Closed
Bug 604814
Opened 14 years ago
Closed 8 years ago
Crash in [@ ssl3_FlushHandshake ]
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Seen while reviewing crash stats. Windows only crash that has cropped up today. http://tinyurl.com/24ucf73 links to the crashes which are all on Windows XP.
I tried to reproduce with some of the sites listed but had no luck.
Frame Module Signature [Expand] Source
0 @0x10b
1 ssl3.dll ssl3_FlushHandshake security/nss/lib/ssl/ssl3con.c:2419
2 ssl3.dll ssl3_SendChangeCipherSpecs security/nss/lib/ssl/ssl3con.c:2710
3 ssl3.dll ssl3_HandleServerHelloDone security/nss/lib/ssl/ssl3con.c:5741
4 ssl3.dll ssl3_HandleHandshakeMessage security/nss/lib/ssl/ssl3con.c:8632
5 ssl3.dll ssl3_HandleHandshake security/nss/lib/ssl/ssl3con.c:8727
6 ssl3.dll ssl3_HandleRecord security/nss/lib/ssl/ssl3con.c:9066
7 ssl3.dll ssl3_GatherCompleteHandshake security/nss/lib/ssl/ssl3gthr.c:209
8 ssl3.dll ssl_GatherRecord1stHandshake security/nss/lib/ssl/sslcon.c:1258
9 ssl3.dll ssl_Do1stHandshake security/nss/lib/ssl/sslsecur.c:151
10 ssl3.dll ssl_SecureSend security/nss/lib/ssl/sslsecur.c:1213
11 ssl3.dll ssl_SecureWrite security/nss/lib/ssl/sslsecur.c:1258
12 ssl3.dll ssl_Write security/nss/lib/ssl/sslsock.c:1652
13 xul.dll nsSSLThread::Run
14 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:426
15 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:122
16 mozcrt19.dll _callthreadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:348
17 mozcrt19.dll _threadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:326
18 kernel32.dll BaseThreadStart
Comment 1•14 years ago
|
||
looks like it was showing up about once a month on previous betas, then today we see a flood of reports. when we get the .csv tomorrow for these crashes we can try and fingerprint to see if there are any dups.
Comment 2•14 years ago
|
||
sorting by uptime I'm guessing this is one or two crashes an a bunch of dups. if thats the case its another example for the fix we need in bug 579136
Comment 3•14 years ago
|
||
At ssl3con.c:2419, ssl3_FlushHandshake calls ssl3_SendRecord. This is not a
call through a pointer. ssl3_SendRecord doesn't appear in the stack. From
these observations, I gather that ssl3_SendRecord called some function that
trashed the stack and then returned, effectively jumping to address 0x10b.
Perhaps ssl3_SendRecord called a function that called another function that
trashed the stack, and the crash did not occur when that function returned,
but later, when its caller returned. Or some other task might have trashed
this task's stack.
I looked through the functions that ssl3_SendRecord calls for those that
have buffers in the stack, and found only one. ssl3_SendRecord calls
ssl3_CompressMACEncryptRecord, which calls ssl3_ComputeRecordMAC, which
has a hash buffer in the stack. But if that hash buffer became overrun,
I would expect it to crash immediately upon that functino's return, if
not before (in a return from a function called by ssl3_ComputeRecordMAC).
So, my search was inconclusive.
Updated•14 years ago
|
Crash Signature: [@ ssl3_FlushHandshake ]
Updated•13 years ago
|
Severity: normal → critical
Crash Signature: [@ ssl3_FlushHandshake ] → ssl_Do1stHandshake | ssl_SecureSend |...] [@ ssl3_FlushHandshake ]
[@ ssl3_FlushHandshake | ssl3_SendChangeCipherSpecs | ssl3_HandleServerHelloDone | ssl3_HandleHandshakeMessage | ssl3_HandleHandshake | ssl3_HandleRecord | ssl_GatherRecord1stHandshake | …
Depends on: 716345
Comment 4•8 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•