Closed Bug 660190 Opened 14 years ago Closed 7 years ago

Crash on certificate backup when master password prompt is canceled [@ PORT_ZFree_Util ]

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
2.0 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 401240

People

(Reporter: david.balazic, Unassigned)

References

Details

(Keywords: crash, regression, Whiteboard: [bugday-2011-05-27][psm-backlog])

Crash Data

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 FF crashes, even in safe mode, reproducibly with the steps below. Reproducible: Always Steps to Reproduce: 1. set up a master password 2. import some personal certificates (with private key) 3. in Options/Advanced/View certificates select a certificate on the Your Certificates tab and click Backup... 4. in the file dialog enter a filename and click Save 5. a dialog asking the master password appears 6. cancel it with the escape key 7. a dialog appears telling that the certificate backup failed 8. cancel it with the escape key after that all firefox Windows disappear, also the process
Could you attach some dummy test certificate on which we can try this?
Whiteboard: [bugday-2011-05-27]
Reproduced with some_user_cert.pfx from attachment 528818 [details] (from unrelated bug 651897). Seems to be 100% reproducible. Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0 Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 [@ PORT_ZFree_Util ] bp-956409b5-a7b8-416b-ac1d-983cd2110528 bp-d2460a82-d39c-4304-b7eb-91e012110528 bp-c7f017da-f482-4cd9-9c28-163042110528 WFM: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 Mozilla/5.0 (X11; Linux x86_64; rv:6.0a2) Gecko/20110527 Firefox/6.0a2 Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1
Severity: normal → critical
Keywords: crash
OS: Windows XP → All
Hardware: x86 → All
Summary: Crash on certificate backup when master password prompt is canceled → Crash on certificate backup when master password prompt is canceled [@ PORT_ZFree_Util ]
Version: unspecified → 4.0 Branch
0 libnssutil3.so PORT_ZFree_Util secport.c:159 1 libnssutil3.so SECITEM_ZfreeItem_Util secitem.c:277 2 libxul.so nsPKCS12Blob::ExportToFile security/manager/ssl/src/nsPKCS12Blob.cpp:491 3 libxul.so nsNSSCertificateDB::ExportPKCS12File security/manager/ssl/src/nsNSSCertificateDB.cpp:1209 4 libxul.so NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:195 5 libxul.so XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:3124 6 libxul.so XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1613 7 libxul.so js::Interpret js/src/jscntxtinlines.h:701 8 libxul.so js::RunScript js/src/jsinterp.cpp:653 9 libxul.so js::Invoke js/src/jsinterp.cpp:740 10 libxul.so js::ExternalInvoke js/src/jsinterp.cpp:863 11 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5173 12 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1914 13 libxul.so nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:228 14 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1127 15 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:1222 16 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:146 17 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:341 18 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:628 19 libxul.so nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:691 20 libxul.so PresShell::HandleDOMEventWithTarget layout/base/nsPresShell.cpp:7142 21 libxul.so nsContentUtils::DispatchXULCommand content/base/src/nsContentUtils.cpp:5483 22 libxul.so nsButtonBoxFrame::DoMouseClick layout/xul/base/src/nsButtonBoxFrame.cpp:172 23 libxul.so nsButtonBoxFrame::HandleEvent layout/xul/base/src/nsButtonBoxFrame.cpp:137 24 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:386 25 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:628 26 libxul.so PresShell::HandleEventInternal layout/base/nsPresShell.cpp:7066 27 libxul.so PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6915 28 libxul.so nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:4109 29 libxul.so nsEventStateManager::PostHandleEvent content/events/src/nsEventStateManager.cpp:3009 30 libxul.so PresShell::HandleEventInternal layout/base/nsPresShell.cpp:7089 31 libxul.so PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6900 32 libxul.so PresShell::HandleEvent layout/base/nsPresShell.cpp:6734 33 libxul.so nsViewManager::HandleEvent view/src/nsViewManager.cpp:1105 34 libxul.so nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1083 35 libxul.so HandleEvent view/src/nsView.cpp:161 36 libxul.so nsWindow::DispatchEvent widget/src/gtk2/nsWindow.cpp:563 37 libxul.so nsWindow::OnButtonReleaseEvent widget/src/gtk2/nsWindow.cpp:2864 38 libxul.so button_release_event_cb widget/src/gtk2/nsWindow.cpp:5660 39 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x141d47 40 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x1006d 41 libxcb.so.1.1.0 libxcb.so.1.1.0@0xb7de 42 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0xf784 43 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x354b5 44 libpthread-2.13.so libpthread-2.13.so@0xa6bf 45 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x20efa 46 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x1eb0f 47 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x6d600 48 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x11474 49 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x354b5 50 libpthread-2.13.so libpthread-2.13.so@0xa6bf 51 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x2a3da 52 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x419af 53 firefox-bin free memory/jemalloc/jemalloc.c:1426 54 @0x7f0cfa913b9f 55 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x2a7c1 56 firefox-bin malloc memory/jemalloc/jemalloc.c:1442 57 @0x7fff9d9e08fb 58 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x25db55 59 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x25dd8e 60 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x13ff02 61 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x1402b2 62 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x5eb7b 63 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x4509c 64 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x5eb2f 65 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x53b2f 66 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x45877 67 libpthread-2.13.so libpthread-2.13.so@0x910f 68 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x45b08 69 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/src/xpwidgets/nsBaseAppShell.cpp:173 70 libxul.so nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:333 71 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:597 72 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 73 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134 74 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:202 75 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:192 76 libxul.so nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:220 77 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3786 78 firefox-bin main browser/app/nsBrowserApp.cpp:158 79 libc-2.13.so libc-2.13.so@0x1eeac 80 firefox-bin Output browser/app/nsBrowserApp.cpp:77 81 @0x7fff9d9e3396
Regression range: Last good nightly: 2011-02-17 First bad nightly: 2011-02-18 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4b9e814fe3ab&tochange=1eed87fac9ce
Keywords: regression
Further track down with GNU/Linux: The first bad revision is: changeset: 62741:b4f2c723731d user: mattm@chromium.org date: Thu Feb 17 14:53:44 2011 +0100 summary: Bug 584922, leak of unicodePw SECITEM in nsPKCS12Blob::ExportToFile and nsPKCS12Blob::ImportFromFileHelper, r=kaie, a=beltzner
I could also reproduce with FF5.0b Crash report here: https://crash-stats.mozilla.com/report/index/bp-cca076c6-4c98-42d4-9514-b28022110528
Status: UNCONFIRMED → NEW
Component: General → Security: PSM
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → psm
Version: 4.0 Branch → 2.0 Branch
(In reply to comment #6) > I could also reproduce with FF5.0b > Crash report here: > https://crash-stats.mozilla.com/report/index/bp-cca076c6-4c98-42d4-9514- > b28022110528 Strange! I've double checked and 5.0b does not crash for me. Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 http://hg.mozilla.org/releases/mozilla-beta/rev/40ea1355db3f But wait... Reproduced: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 http://hg.mozilla.org/releases/mozilla-beta/rev/40ea1355db3f Difference between 32 and 64 bits?
I have an 32bit build. Difference is very much possible. Crashing quite depends on the in-memory layout of program variables, their allocated space (length) and such. This may be different between 32bit and 64bit builds.
Hardware: All → x86
64 bit builds of FX4 also crash as shown in comment 2, but later on the 64 bit builds stopped crashing while the recent 32 bit builds still continue to crash. Double check again. Still Works For Me... Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1 ...but this one crashes! Reproduced! Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1
The regression range in comment 4 was investigated with i686 on x86_64 and I did the further track down in comment 5 in native x86_64. Thus, most likely the problem started at the same time on 32 and 64 bit builds.
The native x86_64 Linux Firefox stopped crashing between the following two builds: 2011-03-31 http://hg.mozilla.org/mozilla-central/rev/422bbd8245a7 2011-04-01 http://hg.mozilla.org/mozilla-central/rev/1a89509e25e4 But when I try to track it down further using my local build it continues to crash even after that range, so maybe the ceased crashing in x86_64 Linux is just a coincident depending on a fortunated combination of library and compiler versions etc.
Crash Signature: [@ PORT_ZFree_Util ]
Depends on: 716345
Crash Signature: [@ PORT_ZFree_Util ] → [@ PORT_ZFree_Util ] [@ PORT_ZFree_Util | SECITEM_ZfreeItem_Util]
Whiteboard: [bugday-2011-05-27] → [bugday-2011-05-27][psm-backlog]
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.