crash when trying to view cert from Page Info on Mac OS X

VERIFIED FIXED in mozilla0.9.5

Status

P1
critical
VERIFIED FIXED
18 years ago
14 years ago

People

(Reporter: bugzilla, Assigned: sfraser_bugs)

Tracking

({crash, platform-parity})

Trunk
mozilla0.9.5
PowerPC
Mac OS X
crash, platform-parity

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [FIX IS IN TRUNK] PDT+ [OSX+])

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
not sure if this is a dup of bug 95404...

found using 2001.08.17.05-comm bits on Mac OS 10.0.4.

1. go to a secure site, eg, https://investing.schwab.com/trading/start/ or 
https://digitalid.verisign.com/
2. open Page Info window: View > Page Info, or cmd+I.
3. click the Security tab.
4. click the View button to view the security certificate info.

result: crash.

trace info:

Date/Time: 2001-08-20 18:16:31 -0700

PID:       301
Command:   Netscape 6

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
 #0   0x0239a95c in 
FormatTMTime__19nsDateTimeFormatMacFP9nsILocaleiiPCQ23std2tm
R8 ()
 #1   0x0239a898 in 
FormatTMTime__19nsDateTimeFormatMacFP9nsILocaleiiPCQ23std2tm
R8 ()
 #2   0x0239ad64 in 
FormatPRExplodedTime__19nsDateTimeFormatMacFP9nsILocaleiiPC1
4P ()
 #3   0x024c0f4c in ProcessTime__FxPCwP15nsIASN1Sequence ()
 #4   0x024c26d0 in 0x24c26d0 ()
 #5   0x024c3514 in 0x24c3514 ()
 #6   0x024c3a30 in 
GetASN1Structure__16nsNSSCertificateFPP13nsIASN1Object ()
 #7   0x00187ccc in _XPTC_InvokeByIndex ()
 #8   0x00187bc4 in XPTC_InvokeByIndex ()
 #9   0x01b1dae0 in 0x1b1dae0 ()
 #10  0x01b23cac in 
XPC_WN_GetterSetter__FP9JSContextP8JSObjectUiPlPl ()
 #11  0x01a5b01c in js_Invoke ()
 #12  0x01a5b2b0 in js_InternalInvoke ()
 #13  0x01a6e97c in js_GetProperty ()
 #14  0x01a61d7c in 0x1a61d7c ()
 #15  0x01a5b074 in js_Invoke ()
 #16  0x01a5b2b0 in js_InternalInvoke ()
 #17  0x01a3e3d8 in JS_CallFunctionValue ()
 #18  0x0243b78c in CallEventHandler__11nsJSContextFPvPvUiPvPii ()
 #19  0x02456494 in 
HandleEvent__17nsJSEventListenerFP11nsIDOMEvent ()
 #20  0x01faabc0 in 
HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru 
()
 #21  0x01fac638 in 0x1fac638 ()
 #22  0x02440734 in 
HandleDOMEvent__16GlobalWindowImplFP14nsIPresContextP7nsEvent
P ()
 #23  0x020dd0c0 in LoadComplete__18DocumentViewerImplFUi ()
 #24  0x0240e17c in 
EndPageLoad__10nsDocShellFP14nsIWebProgressP10nsIChannelUi ()
 #25  0x02423f10 in 0x2423f10 ()
 #26  0x0240dc8c in 
OnStateChange__10nsDocShellFP14nsIWebProgressP10nsIRequestiU
i ()
 #27  0x01de4bec in 
FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsI
Re ()
 #28  0x01de3afc in 
doStopDocumentLoad__15nsDocLoaderImplFP10nsIRequestUi ()
 #29  0x01de38a8 in DocLoaderIsEmpty__15nsDocLoaderImplFv ()
 #30  0x01de35a8 in 
OnStopRequest__15nsDocLoaderImplFP10nsIRequestP11nsISupports
Ui ()
 #31  0x01c74508 in 
RemoveRequest__11nsLoadGroupFP10nsIRequestP11nsISupportsUi ()
 #32  0x02c1496c in 
OnStopRequest__15imgRequestProxyFP10nsIRequestP11nsISupports
Ui ()
 #33  0x02c12758 in 
OnStopRequest__10imgRequestFP10nsIRequestP11nsISupportsUi ()
 #34  0x02c0fdfc in 
OnStopRequest__13ProxyListenerFP10nsIRequestP11nsISupportsUi ()
 #35  0x01caf9f4 in 
OnStopRequest__12nsJARChannelFP10nsIRequestP11nsISupportsUi 
()
 #36  0x01cca3a4 in HandleEvent__20nsOnStopRequestEventFv ()
 #37  0x01cc975c in 
HandlePLEvent__23nsARequestObserverEventFP7PLEvent ()
 #38  0x001b9da4 in PL_HandleEvent ()
 #39  0x001b9c20 in PL_ProcessPendingEvents ()
 #40  0x00162064 in ProcessPendingEvents__16nsEventQueueImplFv ()
 #41  0x01e00b28 in 
ProcessPLEventQueue__26nsMacNSPREventQueueHandlerFv ()
 #42  0x01e008ec in 
RepeatAction__26nsMacNSPREventQueueHandlerFRC11EventRecord ()
 #43  0x01e291a8 in DoRepeaters__8RepeaterFRC11EventRecord ()
 #44  0x01e14cfc in 
DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #45  0x01e14308 in DispatchNativeEvent__10nsAppShellFiPv ()
 #46  0x01bdd520 in ShowModal__11nsXULWindowFv ()
 #47  0x01bc9c04 in ShowModal__16nsWebShellWindowFv ()
 #48  0x01bdafa0 in ShowAsModal__18nsContentTreeOwnerFv ()
 #49  0x01a1ec10 in 
OpenWindowJS__15nsWindowWatcherFP12nsIDOMWindowPCcPCcPC
ciUiPlP ()
 #50  0x01a1da68 in 
OpenWindow__15nsWindowWatcherFP12nsIDOMWindowPCcPCcPCcP
11nsISu ()
 #51  0x03ee95c0 in 
openDialog__17nsNSSDialogHelperFP20nsIDOMWindowInternalPCcP1
1n ()
 #52  0x03eeebdc in ViewCert__12nsNSSDialogsFP11nsIX509Cert ()
 #53  0x024c0910 in View__16nsNSSCertificateFv ()
 #54  0x00187ccc in _XPTC_InvokeByIndex ()
 #55  0x00187bc4 in XPTC_InvokeByIndex ()
 #56  0x01b1dae0 in 0x1b1dae0 ()
 #57  0x01b23a78 in 
XPC_WN_CallMethod__FP9JSContextP8JSObjectUiPlPl ()
 #58  0x01a5b01c in js_Invoke ()
 #59  0x01a62fd4 in 0x1a62fd4 ()
 #60  0x01a5b074 in js_Invoke ()
 #61  0x01a62fd4 in 0x1a62fd4 ()
 #62  0x01a5b074 in js_Invoke ()
 #63  0x01a5b2b0 in js_InternalInvoke ()
 #64  0x01a3e3d8 in JS_CallFunctionValue ()
 #65  0x0243b78c in CallEventHandler__11nsJSContextFPvPvUiPvPii ()
 #66  0x02456494 in 
HandleEvent__17nsJSEventListenerFP11nsIDOMEvent ()
 #67  0x01faabc0 in 
HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru 
()
 #68  0x01fad0ac in 
HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve 
()
 #69  0x021cb9b0 in 
HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP
11n ()
 #70  0x027f0680 in 
HandleDOMEventWithTarget__9PresShellFP10nsIContentP7nsEventP13 
()
 #71  0x02916750 in 
MouseClicked__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEve
n ()
 #72  0x02916404 in 
HandleEvent__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEven
t ()
 #73  0x027f0514 in 
HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent ()
 #74  0x027f02b0 in 
HandleEventWithTarget__9PresShellFP7nsEventP8nsIFrameP10nsICon 
()
 #75  0x01fb6678 in 
CheckForAndDispatchClick__19nsEventStateManagerFP14nsIPresCont 
()
 #76  0x01fb4674 in 0x1fb4674 ()
 #77  0x027f0558 in 
HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent ()
 #78  0x027f01c4 in 
HandleEvent__9PresShellFP7nsIViewP10nsGUIEventP13nsEventStatus 
()
 #79  0x02a40af8 in 
HandleEvent__6nsViewFP10nsGUIEventUiP13nsEventStatusiRi ()
 #80  0x02a51b04 in 0x2a51b04 ()
 #81  0x02a3fef0 in HandleEvent__FP10nsGUIEvent ()
 #82  0x01dfee88 in 
DispatchEvent__8nsWindowFP10nsGUIEventR13nsEventStatus ()
 #83  0x01dfef5c in DispatchWindowEvent__8nsWindowFR10nsGUIEvent 
()
 #84  0x01dff0a0 in 
DispatchMouseEvent__8nsWindowFR12nsMouseEvent ()
 #85  0x01e0ed88 in 
HandleMouseUpEvent__17nsMacEventHandlerFR11EventRecord ()
 #86  0x01e0d2dc in 
HandleOSEvent__17nsMacEventHandlerFR11EventRecord ()
 #87  0x01e0c4d8 in 
HandleOSEvent__11nsMacWindowFR11EventRecord ()
 #88  0x01e112a8 in 
DispatchOSEvent__16nsMacMessageSinkFR11EventRecordP15Opaque
Win ()
 #89  0x01e15aac in 
DispatchOSEventToRaptor__16nsMacMessagePumpFR11EventRecord
P15O ()
 #90  0x01e1560c in 
DoMouseUp__16nsMacMessagePumpFR11EventRecord ()
 #91  0x01e14bfc in 
DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #92  0x01e1461c in DoMessagePump__16nsMacMessagePumpFv ()
 #93  0x01e13eac in Run__10nsAppShellFv ()
 #94  0x01bcf178 in Run__17nsAppShellServiceFv ()
 #95  0x00094f28 in main1__FiPPcP11nsISupport ()
 #96  0x00095ca8 in main ()

Thread 1:
 #0   0x7000424c in _syscall ()
 #1   0x706584b8 in _ProcessReadyEvent ()
 #2   0x706582b0 in _CarbonSelectThreadFunc ()
 #3   0x70014f04 in __pthread_body ()

Thread 2:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x7065557c in _CarbonOperationThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 3:
 #0   0x70059b48 in _semaphore_timedwait_signal_trap ()
 #1   0x7003f7f8 in _semaphore_timedwait_signal ()
 #2   0x70015f68 in __pthread_cond_wait ()
 #3   0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
 #4   0x7029b590 in _TSWaitOnConditionTimedRelative ()
 #5   0x7029cdac in _TSWaitOnSemaphoreCommon ()
 #6   0x702e5f98 in _TSWaitOnSemaphoreRelative ()
 #7   0x702e7208 in _TimerThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 4:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x7029b550 in _TSWaitOnCondition ()
 #5   0x7029cd94 in _TSWaitOnSemaphoreCommon ()
 #6   0x7029cce4 in _TSWaitOnSemaphore ()
 #7   0x7029cba8 in _AsyncFileThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 5:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x70653ab4 in _CarbonInetOperThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

PPC Thread State:
  srr0: 0x0239a95c srr1: 0x0000f030                vrsave: 0x00000000
   xer: 0x00000020   lr: 0x0239a8fc  ctr: 0x702b1ce0   mq: 0x00000000
    r0: 0x00000000   r1: 0xbfff8c24   r2: 0x02357470   r3: 0x00000000
    r4: 0xbfff9070   r5: 0x00000001   r6: 0x002ce961   r7: 0x00000019
    r8: 0x000007d0   r9: 0xb61a1f10  r10: 0x00008a20  r11: 0xb6193000
   r12: 0x80262cf0  r13: 0x01b75460  r14: 0x00ec2064  r15: 0x00000000
   r16: 0x00000000  r17: 0x04096760  r18: 0xbfff99fc  r19: 0x04096760
   r20: 0x002c3ca4  r21: 0x00000000  r22: 0x04098e50  r23: 0x00000002
   r24: 0x00000003  r25: 0xbfff92ec  r26: 0xbfff9444  r27: 0x00000000
   r28: 0x00000000  r29: 0x00000000  r30: 0xbfff941c  r31: 0x023a23b4

**********
(Reporter)

Comment 1

18 years ago
i don't have recent builds on other platforms, but i think this is OS X-only...
Keywords: crash, mozilla0.9.4, nsenterprise
Summary: crash when trying to view cert from Page Info → crash when trying to view cert from Page Info on Mac OS X
(Assignee)

Comment 2

18 years ago
We are dereferencing a nil handle at:

      UInt8 timeCycle = (**itl0HandleToModify).timeCycle;

in nsDateTimeFormatMac.cpp
(Assignee)

Comment 3

18 years ago
This is actually locale code, -> nhotta.
Assignee: ssaux → nhotta
Component: Client Library → Internationalization
Product: PSM → Browser
Version: 1.01 → other
(Reporter)

Comment 4

18 years ago
just tested with a mozilla linux debug from last night, as well as
2001.08.21.08-comm on linux, neither of which crashed.

Comment 5

18 years ago
Is this OS X only?  Should try OS 9.1 also.  Thanks!

Comment 6

18 years ago
*** Bug 96344 has been marked as a duplicate of this bug. ***

Comment 7

18 years ago
*** Bug 96419 has been marked as a duplicate of this bug. ***
(Reporter)

Comment 8

18 years ago
not a problem on Mac OS 9.1 [emul classic on X], or winnt --tested
w/2001.08.22.0x-comm bits.
Keywords: pp
(Assignee)

Comment 9

18 years ago
Can we get this triaged please?
(Assignee)

Comment 10

18 years ago
nhotta is on vacation, so -> ftang
Assignee: nhotta → ftang
(Reporter)

Comment 11

18 years ago
i'll do qa here, for the nonce. also cc'ing bsharma, the qa contact for Things PSM.
QA Contact: ckritzer → sairuh

Comment 12

18 years ago
m0.9.4, crash problem 
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla0.9.4

Comment 13

18 years ago
Created attachment 48178 [details] [diff] [review]
patch so it won't crash

Comment 14

18 years ago
/r=yokoyama
(Assignee)

Comment 15

18 years ago
Wouldn't it be better to explicitly pass 'nsnull' to the call to TimeString() 
outside of the condition?

Comment 16

18 years ago
sfraser- probably. The code which set itl0Handle to nil code is added later than
other code. 

Comment 17

18 years ago
sfraser- the itl0Handle may or may not be nsnull outside the condiction.
(Assignee)

Comment 18

18 years ago
I mean it should look like this:

+    if ( itl0Handle &&
+       (timeFormatSelector == kTimeFormatSecondsForce24Hour || 
+        timeFormatSelector == kTimeFormatNoSecondsForce24Hour)) {
      ...
    }
     else {
       ::TimeString(dateTime, (timeFormatSelector == kTimeFormatSeconds), 
timeString, nsnull);
     }

Comment 19

18 years ago
yes, I understand what you said, but
itl0Handle may not be nsnull in the else condiction. It could be in the else
block because timeFormatSelector have some other value than
TimeFormatSecondsForce24Hour   or kTimeFormatNoSecondsForce24Hour

Comment 20

18 years ago
I will be on vacation start from 9/6. If I don't got a approval of this by
tomorrow noon, then I will check it in after 9/17
(Assignee)

Comment 21

18 years ago
Comment on attachment 48178 [details] [diff] [review]
patch so it won't crash

Sorry, you're correct.
sr=sfraser
Attachment #48178 - Flags: superreview+

Comment 22

18 years ago
simon, I have not got approval from driver about this and I am leaving for 
vacation. None of my engineer build Mac these days (nhotta is on sabbitical). Is 
that possible that you can check in for me in case drivers approve this fix ?
(Assignee)

Comment 23

18 years ago
Sure, reassign to me before you leave.
Comment on attachment 48178 [details] [diff] [review]
patch so it won't crash

a=asa for checkin to 0.9.4 branch.
Attachment #48178 - Flags: approval+
---> Simon
Assignee: ftang → sfraser
Status: ASSIGNED → NEW
Keywords: nsbranch

Comment 26

18 years ago
did this make the mozilla release?  should it be closed. adding nsbranch+ to
make sure we pick this up.
Keywords: nsbranch → nsbranch+
(Assignee)

Comment 27

18 years ago
It didn't make it into Mozilla, alas.
(Assignee)

Comment 28

18 years ago
Fix has been checked into TRUNK.
Status: NEW → ASSIGNED
0.9.4 is out the door
Target Milestone: mozilla0.9.4 → mozilla0.9.5

Updated

18 years ago
Whiteboard: [FIX IS IN TRUNK]

Comment 30

18 years ago
Should we get this into the branch?  cc: jaimejr to get on radar of some list
(not sure which one we're tracking) to get marked pdt+.  This also seems to
affect signed messages causing a crash when reading a mail msg.
(Assignee)

Comment 31

18 years ago
I emailed pdt2 about it. I got no response.

Comment 32

18 years ago
lets get the fix on the branch...

thanks
Whiteboard: [FIX IS IN TRUNK] → [FIX IS IN TRUNK] PDT+

Updated

18 years ago
Whiteboard: [FIX IS IN TRUNK] PDT+ → [FIX IS IN TRUNK] PDT+ [OSX+]

Comment 33

18 years ago
*** Bug 95404 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 34

18 years ago
Patch has been checked in on the 0.9.4 branch.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
(Reporter)

Comment 35

18 years ago
vrfy fixed on mac os 10.0.4 using 2001.09.25.10-branch and 2001.09.25.20-trunk
commercial bits.
Status: RESOLVED → VERIFIED

Updated

17 years ago
Component: Internationalization → Page Info
QA Contact: sairuh → pmac
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.