observer was overreleased or smashed". The crashing thread has frames in the CloudDocs framework, which seems to be related to iCloud.
This is probably a bug in iCloud code.

And it's likely triggered by interactions with the file picker dialog, judging by the comments.

Markus - is it worth reporting this to Apple? Or should we mark this as stalled and move on?

Flags: needinfo?(mstange)

Dan, do you want to report this to Apple?

status-firefox70: affectedwontfix
Flags: needinfo?(dveditz)

Their old bug reporting mechanism is gone, replaced by "Feedback Assistant". I reported it there but I'm dubious. The report is private to my account, but fwiw https://feedbackassistant.apple.com/feedback/7386774

Flags: needinfo?(dveditz)
Keywords: sec-vector, stalled
Summary: Crash in [@ logMessageSend] → Crash in [@ logMessageSend] on macos 10.14

Thanks Dan and Liz for forwarding this to Apple!

Flags: needinfo?(mstange)

Haven't seen any crashes on anything newer than Firefox 71 and ESR-68, all end-of-life

Group: dom-core-security
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME

Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit auto_nag documentation.

Keywords: stalled
You need to log in before you can comment on or make changes to this bug.