Mozilla crashes if duplicate password deleted when prompt is up.

RESOLVED FIXED in mozilla1.2beta

Status

SeaMonkey
Passwords & Permissions
P2
critical
RESOLVED FIXED
16 years ago
14 years ago

People

(Reporter: Chris Flanigan, Assigned: Stephen P. Morse)

Tracking

({crash})

Trunk
mozilla1.2beta
x86
Linux
crash

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

16 years ago
I've noticed that if a site prompts for which username/password combination to
use (duplicate are stored for that url).. and you delete any of the login
information in the prompt... Mozilla instantly crashes.

Comment 1

16 years ago
could you provide a talkback ID for one of the crashes?
Severity: minor → critical
Keywords: crash
and of course the build id..
(Reporter)

Comment 3

16 years ago
 I'm sorry for not including it before... I really do apologize.   Mozilla 1.0.0-3 Build ID: 20020615  I installed it via apt-get w/the Debian distribution. 

Comment 4

16 years ago
if you use a debian package, you get to provide your own stacktrace (via gdb).
otherwise, please use a talkback-enabled mozilla.org build.
(Reporter)

Comment 5

16 years ago
 Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 1024 (LWP 3091)] 
0x4013f203 in nsVoidArray::IndexOf () from /usr/lib/libxpcom.so 
(gdb) bt 
#0  0x4013f203 in nsVoidArray::IndexOf () from /usr/lib/libxpcom.so 
#1  0x4013f58f in nsVoidArray::RemoveElement () from /usr/lib/libxpcom.so 
#2  0x413de0ae in NSGetModule () from /usr/lib/mozilla/components/libwallet.so 
#3  0x413e0d5a in NSGetModule () from /usr/lib/mozilla/components/libwallet.so 
#4  0x413e1203 in NSGetModule () from /usr/lib/mozilla/components/libwallet.so 
#5  0x413ce284 in NSGetModule () from /usr/lib/mozilla/components/libwallet.so 
#6  0x4063c941 in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#7  0x4063c97d in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#8  0x4063c97d in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#9  0x4063c97d in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#10 0x4063bf49 in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#11 0x4063be38 in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#12 0x4063bc90 in NSGetModule () from /usr/lib/mozilla/components/liburiloader.so 
#13 0x406752cd in NSGetModule () from /usr/lib/mozilla/components/libnecko.so 
#14 0x40e2d134 in NSGetModule () from /usr/lib/mozilla/components/libimglib2.so 
#15 0x40e2c049 in NSGetModule () from /usr/lib/mozilla/components/libimglib2.so 
#16 0x40e29fe6 in NSGetModule () from /usr/lib/mozilla/components/libimglib2.so 
#17 0x4068d6ae in NSGetModule () from /usr/lib/mozilla/components/libnecko.so 
#18 0x406c8f8e in NSGetModule () from /usr/lib/mozilla/components/libnecko.so 
#19 0x4067a3ed in NSGetModule () from /usr/lib/mozilla/components/libnecko.so 
#20 0x40679bda in NSGetModule () from /usr/lib/mozilla/components/libnecko.so 
#21 0x401769e1 in PL_HandleEvent () from /usr/lib/libxpcom.so 
#22 0x401768d9 in PL_ProcessPendingEvents () from /usr/lib/libxpcom.so 
#23 0x401779db in nsEventQueueImpl::ProcessPendingEvents () from /usr/lib/libxpcom.so 
#24 0x407c40a9 in NSGetModule () from /usr/lib/mozilla/components/libwidget_gtk.so 
#25 0x407c3de6 in NSGetModule () from /usr/lib/mozilla/components/libwidget_gtk.so 
#26 0x4049be00 in g_io_add_watch () from /usr/lib/libglib-1.2.so.0 
#27 0x4049d4c8 in g_get_current_time () from /usr/lib/libglib-1.2.so.0 
#28 0x4049dad3 in g_get_current_time () from /usr/lib/libglib-1.2.so.0 
#29 0x4049dc6c in g_main_run () from /usr/lib/libglib-1.2.so.0 
#30 0x403bf7f7 in gtk_main () from /usr/lib/libgtk-1.2.so.0 
#31 0x407c4536 in NSGetModule () from /usr/lib/mozilla/components/libwidget_gtk.so 
#32 0x407a3888 in NSGetModule () from /usr/lib/mozilla/components/libnsappshell.so 
#33 0x08051df3 in getCountry () 
#34 0x080526fe in main () 
#35 0x4022d14f in __libc_start_main () from /lib/libc.so.6 
 
That's all it reported... 

Comment 6

16 years ago
I thought that NSGetModule was a feature of Tinderbox builds... RPM build gives
decent stacktraces.  Anyway, all is not lost.
1) The stack you have does not show up in talkback.
2) /usr/lib/libxpcom.so and /usr/lib/mozilla/components/*.so
  Is /usr/lib/libxpcom.so from the Mozilla package or something else?

beyond that, I don't know.
(Reporter)

Comment 7

16 years ago
Given the following URL, it seems as though libxpcom.so IS in the mozilla package... 
 
http://packages.debian.org/cgi-bin/search_contents.pl?word=libxpcom.so&searchmode=searchfiles&case=insensitive&version=unstable&arch=i386 
(Assignee)

Comment 8

16 years ago
I don't understand the description given here.  What do you mean by:

   "and you delete any of the login information in the prompt"

How can you delete items from the promt?
(Reporter)

Comment 9

16 years ago
 I happened to have another mozilla window open, so I deleted the duplicate login.. and that 
went fine. When I clicked over to the window that was requesting me to choose.. it immediately 
segfaulted. 
(Assignee)

Comment 10

16 years ago
Thanks for the clarification.  I can reproduce.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → mozilla1.1beta
(Assignee)

Updated

16 years ago
Keywords: nsbeta1
(Assignee)

Updated

16 years ago
Target Milestone: mozilla1.1beta → mozilla1.2beta
Keywords: nsbeta1 → nsbeta1+
(Assignee)

Comment 11

16 years ago
The cleanest (and easiest) way to prevent this crash is to disable the remove 
button in the password-manager dialog while the select-user dialog is being 
displayed.  Attaching a patch that accomplishes that.
(Assignee)

Comment 12

16 years ago
Created attachment 95952 [details] [diff] [review]
disable remove button while select-user dialog is active

Comment 13

16 years ago
Comment on attachment 95952 [details] [diff] [review]
disable remove button while select-user dialog is active

>Index: singsign.cpp

>+    os->NotifyObservers(nsnull, "signonChanged", NS_ConvertASCIItoUCS2("suspend").get());
>+    os->NotifyObservers(nsnull, "signonChanged", NS_ConvertASCIItoUCS2("resume").get());

NS_LITERAL_STRING("suspend").get()
NS_LITERAL_STRING("resume").get()

>Index: SignonViewer.js

>+      } else if (state == "resume") {
>+        var selections = GetTreeSelections(signonsTree);
>+        if (selections.length) {

if (selections.length > 0)

>+          document.getElementById("removeSignon").removeAttribute("disabled");

.disabled = false;

>+        }
>+        if (signons.length > 0) {
>+          document.getElementById("removeAllSignons").removeAttribute("disabled");

.disabled = false;

sr=jag with those changes
Attachment #95952 - Flags: superreview+
(Assignee)

Comment 14

16 years ago
Oops, patch does not go far enough.  It does prevent you from deleting a 
password if you already have the password-manager dialog open.  But it doesn't 
prevent you from opening the password-manager dialog from a separate window and 
doing the deletion.  In other words, this scenerio will still crash.

1. Save at least two logins for a given page
   (e.g., people.netscape.com/morse/password.htm
2. Open the password manager
3. Open a second window
4. From either window, go to the given page
5. Select-user dialog appears
6. Note that it is not possible to press the remove buttons in the open 
password-manager dialog
7. From other window, open another copy of password-manager dialog (it's not 
possible to open another copy of that dialog from current window because the 
select-user dialog is modal).
8. From this second copy of dialog it is possible to delete an entry.  Do so.
9. Click OK in select-user dialog
CRASH

Back to the drawing board.  Should be easy to plug this hole.
Same stack as in bug 163914. Some kind of focus problem with popups?
(Assignee)

Comment 16

16 years ago
No, the problem here has nothing to do with popups.  Is just that the data
structure was changed behind the scene, and the select-user dialog was still
acting as if the old data structure existed.

I know exactly what the problem is and will have a patch shortly.
(Assignee)

Comment 17

16 years ago
Created attachment 96482 [details] [diff] [review]
same as previous but also disable remove button in dialogs created after select-user dialog
Attachment #95952 - Attachment is obsolete: true

Comment 18

16 years ago
Comment on attachment 96482 [details] [diff] [review]
same as previous but also disable remove button in dialogs created after select-user dialog

 function Shutdown() {
-  kObserverService.removeObserver(signonReloadDisplay, "signonChanged");
+  if (isPassword) {
+    kObserverService.removeObserver(signonReloadDisplay, "signonChanged");
+    kObserverService.removeObserver(signonReloadDisplay, "signonSelectUser");
+  }
 }

Should that be |if (isPasswordManager) {| ?
(Assignee)

Comment 19

16 years ago
> Should that be |if (isPasswordManager) {| ?

Yes it should.  New patch coming up.
(Assignee)

Comment 20

16 years ago
Created attachment 96565 [details] [diff] [review]
isPassword -.> isPasswordManager (comment 18)
Attachment #96482 - Attachment is obsolete: true

Comment 21

16 years ago
Comment on attachment 96565 [details] [diff] [review]
isPassword -.> isPasswordManager (comment 18)

r=sgehani if kSelectUserInUse is changed to gSelectUserInUse everywhere since
it is global, not const.
Attachment #96565 - Flags: review+

Comment 22

16 years ago
Comment on attachment 96565 [details] [diff] [review]
isPassword -.> isPasswordManager (comment 18)

sr=darin for this patch, but take care of the problem of some other code
calling RemoveUser.
Attachment #96565 - Flags: superreview+
(Assignee)

Comment 23

16 years ago
patch checked in
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.