Closed Bug 83200 Opened 21 years ago Closed 16 years ago
Incompatibility with libsafe xpidl malfunction
I had a problem for quite a while on my system (RedHat Linux 7.0 / 7.1), and now found the solution. The symptoms were: - the Netscape 6 installer always crashes on my system - the Mozilla installer always crashes on my system - when I try to compile Mozilla, the xpidl program produces interface files with damaged numeric values. (This did not happen when I manually link xpidl statically.) I found out that there was a package installed on my system called "libsafe". It's purpose is (I cite): "The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible." You can read more about this package at: http://www.avayalabs.com/project/libsafe/index.html After I removed this package from my system, my problems immediately went away. The Mozilla installer now works and xpidl works, too. Haven't tried with the Netscape 6 installer yet, but assume this was the same problem. My assumption is: This library seems to be a plugin into the system shared library loading process, which is in some way incompatible with the shared library loading mechanisms of Mozilla (this should be XPCom from my understanding). Maybe it's just the parts that use the "long long" type, as it seemed only those numbers were affected in xpidl, and besides from that xpidl worked. Asa Dotzler suggested, it might be a good idea to include this warning in the browser's release notes. I agree. I don't know how many people have this package installed on their systems. It is NOT contained on the main Red Hat Linux installation CDs, so no problem even if people do a full install. However, Red Hat is delivered with an extra CD called "Powertools", which contains the libsafe. Therefore, curious souls like me might have this package installed. The version of libsafe which showed the incompatibility with Mozilla was 1.3, which is included with Red Hat 7.1.
One of the consequences of this problem is: xpidl warns about "initialized with negative constant" for some of the constants in the idl files.
reassign all kandrot xpcom bug.
Assignee: kandrot → dougt
Target Milestone: --- → Future
this is a very old bug. reporter, is this bug still valid?
Since nobody else ever complained about this, I suspect only very few developers have libsafe installed. After I had uninstalled it two years ago, I never installed it again. I don't see the bug is invalid, if at all, I suggest it to be WONTFIX. However, if we resolve it, people might not find it, so it might make sense to leave the bug open.
I haven't had Mozilla crash due to libsafe in a long time, so that part of the bug is probably fixed. However, I haven't compiled Mozilla in a long time, so I can't speak about the xpidl part of the bug.
updating summary to remove crashing comment per comment 5
Summary: Incompatibility with libsafe / crashes / xpidl malfunction → Incompatibility with libsafe xpidl malfunction
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.