Closed
Bug 536862
Opened 15 years ago
Closed 14 years ago
Crash because of GSSAPI lib with Kerberos for Windows
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: shopik, Unassigned)
Details
(Keywords: crash)
My crash not yet submited to crash stat server, still in pending dir. But here stack output from debug tools for windows. This happends during start up when it start spamming me with lots password requests and I keep pressing cancel very fast. FAULTING_IP: ntdll!RtlpCoalesceFreeBlocks+128 7c911689 8b09 mov ecx,dword ptr [ecx] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 7c911689 (ntdll!RtlpCoalesceFreeBlocks+0x00000128) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 DEFAULT_BUCKET_ID: NULL_POINTER_READ PROCESS_NAME: thunderbird.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". READ_ADDRESS: 00000000 FAULTING_THREAD: 00000de4 PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ LAST_CONTROL_TRANSFER: from 7c91084c to 7c911689 STACK_TEXT: 055ff0c0 7c91084c 00000000 06507a18 055ff178 ntdll!RtlpCoalesceFreeBlocks+0x128 055ff194 7c34218a 06500000 00000000 06507a20 ntdll!RtlFreeHeap+0x2e9 055ff1dc 064978ce 06507a20 00000000 0573dc40 msvcr71!free+0xc3 [f:\vs70builds\3052\vc\crtbld\crt\src\free.c @ 103] WARNING: Stack unwind information not available. Following frames may be wrong. 055ff23c 064978bc 06507a20 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x169bd 055ff29c 06495884 06504998 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x169ab 055ff304 0649572e 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x14973 055ff35c 0649568f 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x1481d 055ff3bc 064957f7 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x1477e 055ff414 064959dc 065068d8 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x148e6 055ff474 0649680c 065068d8 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x14acb 055ff4d4 06448839 06504ca0 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x158fb 055ff530 064449a4 06503d60 00000000 0573dc40 krb5_32!krb5_free_config_files+0xb4 055ff588 1c0045dd 06503d60 00000000 0573dc40 krb5_32!krb5_free_context+0x11 055ff600 1c00a141 055ff7a4 00000000 06506840 gssapi32!gss_indicate_mechs+0x11a8 055ff688 1c00d4b6 00000000 055ff7a4 00000000 gssapi32!gss_indicate_mechs+0x6d0c 055ff738 00484178 055ff7a4 00000000 0573dc48 gssapi32!gss_init_sec_context+0x1b8 055ff800 004845cb 0573dc40 00000000 00000000 thunderbird!nsScriptableRegion::AddRef+0x25fa8 055ff894 00ab26e4 030d66c0 00000000 00000000 thunderbird!nsScriptableRegion::AddRef+0x263fb 055ff96c 00a37b4e 055ff9c4 055ffd20 055ffa58 thunderbird!DeviceContextImpl::AddRef+0x163a1e 055ffa50 7c91005d 055ffa6c 00000000 00010011 thunderbird!DeviceContextImpl::AddRef+0xe8e88 055ffb0c 002b607d 00000001 80000000 00000000 ntdll!RtlFreeHeap+0x647 055ffb1c 002dee23 05784ca0 00000004 00000000 xpcom_core!nsRunnable::Release+0x20 00000000 00000000 00000000 00000000 00000000 xpcom_core!NS_GetProxyForObject+0xe72 FOLLOWUP_IP: msvcr71!free+c3 [f:\vs70builds\3052\vc\crtbld\crt\src\free.c @ 103] 7c34218a e8b7010000 call msvcr71!__SEH_epilog (7c342346) SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: msvcr71!free+c3 FOLLOWUP_NAME: MachineOwner MODULE_NAME: msvcr71 IMAGE_NAME: msvcr71.dll DEBUG_FLR_IMAGE_TIMESTAMP: 3e561eac STACK_COMMAND: ~16s; .ecxr ; kb FAILURE_BUCKET_ID: NULL_POINTER_READ_c0000005_msvcr71.dll!free BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_msvcr71!free+c3 Followup: MachineOwner ---------
|
Reporter | |
Comment 1•15 years ago
|
||
Crash may related to changes in bug 525238
|
||
Comment 2•15 years ago
|
||
Please post detailed reproduction steps. And KfW for me just means Kreditanstalt für Wiederaufbau.
Version: 3.0 → 1.0
|
|
Reporter | |
Comment 3•15 years ago
|
||
Ben, I'm still trying to find exact steps but with no luck so far.
Summary: Crash when using GSSAPI and KfW → Crash when using GSSAPI and Kerberos for Windows
|
||
Comment 4•14 years ago
|
||
Nikolay, any luck on figuring out this ? Can you reproduce ? If so can you provide access to debug ?
Version: 1.0 → 3.0
|
|
Reporter | |
Comment 5•14 years ago
|
||
So far I seems can't reproduce it anymore, maybe when patch for bug 525238 landed this will be possible. Because crash appears to be happens after I work with patched version and then move back to unpatched.
|
||
Comment 6•14 years ago
|
||
This crash is deep within the GSSAPI library itself. Whilst that stack trace is almost certainly corrupt, it looks like we're dying somewhere in the middle of the memory management code. It's possible that this is a thread safety issue. GSSAPI's thread safety model requires that an individual GSSAPI context (which in our case translates to a single instance of a nsIAuthModule) not be used simultaneously by more than one thread. Nikolay: Did you say that this happened whilst many password prompts were appearing?
|
|
Reporter | |
Comment 7•14 years ago
|
||
Yes it was asking my password but these request fails so I continue pressing cancel, until late password request appear which accept my password.
|
|
||
Comment 8•14 years ago
|
||
What is the "it" that showed you the password prompts? If you canceled many of them in quick succession, it may be that your GSSAPI lib got confused with the UI and therefore crashed. It doesn't seem related at all to prefs migration, as you claimed in bug 525238 comment 69.
|
||
Comment 9•14 years ago
|
||
we don't prompt for passwords when doing gssapi auth, so was it non gssapi auth that was prompting for passwords? Or maybe some event pumping aspect of password prompts lead to the thread safety issue Simon mentioned.
|
|
Reporter | |
Comment 10•14 years ago
|
||
(In reply to comment #9) > we don't prompt for passwords when doing gssapi auth, so was it non gssapi auth > that was prompting for passwords? Or maybe some event pumping aspect of > password prompts lead to the thread safety issue Simon mentioned. Yeah it was Kerberos for Windows repetitively promoting passwords not Thunderbird. If this is problem in GSSAPI lib itself probably I should close this bug.
|
|
Reporter | |
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
Summary: Crash when using GSSAPI and Kerberos for Windows → Crash because of GSSAPI lib with Kerberos for Windows
You need to log in
before you can comment on or make changes to this bug.
Description
•