Closed Bug 886166 Opened 11 years ago Closed 7 years ago

Firefox crash in SSL stuff due to NULL pointer in asm code

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: olivier+mozilla, Unassigned)

Details

(Keywords: crash)

Crash Data

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0 (Beta/Release)
Build ID: 20130620112846

Steps to reproduce:

Nothing special, surfing the web



Actual results:

Firefox froze, with this stacktrace :
Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fffe3aff700 (LWP 20596)]
0x00007ffff73cc2cc in __libc_send (fd=<optimized out>, buf=<optimized out>, n=<optimized out>, flags=<optimized out>) at ../sysdeps/unix/sysv/linux/x86_64/send.c:33
33	../sysdeps/unix/sysv/linux/x86_64/send.c: Aucun fichier ou dossier de ce type.
(gdb) bt full
#0  0x00007ffff73cc2cc in __libc_send (fd=<optimized out>, buf=<optimized out>, n=<optimized out>, flags=<optimized out>) at ../sysdeps/unix/sysv/linux/x86_64/send.c:33
        resultvar = <optimized out>
        oldtype = 0
        result = <optimized out>
#1  0x00007ffff69e6b47 in pt_Send (fd=0x7fffc0e74640, buf=0x7fffc2437000, amount=27, flags=0, timeout=4294967295) at /build/buildd/firefox-22.0~b6+build1/./nsprpub/pr/src/pthreads/ptio.c:1914
        syserrno = <optimized out>
        bytes = -1
        fNeedContinue = 0
#2  0x00007ffff5a40bf1 in ssl_DefSend (ss=0x7fffc15cc000, buf=0x7fffc2437000 "\025\003\001", len=27, flags=0) at ssldef.c:95
        rv = <optimized out>
        lower = 0x7fffc0e74640
        sent = 0
#3  0x00007ffff5a35a6b in ssl3_SendRecord (ss=0x7fffc15cc000, epoch=0, type=content_alert, pIn=0x7fffe3afec40 "", nIn=0, flags=0) at ssl3con.c:2556
        sent = <optimized out>
        contentLen = 2
        spaceNeeded = <optimized out>
        numRecords = <optimized out>
        wrBuf = 0x7fffc15cc098
        rv = <optimized out>
        totalSent = 0
        capRecordVersion = 0
#4  0x00007ffff5a35e8e in SSL3_SendAlert (ss=0x7fffc15cc000, level=<optimized out>, desc=close_notify) at ssl3con.c:2847
        sent = <optimized out>
        bytes = "\001"
        rv = SECSuccess
#5  0x00007ffff5a44b9e in ssl_SecureClose (ss=0x7fffc15cc000) at sslsecur.c:1061
No locals.
#6  0x00007ffff3721273 in nsNSSSocketInfo::CloseSocketAndDestroy (this=0x7fffa16f1e00) at /build/buildd/firefox-22.0~b6+build1/security/manager/ssl/src/nsNSSIOLayer.cpp:759
        popped = 0x7fffc0e746d0
        poppedPlaintext = 0x0
        status = <optimized out>
#7  0x00007ffff37212cb in nsSSLIOLayerClose (fd=0x7fffa5596640) at /build/buildd/firefox-22.0~b6+build1/security/manager/ssl/src/nsNSSIOLayer.cpp:737
        locker = {<No data fields>}
        socketInfo = <optimized out>
#8  0x00007ffff2ea6966 in ReleaseFD_Locked (this=0x7fffd44ed900, fd=<optimized out>) at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransport2.cpp:1466
No locals.
#9  nsSocketTransport::ReleaseFD_Locked (this=0x7fffd44ed900, fd=<optimized out>) at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransport2.cpp:1459
No locals.
#10 0x00007ffff2ea9368 in nsSocketTransport::OnSocketDetached (this=0x7fffd44ed900, fd=<optimized out>) at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransport2.cpp:1713
        lock = {mLock = 0x7fffd44eda08}
        secCtrl = {<nsCOMPtr_base> = {mRawPtr = 0x7fffa16f1ec0}, <No data fields>}
        ourCallbacks = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        ourEventSink = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#11 0x00007ffff2ea9a11 in nsSocketTransportService::DetachSocket (this=0x7fffe3b12740, listHead=0x7fffab15c000, sock=0x7fffab15c4b0)
    at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransportService2.cpp:181
---Type <return> to continue, or q <return> to quit---
        event = {<nsCOMPtr_base> = {mRawPtr = 0x7ffff2ea735a}, <No data fields>}
#12 0x00007ffff2eaa596 in nsSocketTransportService::DoPollIteration (this=0x7fffe3b12740, wait=<optimized out>)
    at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransportService2.cpp:814
        i = 50
        count = <optimized out>
        pollInterval = 0
        n = 1
#13 0x00007ffff2eaa9d8 in nsSocketTransportService::Run (this=0x7fffe3b12740) at /build/buildd/firefox-22.0~b6+build1/netwerk/base/src/nsSocketTransportService2.cpp:642
        pendingEvents = false
        goingOffline = <optimized out>
        thread = 0x7fffe85594c0
        threadInt = {<nsCOMPtr_base> = {mRawPtr = 0x7fffe85594c0}, <No data fields>}
#14 0x00007ffff3b343a6 in nsThread::ProcessNextEvent (this=0x7fffe85594c0, mayWait=true, result=0x7fffe3afee4f) at /build/buildd/firefox-22.0~b6+build1/xpcom/threads/nsThread.cpp:627
        event = {<nsCOMPtr_base> = {mRawPtr = 0x7fffe3b12758}, <No data fields>}
        notifyMainThreadObserver = <optimized out>
        obs = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        canary = {static sOutputFD = 0}
        rv = NS_OK
#15 0x00007ffff3b08131 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=true) at /build/buildd/firefox-22.0~b6+build1/obj-x86_64-linux-gnu/xpcom/build/nsThreadUtils.cpp:238
        val = true
#16 0x00007ffff3b345bd in nsThread::ThreadFunc (arg=0x7fffe85594c0) at /build/buildd/firefox-22.0~b6+build1/xpcom/threads/nsThread.cpp:265
        self = 0x7fffe85594c0
        event = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#17 0x00007ffff69ea1bc in _pt_root (arg=0x7ffff6c44f20) at /build/buildd/firefox-22.0~b6+build1/./nsprpub/pr/src/pthreads/ptthread.c:191
        thred = 0x7ffff6c44f20
        detached = 0
#18 0x00007ffff73c4e9a in start_thread (arg=0x7fffe3aff700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7fffe3aff700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1, 4382142515983688917, 140737488335552, 140737013348800, 0, 3, -4382081356227140395, -4382124354228968235}, mask_was_saved = 0}}, priv = {
            pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#19 0x00007ffff70f1ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#20 0x0000000000000000 in ?? ()
No symbol table info available.



Expected results:

Nothing
Assignee: nobody → nobody
Severity: normal → critical
Crash Signature: [@ ssl_DefSend | ssl3_SendRecord | SSL3_SendAlert ]
Component: Untriaged → Libraries
Keywords: crash
Product: Firefox → NSS
Version: 22 Branch → trunk
Olivier, do you still crash?
Flags: needinfo?(olivier+mozilla)
4 years later, I don't remember the problem. Please close as OLD.
Flags: needinfo?(olivier+mozilla)
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.