capability.principal prefs cause hang on exit and breaks duplicates.xul [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]

RESOLVED FIXED

Status

()

Core
Security: CAPS
--
critical
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: asa, Assigned: Christopher Aillon (sabbatical, not receiving bugmail))

Tracking

({crash, hang})

Trunk
x86
Linux
crash, hang
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
After I've used jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul a
few lines are added to my prefs.js for capability.principal stuff. As soon as
these prefs are created then the app hangs on exit with 90something% CPU. I also
cannot run jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul a
second time without the app hanging. 

Steps to reproduce:
1. create a new profile
2. visit jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul and
agree to give the script priveleges and remember this decision.
3. exit the app

results:
do a "top" and see the app still running with likee 98% CPU

expected results: 
normal exit.

Tested with latest Firebird and SeaMonkey and reproduced in both. 
Additionally, if you attempt to visit
jar:http://bugzilla.mozilla.org/duplicates.jar!/duplicates.xul again the
application hangs. 

I'll test with older build and try to narrow down the time of the regression.
(Reporter)

Comment 1

15 years ago
The only older build I could find to test was 7/22 and things were working there
so it broke sometime between then and 8/5
Valgrind output from bryner:

<bryner> here's the output:
<bryner> ==30166== Invalid read of size 4
<bryner> ==30166==    at 0x403595C8: nsStrPrivate::Destroy(nsStr&) (nsStr.cpp:110)
<bryner> ==30166==    by 0x4035B35E: nsCString::~nsCString() (nsString.cpp:107)
<bryner> ==30166==    by 0x440C1487: nsPrincipal::~nsPrincipal()
(nsPrincipal.cpp:117)
<bryner> ==30166==    by 0x440C10C6: nsPrincipal::Release() (nsPrincipal.cpp:92)
<bryner> ==30166==    by 0x40361220: nsCOMPtr_base::~nsCOMPtr_base()
(nsCOMPtr.cpp:65)
<bryner> ==30166==    by 0x440CDB7E: nsBaseHashtableET<PrincipalKey,
nsCOMPtr<nsIPrincipal> >::~nsBaseHashtableET() (nsScriptSecurityManager.h:96)
<bryner> ...
<bryner> ==30166==    Address 0x44E3C168 is 20 bytes inside a block of size 32
free'd
<bryner> ==30166==    at 0x400296BF: free (in /usr/lib/valgrind/vgskin_memcheck.so)
<bryner> ==30166==    by 0x804DA1E: __builtin_delete (nsAppRunner.cpp:187)
<bryner> ==30166==    by 0x40029765: operator delete(void*) (in
/usr/lib/valgrind/vgskin_memcheck.so)
<bryner> ==30166==    by 0x440C1419: nsPrincipal::~nsPrincipal() (nsAutoPtr.h:82)
<bryner> ==30166==    by 0x440C10C6: nsPrincipal::Release() (nsPrincipal.cpp:92)
<bryner> ==30166==    by 0x40361220: nsCOMPtr_base::~nsCOMPtr_base()
(nsCOMPtr.cpp:65)
<bryner> ==30166==    by 0x440CDB7E: nsBaseHashtableET<PrincipalKey,
nsCOMPtr<nsIPrincipal> >::~nsBaseHashtableET() (nsScriptSecurityManager.h:96)
This hang seems to get "fixed" with the patch I attached in bug 143559.  I'm not
exactly sure why that patch "fixes" this problem, but that does need to get
fixed anyway...
This could be related to ~nsPrincipal doing |delete mCert| while |mCert| is an
nsAutoPtr.
Attachment #130084 - Flags: superreview?(dbaron)
Attachment #130084 - Flags: review?(dbaron)
Attachment #130084 - Flags: superreview?(dbaron)
Attachment #130084 - Flags: superreview+
Attachment #130084 - Flags: review?(dbaron)
Attachment #130084 - Flags: review+
Comment on attachment 130084 [details] [diff] [review]
Patch

Silly hang fix.
Attachment #130084 - Flags: approval1.5b?
(Reporter)

Comment 7

15 years ago
Comment on attachment 130084 [details] [diff] [review]
Patch

a=asa (on behalf of drivers) for checkin to 1.5beta
Attachment #130084 - Flags: approval1.5b? → approval1.5b+
Checked in.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
I think my bug is a dup of this.

chris, what do you think?

see bug #216481
*** Bug 216481 has been marked as a duplicate of this bug. ***

Updated

15 years ago
Severity: normal → critical
Keywords: crash
Summary: capability.principal prefs cause hang on exit and breaks duplicates.xul → capability.principal prefs cause hang on exit and breaks duplicates.xul [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]

Comment 11

15 years ago
*** Bug 215105 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsPrincipal::Certificate::~Certificate ] [@ ntdll.dll ]
You need to log in before you can comment on or make changes to this bug.