1746746 - Crash in [@ nssCKFWMutex_Unlock | nssCKFWObject_GetAttribute | NSSCKFWC_GetAttributeValue | PK11_ReadAttribute] macOS

Status: RESOLVED DUPLICATE of bug 1747959

(Core :: Security: PSM, defect)

Description

[Wayne Mery (:wsmwk)]

Signature is mac only. v91 only.

Crash report: https://crash-stats.mozilla.org/report/index/575f19dd-33bd-485e-934e-9c7ef0211109

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 libnssckbi.dylib nssCKFWMutex_Unlock security/nss/lib/ckfw/mutex.c:185
1 libnssckbi.dylib nssCKFWObject_GetAttribute security/nss/lib/ckfw/object.c:649
2 libnssckbi.dylib NSSCKFWC_GetAttributeValue security/nss/lib/ckfw/wrap.c:2280
3 libnss3.dylib PK11_ReadAttribute security/nss/lib/pk11wrap/pk11obj.c:121
4 libnss3.dylib PK11_FindRawCertsWithSubject security/nss/lib/pk11wrap/pk11obj.c:1992
5 XUL mozilla::psm::NSSCertDBTrustDomain::FindIssuer security/certverifier/NSSCertDBTrustDomain.cpp:244
6 XUL mozilla::pkix::BuildForward security/nss/lib/mozpkix/lib/pkixbuild.cpp:365
7 XUL mozilla::pkix::PathBuildingStep::Check security/nss/lib/mozpkix/lib/pkixbuild.cpp:211
8 XUL mozilla::psm::CheckCandidates security/certverifier/NSSCertDBTrustDomain.cpp:183
9 XUL mozilla::psm::NSSCertDBTrustDomain::FindIssuer security/certverifier/NSSCertDBTrustDomain.cpp:319

Comment 1

[Kai Engert (:KaiE:)]

I'm guessing Firefox would have the same crash, I don't see any Thunderbird code involved.

Comment 2

[Kai Engert (:KaiE:)]

Crash is on this line:
if (!mutex->lock)

mutex is a null pointer.

Comment 3

[Kai Engert (:KaiE:)]

Earlier during execution of the nssCKFWObject_GetAttribute function, the mutex pointer was apparently valid, because there was a call to nssCKFWMutex_Lock which didn't crash.

Apparently some parallel access that caused the object/mutex to get deleted in another thread?

Were there any recent changes to this code, during the 78 to 91 time frame?