Crash in [@ PR_AtomicIncrement | nssToken_AddRef | nssCryptokiObject_Clone | find_objects_in_array]
Categories
(NSS :: Libraries, defect, P3)
Tracking
(firefox-esr115 unaffected, firefox-esr128 unaffected, firefox132 unaffected, firefox133 unaffected, firefox134+ fixed)
Tracking | Status | |
---|---|---|
firefox-esr115 | --- | unaffected |
firefox-esr128 | --- | unaffected |
firefox132 | --- | unaffected |
firefox133 | --- | unaffected |
firefox134 | + | fixed |
People
(Reporter: mccr8, Assigned: jschanck)
Details
(Keywords: crash, regression)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/de848e4e-d293-4e61-b8b3-ded0e0241120
Reason:
EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 10 frames:
0 libnss3.dylib PR_AtomicIncrement nsprpub/pr/src/misc/pratom.c:246
0 libnss3.dylib nssToken_AddRef security/nss/lib/dev/devtoken.c:53
0 libnss3.dylib nssCryptokiObject_Clone security/nss/lib/dev/devutil.c:73
0 libnss3.dylib find_objects_in_array security/nss/lib/dev/devutil.c:680
0 libnss3.dylib nssTokenObjectCache_FindObjectsByTemplate security/nss/lib/dev/devutil.c:727
1 libnss3.dylib nssToken_FindObjectsByTemplate security/nss/lib/dev/devtoken.c:400
2 libnss3.dylib nssToken_FindObjects security/nss/lib/dev/devtoken.c:579
3 libnss3.dylib PK11_TraverseCertsInSlot security/nss/lib/pk11wrap/pk11cert.c:2375
4 libnss3.dylib PK11_ListCertsInSlot security/nss/lib/pk11wrap/pk11cert.c:2904
5 XUL mozilla::psm::FindClientCertificatesWithPrivateKeys() security/manager/ssl/nsNSSComponent.cpp:2105
Found in the crash spike report.
Maybe this should be NSS as it looks like a null deref deep inside NSS?
This crash report has the comment "Not able to use external key to authenticate." which is likely unsurprising.
MacOS-only.
This first showed up in the 20241119214442 build, so I'm going to guess that this is due to bug 1927888.
[Tracking Requested - why for this release]: crash regression. The volume isn't super high in absolute terms, but this is quite high for a MacOS specific issue.
Reporter | ||
Comment 1•18 days ago
•
|
||
[@ nssToken_AddRef | nssCryptokiObject_Clone | find_objects_in_array ]
looks like the Windows version of the signature. Lower volume. Example: bp-8c2980df-0fb5-4cf7-a062-b6e180241120
Updated•18 days ago
|
Comment 2•18 days ago
|
||
:beurdouche, since you are the author of the regressor, bug 1927888, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
Updated•17 days ago
|
Comment 3•17 days ago
|
||
The bug is marked as tracked for firefox134 (nightly). However, the bug still isn't assigned.
:ckerschb, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.
For more information, please visit BugBot documentation.
Comment 4•17 days ago
|
||
Benjamin is OOO, I forwarded the bug to the team channel. I'll make sure someone will take a look.
Assignee | ||
Updated•17 days ago
|
Assignee | ||
Updated•17 days ago
|
Assignee | ||
Comment 5•17 days ago
|
||
The regressor was backed out of NSS prior to the release of NSS 3.107, which will land in M-C in Bug 1927888.
Updated•17 days ago
|
Description
•