Closed
Bug 757064
Opened 12 years ago
Closed 6 years ago
Thunderbird crashes in NSS_CMSContentInfo_GetContentTypeTag
Categories
(NSS :: Libraries, defect, P5)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: michael, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [tbird crash])
Crash Data
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0 Build ID: 20120423122624 Steps to reproduce: Update to 12.0.1 (Ubuntu 12.04) which worked fine a few days. Then it started to crash right after starting it. Disabled all addons. Deleted/recreated profile, it fetched emails from IMAP for a while and then again: crashes on every start. Actual results: I suspect it's a particular email (with SMIME?) but I cannot locate which causes the crash. Expected results: Shouldnt crash ;)
Comment 1•12 years ago
|
||
Are you sending the crash report ? if so can we get a crash id (https://support.mozillamessaging.com/en-US/kb/thunderbird-crashes?s=crash+id&as=s#os=mac&browser=tb13) ?
Severity: normal → critical
Keywords: crash
Reporter | ||
Comment 2•12 years ago
|
||
Yes, I thought the get linked as I started there: https://crash-stats.mozilla.com/report/index/bp-4521ede8-0c1f-405e-8506-7d3052120521 https://crash-stats.mozilla.com/report/index/bp-3b60f6d6-b3db-48e6-b614-f98ff2120514
Reporter | ||
Comment 3•12 years ago
|
||
Additionally installed thunderbird-dbg and started "thunderbird --debug": --- cut --- mm@v3750mm:~$ thunderbird --debug GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2) 7.4-2012.04 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-linux-gnu". For bug reporting instructions, please see: <http://bugs.launchpad.net/gdb-linaro/>... Reading symbols from /usr/lib/thunderbird/thunderbird-bin...Reading symbols from /usr/lib/debug/usr/lib/thunderbird/thunderbird-bin...done. done. (gdb) run Starting program: /usr/lib/thunderbird/thunderbird-bin [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". [New Thread 0xb460bb40 (LWP 10843)] [New Thread 0xb3d4fb40 (LWP 10844)] [New Thread 0xb2dffb40 (LWP 10845)] [New Thread 0xb1ff1b40 (LWP 10846)] [New Thread 0xb13ffb40 (LWP 10847)] [New Thread 0xb0bfeb40 (LWP 10848)] [New Thread 0xb03fdb40 (LWP 10849)] [New Thread 0xaf7fcb40 (LWP 10850)] [New Thread 0xaeaffb40 (LWP 10851)] [New Thread 0xaddffb40 (LWP 10852)] [New Thread 0xab66fb40 (LWP 10853)] enigmail.js: Registered components [New Thread 0xaaaffb40 (LWP 10854)] [New Thread 0xaa2feb40 (LWP 10855)] [New Thread 0xa9afdb40 (LWP 10856)] [New Thread 0xa92fcb40 (LWP 10857)] [New Thread 0xa8afbb40 (LWP 10858)] [New Thread 0xa82fab40 (LWP 10859)] [Thread 0xab66fb40 (LWP 10853) exited] [Thread 0xa9afdb40 (LWP 10856) exited] [Thread 0xaa2feb40 (LWP 10855) exited] [New Thread 0xa7a49b40 (LWP 10860)] [Thread 0xa82fab40 (LWP 10859) exited] [Thread 0xa8afbb40 (LWP 10858) exited] [Thread 0xa92fcb40 (LWP 10857) exited] [New Thread 0xab66fb40 (LWP 10861)] [New Thread 0xa9afdb40 (LWP 10862)] [Thread 0xa7a49b40 (LWP 10860) exited] [New Thread 0xa7a49b40 (LWP 10863)] [Thread 0xa9afdb40 (LWP 10862) exited] [New Thread 0xa9afdb40 (LWP 10864)] [Thread 0xa7a49b40 (LWP 10863) exited] [New Thread 0xa7a49b40 (LWP 10866)] [New Thread 0xaa2feb40 (LWP 10867)] [New Thread 0xa82fab40 (LWP 10868)] [Thread 0xa82fab40 (LWP 10868) exited] [Thread 0xa7a49b40 (LWP 10866) exited] [Thread 0xa9afdb40 (LWP 10864) exited] [New Thread 0xa7a49b40 (LWP 10869)] [Thread 0xaa2feb40 (LWP 10867) exited] [New Thread 0xaa2feb40 (LWP 10870)] [Thread 0xa7a49b40 (LWP 10869) exited] [New Thread 0xa7a49b40 (LWP 10871)] [New Thread 0xa82fab40 (LWP 10872)] [New Thread 0xa9afdb40 (LWP 10873)] [New Thread 0xa49ffb40 (LWP 10874)] [Thread 0xaa2feb40 (LWP 10870) exited] [Thread 0xa9afdb40 (LWP 10873) exited] [New Thread 0xaa2feb40 (LWP 10875)] [New Thread 0xa9afdb40 (LWP 10876)] [New Thread 0xa1cffb40 (LWP 10879)] [New Thread 0xa14feb40 (LWP 10880)] [New Thread 0xa08ffb40 (LWP 10881)] [New Thread 0xa00feb40 (LWP 10882)] [New Thread 0x9f8fdb40 (LWP 10883)] [New Thread 0x9eeffb40 (LWP 10884)] [New Thread 0x9e6feb40 (LWP 10885)] [New Thread 0x99cc4b40 (LWP 10886)] (thunderbird-bin:10838): libebook-WARNING **: e_book_client_new: Cannot get book from factory: Invalid source [New Thread 0x98cffb40 (LWP 10887)] [Thread 0x98cffb40 (LWP 10887) exited] [New Thread 0x984feb40 (LWP 10889)] [New Thread 0x98cffb40 (LWP 10890)] [Thread 0x98cffb40 (LWP 10890) exited] [New Thread 0x98cffb40 (LWP 10891)] [Thread 0xa49ffb40 (LWP 10874) exited] Program received signal SIGSEGV, Segmentation fault. NSS_CMSContentInfo_GetContentTypeTag (cinfo=0xc) at cmscinfo.c:315 315 cmscinfo.c: Datei oder Verzeichnis nicht gefunden. --- cut ---
Updated•12 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 5•12 years ago
|
||
Hmm, sure about the duplicate on #668314, which happened on TB 5 under Windows and 1 year old - with no progress? Please let me know if there is any debugging I can help with.. -> As a workaround, disabled (Offline)-Sync now "resolved" the immidiate crash, maybe I can find the mail causing this by scrolling through..
Reporter | ||
Comment 6•12 years ago
|
||
Just as a note, if somebody runs into the same: disabling offline-sync helped for no more than 10 minutes, it crashed then again after every start after 7-10 secs.. I patched cmscinfo.c now in the ubuntu-package and rebuilt it, as I really want my preferred mail-client back->UP ;) And dont care about s/mime at all (using PGP/GPG since 1998) --> which doesn't fix this surely but merely breaks smime I guess, but at least here avoids TB from crashing on this since some hours: --- cut --- --- a/thunderbird-12.0.1+build1/build-tree/mozilla/mozilla/security/nss/lib/smime/cmscinfo.c 2012-04-28 22:57:08.000000000 +0200 +++ b/thunderbird-12.0.1+build1/build-tree/mozilla/mozilla/security/nss/lib/smime/cmscinfo.c 2012-05-21 21:29:55.543690368 +0200 @@ -312,6 +312,7 @@ SECOidTag NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) { + return SEC_OID_UNKNOWN; if (cinfo->contentTypeTag == NULL) cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); --- cut --- Again, I really have no clue which of the 160785 elements in my mailbox is causing this crash, but I won't delete it because of one (unwanted, probably broken) S/MIME-Message and think whatever the reason is, TB shouldnt crash on it! If you give me some instructions on how to find the real reason/message/missing file, I'll try..
Comment 7•12 years ago
|
||
(In reply to Michael from comment #5) > Hmm, sure about the duplicate on #668314, which happened on TB 5 under > Windows and 1 year old - with no progress? Yes same signature and stack ... > Please let me know if there is any debugging I can help with.. > > -> As a workaround, disabled (Offline)-Sync now "resolved" the immidiate > crash, maybe I can find the mail causing this by scrolling through.. kaie would need to say
Reporter | ||
Updated•8 years ago
|
Whiteboard: I think this bug is still present, I hit it again: kubuntu 16.04 TB 38.8.0, gdb output Thread 1 "thunderbird" received signal SIGSEGV, Segmentation fault. 0x00007ffff5530926 in NSS_CMSContentInfo_GetContentTypeTag () from /usr/lib/thunderbird/libsmime3.so
Version: 12 Branch → 38 Branch
Reporter | ||
Updated•8 years ago
|
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 8•8 years ago
|
||
(copied from whiteboard) > I think this bug is still present, I hit it again: kubuntu 16.04 TB 38.8.0, gdb output Thread 1 "thunderbird" received signal SIGSEGV, Segmentation fault. 0x00007ffff5530926 in NSS_CMSContentInfo_GetContentTypeTag () from /usr/lib/thunderbird/libsmime3.so A. Somewhat unlikely you are seeing the "same bug" as what caused the crash 4+ years ago. B. The info you provided isn't enough to be actionable. A set of steps to reproduce, an email testcase, or a full stacktrace with symbols is needed https://developer.mozilla.org/en-US/docs/Mozilla/How_to_get_a_stacktrace_for_a_bug_report#Linux
Flags: needinfo?(mm)
Whiteboard: I think this bug is still present, I hit it again: kubuntu 16.04 TB 38.8.0, gdb output Thread 1 "thunderbird" received signal SIGSEGV, Segmentation fault. 0x00007ffff5530926 in NSS_CMSContentInfo_GetContentTypeTag () from /usr/lib/thunderbird/libsmime3.so
Reporter | ||
Comment 9•8 years ago
|
||
though it's very similar and it wasn't really solved back in 2012. Yesterday I synced the same inbox/subfolders again for the first time; Just to be clear: I think it's a somewhat "broken" old email causing this, but I have no idea which. And clearly, if it could be reproduced, it's a DoS-attack against TB.. I submitted new crash reports already: https://crash-stats.mozilla.com/report/index/62144c65-75e0-4377-8089-c48522160702 I'll find a workaround anyhow, but maybe its important to rule out this bug and rare corner-case(?)
Flags: needinfo?(mm)
Reporter | ||
Comment 10•8 years ago
|
||
I did exactly the same as in #6 https://bugzilla.mozilla.org/show_bug.cgi?id=757064#c6 Patched the function, rebuilt the package, the problem is gone! (but not really solved) If I can do anything to find the offending msg please let me know..
Comment 11•8 years ago
|
||
(In reply to Michael Markstaller from comment #9) > though it's very similar and it wasn't really solved back in 2012. > Yesterday I synced the same inbox/subfolders again for the first time; > > Just to be clear: I think it's a somewhat "broken" old email causing this, > but I have no idea which. > And clearly, if it could be reproduced, it's a DoS-attack against TB.. > I submitted new crash reports already: > https://crash-stats.mozilla.com/report/index/62144c65-75e0-4377-8089- > c48522160702 That's certainly a step in the right direction. 0 libsmime3.so NSS_CMSContentInfo_GetContentTypeTag /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmscinfo.c:281 1 libsmime3.so NSS_CMSContentInfo_Destroy /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmscinfo.c:56 2 libsmime3.so NSS_CMSContentInfo_Destroy /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmscinfo.c:65 3 libsmime3.so NSS_CMSContentInfo_Destroy /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmscinfo.c:59 4 libsmime3.so NSS_CMSMessage_Destroy /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmsmessage.c:99 5 libsmime3.so NSS_CMSDecoder_Finish /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mozilla/security/nss/lib/smime/cmsdecode.c:714 6 libxul.so nsCMSDecoder::Finish /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mailnews/mime/src/nsCMS.cpp:856 7 libxul.so MimeCMS_eof /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mailnews/mime/src/mimecms.cpp:610 8 libxul.so MimeEncrypted_parse_eof /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mailnews/mime/src/mimecryp.cpp:219 9 libxul.so MimeMultipart_close_child /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mailnews/mime/src/mimemult.cpp:547 10 libxul.so MimeMultipart_parse_line /build/thunderbird-ib2wjW/thunderbird-38.8.0+build1/mailnews/mime/src/mimemult.cpp:153 Other examples https://crash-stats.mozilla.com/signature/?date=%3E2016-04-01&signature=NSS_CMSContentInfo_GetContentTypeTag%20%7C%20NSS_CMSContentInfo_Destroy%20%7C%20NSS_CMSContentInfo_Destroy%20%7C%20NSS_CMSContentInfo_Destroy%20%7C%20NSS_CMSMessage_Destroy%20%7C%20NSS_CMSDecoder_Finish%20%7C%20nsCMSDecoder%3A%3AFinish&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&page=1 ALL are linux. And all from yesterday 7/1/2016 - are they all from you?
Reporter | ||
Comment 12•8 years ago
|
||
Most/all of them are probably from me; but still, isn't that a good reason to at least investigate this issue? As said, it works again after just disabling NSS_CMSContentInfo_GetContentTypeTag in cmscinfo.c, but thats no real solution, just a workaround..
Comment 13•8 years ago
|
||
I suspect bug 668314 is the same issue
Assignee: nobody → nobody
Status: UNCONFIRMED → NEW
Crash Signature: [@ NSS_CMSContentInfo_GetContentTypeTag | NSS_CMSContentInfo_Destroy | NSS_CMSContentInfo_Destroy | NSS_CMSContentInfo_Destroy | NSS_CMSMessage_Destroy | NSS_CMSDecoder_Finish | nsCMSDecoder::Finish ]
Component: General → Libraries
Ever confirmed: true
Product: Thunderbird → NSS
Summary: Thunderbird crashes → Thunderbird crashes in NSS_CMSContentInfo_GetContentTypeTag
Version: 38 Branch → trunk
Comment 15•8 years ago
|
||
can you reproduce using nightly version 50? see https://archive.mozilla.org/pub/thunderbird/nightly/latest-comm-central/
Flags: needinfo?(michael)
Reporter | ||
Comment 16•8 years ago
|
||
I'll try but it may take some time! Compiling TB from source takes hours even an a core I7 with SSD. And then it takes many hours to sync the inbox again.. If you could give me a hint how to find the offending mail, i'd happy to supply it(?)
Reporter | ||
Comment 17•7 years ago
|
||
Update: Still present in TB 45.5.1, submitted a crash-report today and yesterday; after patching & recompile as described in https://bugzilla.mozilla.org/show_bug.cgi?id=757064#c6 everything is fine (except from S/MIME surely - i don't care about..) Its a little annoying to keep a locally patched version of TB for 4yrs :) Think it just doesnt happen as long as all offending emails are once locally synced and not get accessed(?)
Updated•6 years ago
|
Priority: -- → P5
Comment 18•6 years ago
|
||
>If you could give me a hint how to find the offending mail, i'd happy to supply it(?) Determining which folder it is in would be a start bug 1376254 appears to be the same. The only example reports I found for this signature are Mac bp-d8389abd-06a3-410d-aa09-e6d830180330 0 libnss3.dylib NSS_CMSContentInfo_GetContentTypeTag security/nss/lib/smime/cmscinfo.c:285 1 libnss3.dylib NSS_CMSContentInfo_Destroy security/nss/lib/smime/cmscinfo.c:54 2 libnss3.dylib NSS_CMSContentInfo_Destroy security/nss/lib/smime/cmscinfo.c:63 3 libnss3.dylib NSS_CMSContentInfo_Destroy security/nss/lib/smime/cmscinfo.c:57 4 libnss3.dylib NSS_CMSMessage_Destroy security/nss/lib/smime/cmsmessage.c:99 5 libnss3.dylib NSS_CMSDecoder_Finish security/nss/lib/smime/cmsdecode.c:714 6 XUL nsCMSDecoder::Finish(nsICMSMessage**) /builds/slave/tb-rel-c-esr52-m64_bld-0000000/build/mailnews/mime/src/nsCMS.cpp:857 7 XUL MimeCMS_eof /builds/slave/tb-rel-c-esr52-m64_bld-0000000/build/mailnews/mime/src/mimecms.cpp:610 https://hg.mozilla.org/releases/mozilla-esr52/annotate/4caffebfb91f/security/nss/lib/smime/cmscinfo.c#l285 Firefox crash at slightly different place, that is a couple lines lower bp-609f9f66-d522-4e92-9d47-f5fc00180305 NSS_CMSContentInfo_GetContentTypeTag | NSS_CMSMessage_Create | NSS_CMSDecoder_Start | NSS_CMSMessage_CreateFromDER | mozilla::VerifyCMSDetachedSignatureIncludingCertificate 0 nss3.dll NSS_CMSContentInfo_GetContentTypeTag security/nss/lib/smime/cmscinfo.c:288 1 nss3.dll NSS_CMSMessage_Create security/nss/lib/smime/cmsmessage.c:41 2 nss3.dll NSS_CMSDecoder_Start security/nss/lib/smime/cmsdecode.c:606 3 nss3.dll NSS_CMSMessage_CreateFromDER security/nss/lib/smime/cmsdecode.c:732 4 xul.dll mozilla::VerifyCMSDetachedSignatureIncludingCertificate(SECItemStr const&, SECItemStr const&, nsresult (*)(CERTCertificateStr*, void*, void*), void*, void*, nsNSSShutDownPreventionLock const&) security/manager/ssl/nsDataSignatureVerifier.cpp:142 5 xul.dll `anonymous namespace'::VerifySignature security/apps/AppSignatureVerification.cpp:699 6 xul.dll `anonymous namespace'::OpenSignedAppFile security/apps/AppSignatureVerification.cpp:750 7 xul.dll `anonymous namespace'::OpenSignedAppFileTask::CalculateResult security/apps/AppSignatureVerification.cpp:975 8 xul.dll mozilla::CryptoTask::Run() security/manager/ssl/CryptoTask.cpp:53 https://hg.mozilla.org/releases/mozilla-esr52/annotate/a7c8e85285e2/security/nss/lib/smime/cmscinfo.c#l288
Depends on: 1376254
Updated•6 years ago
|
Whiteboard: [tbird crash]
Comment 19•6 years ago
|
||
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 12 years ago → 6 years ago
Resolution: --- → WONTFIX
Updated•3 years ago
|
Flags: needinfo?(michael)
You need to log in
before you can comment on or make changes to this bug.
Description
•