Closed
Bug 1746746
Opened 2 years ago
Closed 2 years ago
Crash in [@ nssCKFWMutex_Unlock | nssCKFWObject_GetAttribute | NSSCKFWC_GetAttributeValue | PK11_ReadAttribute] macOS
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1747959
People
(Reporter: wsmwk, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Signature is mac only. v91 only.
Crash report: https://crash-stats.mozilla.org/report/index/575f19dd-33bd-485e-934e-9c7ef0211109
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames of crashing thread:
0 libnssckbi.dylib nssCKFWMutex_Unlock security/nss/lib/ckfw/mutex.c:185
1 libnssckbi.dylib nssCKFWObject_GetAttribute security/nss/lib/ckfw/object.c:649
2 libnssckbi.dylib NSSCKFWC_GetAttributeValue security/nss/lib/ckfw/wrap.c:2280
3 libnss3.dylib PK11_ReadAttribute security/nss/lib/pk11wrap/pk11obj.c:121
4 libnss3.dylib PK11_FindRawCertsWithSubject security/nss/lib/pk11wrap/pk11obj.c:1992
5 XUL mozilla::psm::NSSCertDBTrustDomain::FindIssuer security/certverifier/NSSCertDBTrustDomain.cpp:244
6 XUL mozilla::pkix::BuildForward security/nss/lib/mozpkix/lib/pkixbuild.cpp:365
7 XUL mozilla::pkix::PathBuildingStep::Check security/nss/lib/mozpkix/lib/pkixbuild.cpp:211
8 XUL mozilla::psm::CheckCandidates security/certverifier/NSSCertDBTrustDomain.cpp:183
9 XUL mozilla::psm::NSSCertDBTrustDomain::FindIssuer security/certverifier/NSSCertDBTrustDomain.cpp:319
Flags: needinfo?(kaie)
Reporter | ||
Updated•2 years ago
|
status-thunderbird_esr91:
--- → affected
Comment 1•2 years ago
|
||
I'm guessing Firefox would have the same crash, I don't see any Thunderbird code involved.
Updated•2 years ago
|
Assignee: nobody → nobody
status-thunderbird_esr91:
affected → ---
Component: Security → Libraries
Flags: needinfo?(kaie)
Product: Thunderbird → NSS
Version: Thunderbird 91 → other
Comment 2•2 years ago
|
||
Crash is on this line:
if (!mutex->lock)
mutex is a null pointer.
Comment 3•2 years ago
|
||
Earlier during execution of the nssCKFWObject_GetAttribute function, the mutex pointer was apparently valid, because there was a call to nssCKFWMutex_Lock which didn't crash.
Apparently some parallel access that caused the object/mutex to get deleted in another thread?
Were there any recent changes to this code, during the 78 to 91 time frame?
Updated•2 years ago
|
Assignee: nobody → nobody
Status: NEW → RESOLVED
Closed: 2 years ago
Component: Libraries → Security: PSM
Product: NSS → Core
Resolution: --- → DUPLICATE
Version: other → unspecified
You need to log in
before you can comment on or make changes to this bug.
Description
•