Closed
Bug 660190
Opened 14 years ago
Closed 7 years ago
Crash on certificate backup when master password prompt is canceled [@ PORT_ZFree_Util ]
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 401240
People
(Reporter: david.balazic, Unassigned)
References
Details
(Keywords: crash, regression, Whiteboard: [bugday-2011-05-27][psm-backlog])
Crash Data
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
FF crashes, even in safe mode, reproducibly with the steps below.
Reproducible: Always
Steps to Reproduce:
1. set up a master password
2. import some personal certificates (with private key)
3. in Options/Advanced/View certificates select a certificate on the Your Certificates tab and click Backup...
4. in the file dialog enter a filename and click Save
5. a dialog asking the master password appears
6. cancel it with the escape key
7. a dialog appears telling that the certificate backup failed
8. cancel it with the escape key
after that all firefox Windows disappear, also the process
Could you attach some dummy test certificate on which we can try this?
Whiteboard: [bugday-2011-05-27]
Comment 2•14 years ago
|
||
Reproduced with some_user_cert.pfx from attachment 528818 [details] (from unrelated bug 651897). Seems to be 100% reproducible.
Mozilla/5.0 (X11; Linux x86_64; rv:2.0) Gecko/20100101 Firefox/4.0
Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
[@ PORT_ZFree_Util ]
bp-956409b5-a7b8-416b-ac1d-983cd2110528
bp-d2460a82-d39c-4304-b7eb-91e012110528
bp-c7f017da-f482-4cd9-9c28-163042110528
WFM:
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (X11; Linux x86_64; rv:6.0a2) Gecko/20110527 Firefox/6.0a2
Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1
Severity: normal → critical
Keywords: crash
OS: Windows XP → All
Hardware: x86 → All
Summary: Crash on certificate backup when master password prompt is canceled → Crash on certificate backup when master password prompt is canceled [@ PORT_ZFree_Util ]
Version: unspecified → 4.0 Branch
Comment 3•14 years ago
|
||
0 libnssutil3.so PORT_ZFree_Util secport.c:159
1 libnssutil3.so SECITEM_ZfreeItem_Util secitem.c:277
2 libxul.so nsPKCS12Blob::ExportToFile security/manager/ssl/src/nsPKCS12Blob.cpp:491
3 libxul.so nsNSSCertificateDB::ExportPKCS12File security/manager/ssl/src/nsNSSCertificateDB.cpp:1209
4 libxul.so NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:195
5 libxul.so XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:3124
6 libxul.so XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1613
7 libxul.so js::Interpret js/src/jscntxtinlines.h:701
8 libxul.so js::RunScript js/src/jsinterp.cpp:653
9 libxul.so js::Invoke js/src/jsinterp.cpp:740
10 libxul.so js::ExternalInvoke js/src/jsinterp.cpp:863
11 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5173
12 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1914
13 libxul.so nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:228
14 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1127
15 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:1222
16 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:146
17 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:341
18 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:628
19 libxul.so nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:691
20 libxul.so PresShell::HandleDOMEventWithTarget layout/base/nsPresShell.cpp:7142
21 libxul.so nsContentUtils::DispatchXULCommand content/base/src/nsContentUtils.cpp:5483
22 libxul.so nsButtonBoxFrame::DoMouseClick layout/xul/base/src/nsButtonBoxFrame.cpp:172
23 libxul.so nsButtonBoxFrame::HandleEvent layout/xul/base/src/nsButtonBoxFrame.cpp:137
24 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:386
25 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:628
26 libxul.so PresShell::HandleEventInternal layout/base/nsPresShell.cpp:7066
27 libxul.so PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6915
28 libxul.so nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:4109
29 libxul.so nsEventStateManager::PostHandleEvent content/events/src/nsEventStateManager.cpp:3009
30 libxul.so PresShell::HandleEventInternal layout/base/nsPresShell.cpp:7089
31 libxul.so PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6900
32 libxul.so PresShell::HandleEvent layout/base/nsPresShell.cpp:6734
33 libxul.so nsViewManager::HandleEvent view/src/nsViewManager.cpp:1105
34 libxul.so nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1083
35 libxul.so HandleEvent view/src/nsView.cpp:161
36 libxul.so nsWindow::DispatchEvent widget/src/gtk2/nsWindow.cpp:563
37 libxul.so nsWindow::OnButtonReleaseEvent widget/src/gtk2/nsWindow.cpp:2864
38 libxul.so button_release_event_cb widget/src/gtk2/nsWindow.cpp:5660
39 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x141d47
40 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x1006d
41 libxcb.so.1.1.0 libxcb.so.1.1.0@0xb7de
42 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0xf784
43 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x354b5
44 libpthread-2.13.so libpthread-2.13.so@0xa6bf
45 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x20efa
46 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x1eb0f
47 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x6d600
48 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x11474
49 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x354b5
50 libpthread-2.13.so libpthread-2.13.so@0xa6bf
51 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x2a3da
52 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x419af
53 firefox-bin free memory/jemalloc/jemalloc.c:1426
54 @0x7f0cfa913b9f
55 libgobject-2.0.so.0.2800.6 libgobject-2.0.so.0.2800.6@0x2a7c1
56 firefox-bin malloc memory/jemalloc/jemalloc.c:1442
57 @0x7fff9d9e08fb
58 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x25db55
59 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x25dd8e
60 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x13ff02
61 libgtk-x11-2.0.so.0.2400.4 libgtk-x11-2.0.so.0.2400.4@0x1402b2
62 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x5eb7b
63 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x4509c
64 libgdk-x11-2.0.so.0.2400.4 libgdk-x11-2.0.so.0.2400.4@0x5eb2f
65 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x53b2f
66 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x45877
67 libpthread-2.13.so libpthread-2.13.so@0x910f
68 libglib-2.0.so.0.2800.6 libglib-2.0.so.0.2800.6@0x45b08
69 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/src/xpwidgets/nsBaseAppShell.cpp:173
70 libxul.so nsBaseAppShell::OnProcessNextEvent widget/src/xpwidgets/nsBaseAppShell.cpp:333
71 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:597
72 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250
73 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134
74 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:202
75 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:192
76 libxul.so nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:220
77 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3786
78 firefox-bin main browser/app/nsBrowserApp.cpp:158
79 libc-2.13.so libc-2.13.so@0x1eeac
80 firefox-bin Output browser/app/nsBrowserApp.cpp:77
81 @0x7fff9d9e3396
Comment 4•14 years ago
|
||
Regression range:
Last good nightly: 2011-02-17 First bad nightly: 2011-02-18
Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4b9e814fe3ab&tochange=1eed87fac9ce
Keywords: regression
Comment 5•14 years ago
|
||
Further track down with GNU/Linux:
The first bad revision is:
changeset: 62741:b4f2c723731d
user: mattm@chromium.org
date: Thu Feb 17 14:53:44 2011 +0100
summary: Bug 584922, leak of unicodePw SECITEM in nsPKCS12Blob::ExportToFile and nsPKCS12Blob::ImportFromFileHelper, r=kaie, a=beltzner
I could also reproduce with FF5.0b
Crash report here:
https://crash-stats.mozilla.com/report/index/bp-cca076c6-4c98-42d4-9514-b28022110528
Updated•14 years ago
|
Status: UNCONFIRMED → NEW
Component: General → Security: PSM
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → psm
Version: 4.0 Branch → 2.0 Branch
Comment 7•14 years ago
|
||
(In reply to comment #6)
> I could also reproduce with FF5.0b
> Crash report here:
> https://crash-stats.mozilla.com/report/index/bp-cca076c6-4c98-42d4-9514-
> b28022110528
Strange! I've double checked and 5.0b does not crash for me.
Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
http://hg.mozilla.org/releases/mozilla-beta/rev/40ea1355db3f
But wait... Reproduced:
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
http://hg.mozilla.org/releases/mozilla-beta/rev/40ea1355db3f
Difference between 32 and 64 bits?
I have an 32bit build.
Difference is very much possible. Crashing quite depends on the in-memory layout of program variables, their allocated space (length) and such. This may be different between 32bit and 64bit builds.
Hardware: All → x86
Comment 9•14 years ago
|
||
64 bit builds of FX4 also crash as shown in comment 2, but later on the 64 bit builds stopped crashing while the recent 32 bit builds still continue to crash.
Double check again. Still Works For Me...
Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1
...but this one crashes! Reproduced!
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:7.0a1) Gecko/20110527 Firefox/7.0a1
Comment 10•14 years ago
|
||
Comment 11•14 years ago
|
||
The native x86_64 Linux Firefox stopped crashing between the following two builds:
2011-03-31
http://hg.mozilla.org/mozilla-central/rev/422bbd8245a7
2011-04-01
http://hg.mozilla.org/mozilla-central/rev/1a89509e25e4
But when I try to track it down further using my local build it continues to crash even after that range, so maybe the ceased crashing in x86_64 Linux is just a coincident depending on a fortunated combination of library and compiler versions etc.
Assignee | ||
Updated•14 years ago
|
Crash Signature: [@ PORT_ZFree_Util ]
Updated•13 years ago
|
Crash Signature: [@ PORT_ZFree_Util ] → [@ PORT_ZFree_Util ]
[@ PORT_ZFree_Util | SECITEM_ZfreeItem_Util]
Updated•9 years ago
|
Whiteboard: [bugday-2011-05-27] → [bugday-2011-05-27][psm-backlog]
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•