Closed
Bug 70235
Opened 24 years ago
Closed 15 years ago
crash on start if /dev/zero not writable
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: johannes.lehtinen, Unassigned)
References
Details
(Keywords: crash)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.18 i586; en-US; 0.8) Gecko/20010215 BuildID: 2001021503 Mozilla 0.8 binary dist with talkback crashes on startup if /dev/zero is not writable. It tries to open /dev/zero in O_RDWR mode (is there any reason to do so?) and fails to handle the error situation nicely. Reproducible: Always Steps to Reproduce: to reproduce: chmod a-w /dev/zero mozilla workaround: chmod a+rw /dev/zero Actual Results: Mozilla segfaults before opening any windows. See the strace and backtrace in additional information. Expected Results: Startup view opened. Detected on: Linux 2.0.18 glibc 2.1.2 custom setup of Linux Strace on segfault: ... open("/dev/zero", O_RDWR) = -1 EACCES (Permission denied) old_mmap(NULL, 1056768, PROT_READ|PROT_WRITE, MAP_PRIVATE, -1, 0) = -1 EBADF (Bad file descriptor) close(-1) = -1 EBADF (Bad file descriptor) mkdir("/home/jle/.fullcircle", 0777) = -1 EEXIST (File exists) stat("/home/jle/.fullcircle", {st_mode=S_IFDIR|0750, st_size=1024, ...}) = 0 open("/dev/zero", O_RDWR) = -1 EACCES (Permission denied) old_mmap(NULL, 1056768, PROT_READ|PROT_WRITE, MAP_PRIVATE, -1, 0) = -1 EBADF (Bad file descriptor) close(-1) = -1 EBADF (Bad file descriptor) --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ Backtrace on segfault: (gdb) bt #0 0x4024a4de in __sigsuspend (set=0xbfffe4bc) at ../sysdeps/unix/sysv/linux/sigsuspend.c:48 #1 0x401ba823 in __pthread_create_2_1 (thread=0xbfffe608, attr=0xbfffe610, start_routine=0x401a435c <PR_Select+692>, arg=0x81098e8) at restart.h:32 #2 0x401a475c in PR_Select () #3 0x401a489c in PR_CreateThread () #4 0x400cb669 in nsThread::Init () #5 0x400cb742 in NS_NewThread () #6 0x40808f53 in NSGetModule () #7 0x40808d60 in NSGetModule () #8 0x400c0f69 in nsGenericFactory::CreateInstance () #9 0x400bebba in nsComponentManagerImpl::CreateInstance () #10 0x400c5d48 in nsComponentManager::CreateInstance () #11 0x400c68bf in nsServiceManagerImpl::GetService () #12 0x400c6e10 in nsServiceManager::GetService () #13 0x40803dcc in NSGetModule () #14 0x4080415e in NSGetModule () #15 0x400c0f69 in nsGenericFactory::CreateInstance () #16 0x400bebba in nsComponentManagerImpl::CreateInstance () #17 0x400c5d48 in nsComponentManager::CreateInstance () #18 0x400c68bf in nsServiceManagerImpl::GetService () #19 0x400c6e10 in nsServiceManager::GetService () #20 0x40460bbd in NSGetModule () #21 0x40466bb8 in NSGetModule () #22 0x40467013 in NSGetModule () #23 0x400c0f69 in nsGenericFactory::CreateInstance () #24 0x400bebba in nsComponentManagerImpl::CreateInstance () #25 0x400c5d48 in nsComponentManager::CreateInstance () #26 0x400c68bf in nsServiceManagerImpl::GetService () #27 0x400c6c9d in nsServiceManagerImpl::GetService () #28 0x400c6f18 in nsServiceManager::GetService () #29 0x400c61ac in nsGetServiceByContractID::operator() () #30 0x400d1321 in nsCOMPtr_base::assign_from_helper () #31 0x400aaa88 in nsFSStringConversion::PrepareFSCharset () #32 0x400aab48 in nsFSStringConversion::PrepareEncoder () #33 0x400aad65 in nsFSStringConversion::UCSToNewFS () #34 0x400ab248 in NS_NewUnicodeLocalFile () #35 0x407e8e91 in NSGetModule () #36 0x407e6135 in NSGetModule () #37 0x407e4d29 in NSGetModule () #38 0x407dee57 in NSGetModule () #39 0x407e4b40 in NSGetModule () #40 0x400c0f69 in nsGenericFactory::CreateInstance () #41 0x400bebba in nsComponentManagerImpl::CreateInstance () #42 0x400c5d48 in nsComponentManager::CreateInstance () #43 0x400c68bf in nsServiceManagerImpl::GetService () #44 0x400c6c9d in nsServiceManagerImpl::GetService () #45 0x400c6f18 in nsServiceManager::GetService () #46 0x400c61ac in nsGetServiceByContractID::operator() () #47 0x400d1321 in nsCOMPtr_base::assign_from_helper () #48 0x804d33b in JS_PushArguments () #49 0x804dbf5 in JS_PushArguments () #50 0x804e595 in JS_PushArguments () #51 0x402445ce in __libc_start_main (main=0x804e468 <JS_PushArguments+12460>, argc=1, argv=0xbffffa74, init=0x804af1c <_init>, fini=0x8053d84 <_fini>, rtld_fini=0x40009950 <_dl_fini>, stack_end=0xbffffa6c) at ../sysdeps/generic/libc-start.c:90 (gdb)
Comment 1•24 years ago
|
||
Probably due to http://lxr.mozilla.org/seamonkey/source/xpcom/build/malloc.c#1425 -- we open /dev/zero O_RDWR and then mmap it without checking the return value of open()....
Comment 2•24 years ago
|
||
updating component
Assignee: asa → scc
Status: UNCONFIRMED → NEW
Component: Browser-General → XPCOM
Ever confirmed: true
QA Contact: doronr → kandrot
Comment 3•24 years ago
|
||
Why would /dev/zero not be writable? Is /dev/null more likely to be writable than /dev/zero (and does it work in the same way)?
Comment 4•24 years ago
|
||
/dev/null is more likely to be writable than /dev/zero, yes. If only because writing to /dev/null is such a common way to ditch program output that any sysadmin who disabled writing to /dev/null would change his/her mind _really_ quickly.
Comment 5•24 years ago
|
||
Alright, so how about changing the filename to /dev/null, and adding an assertion that the open succeeded. (Couldn't the open fail for other reasons, such as having too many files open, btw?)
Comment 6•24 years ago
|
||
Unfortunately, _reading_ from /dev/null just gives EOF. Basically, we need to check the return value of that open() and do something sane of failure.
Comment 7•24 years ago
|
||
is this why with each new build loaded the very first launch crashes?? subsequent launches proceed fine. I've been seeing that behavior on the daily builds for some time now.
Comment 8•24 years ago
|
||
I saw this on windows with commercial build 2001-03-07-06-mtrunk
OS: Linux → All
Hardware: PC → All
This also crashes on Linux (2001-03-07-08-Mtrunk)after first time launching the browser.
Comment 10•23 years ago
|
||
I did not see this yesterday nor today on linux commercial build 2001-03-13-05-mtrunk
Comment 11•22 years ago
|
||
Bug 149493 says Slackware 8.0 makes /dev/zero read-only by default.
Comment 12•22 years ago
|
||
*** Bug 149493 has been marked as a duplicate of this bug. ***
Comment 13•22 years ago
|
||
I think this must have been fixed once, and then resurfaced for 1.0 - builds up to and including 1.0rc3 worked fine for me. Whatever's writing to /dev/zero should write to /dev/null instead, yes?
Comment 14•22 years ago
|
||
I suspect the code at http://lxr.mozilla.org/seamonkey/source/xpcom/build/malloc.c#1425 is the issue... Also, the search for /dev/zero shows us opening it as O_RDWR in a number of places.... (http://lxr.mozilla.org/seamonkey/search?string=%2Fdev%2Fzero)
Comment 15•22 years ago
|
||
*** Bug 150564 has been marked as a duplicate of this bug. ***
Comment 16•19 years ago
|
||
*** Bug 302857 has been marked as a duplicate of this bug. ***
Comment 17•19 years ago
|
||
*** Bug 245999 has been marked as a duplicate of this bug. ***
Updated•18 years ago
|
QA Contact: kandrot → nobody
Updated•18 years ago
|
Assignee: scc → nobody
QA Contact: nobody → xpcom
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•