Bug#782772: logging into metnors.debian.net crashes iceweasel ..

Daniel Kahn Gillmor Mon, 18 May 2015 07:10:21 -0700

On Mon 2015-05-18 00:45:34 -0400, Norbert Preining wrote:
> On Sun, 17 May 2015, Paul Wise wrote:
>> > it seems there is a serious problem with iceweasel crashing on
>> > https sites even from Debian, like mentors.debian.org
>> > (interestingly *not* https://www.debian.org/)
>> > 
>> > I have contacted the Debian Mentors Team, and Paul Wise
>> > advised me to contact both security and icewease packaging team.
>> > 
>> > I have reproduced this with iceweasel --safe-mode, it crashes
>> > (segfaults) repeatetly when accessing any 
>> >    https://mentors.debian.org/


I think this was supposed to be https://mentors.debian.net/, not .org.

>> > I guess this must be a but in Iceweasel, but follow the advise
>> > of Paul to contact security, too.
>> 
>> There is now a public bug report about this:
>> 
>> https://bugs.debian.org/782772
>
> Unfortunately, this seems to be different. I have HTTPS Everywhere
> disabled, and it still crashes.
>
> Then I removed the package from Debian and it still crashes.
>
> So it seems there are more things concerned. I have also disabled
> other SSL related addons, without success. Crash is 100% repeatable.

I can replicate it as well with 37.0.2-1, starting from a fresh profile
and in safe-mode:

0 dkg@alice:~$ iceweasel -no-remote -profile "$(mktemp -d)" -safe-mode 
https://mentors.debian.net/

(process:7717): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size 
== 0' failed
Segmentation fault
139 dkg@alice:~$ iceweasel -version

(process:7782): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size 
== 0' failed
Mozilla Iceweasel 37.0.2
0 dkg@alice:~$

After upgrading to 38.0-2, with iceweasel-dbg, i get the following
backtrace during the segfault:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd94fe700 (LWP 10459)]
0x00007ffff403bb87 in GatherEKUTelemetry (certList=...)
    at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
1047    
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:
 No such file or directory.
(gdb) bt
#0  0x00007ffff403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier&, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) 
(certList=...)
    at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
#1  0x00007ffff403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier&, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) 
(certList=...)
    at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1117
#2  0x00007ffff403bb87 in mozilla::psm::(anonymous 
namespace)::AuthCertificate(mozilla::psm::CertVerifier&, 
mozilla::psm::TransportSecurityInfo*, CERTCertificate*, 
mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) 
(certVerifier=..., infoObject=0x7fffcccfdbc0, cert=<optimized out>, 
peerCertChain=..., stapledOCSPResponse=0x0, providerFlags=<optimized out>, 
time=...)
    at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1182
#3  0x00007ffff403be5b in mozilla::psm::(anonymous 
namespace)::SSLServerCertVerificationJob::Run() (this=0x7fffcc2e1920)
    at 
/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1310
#4  0x00007ffff2c1f799 in nsThreadPool::Run() (this=0x7ffff6b53e80)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThreadPool.cpp:225
---Type <return> to continue, or q <return> to quit---
#5  0x00007ffff2c1d3a3 in nsThread::ProcessNextEvent(bool, bool*) 
(this=0x7fffcfff8ed0, aMayWait=<optimized out>, aResult=0x7fffd94fddf7)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:855
#6  0x00007ffff2c32829 in NS_ProcessNextEvent(nsIThread*, bool) 
(aThread=<optimized out>, aMayWait=aMayWait@entry=false)
    at /tmp/buildd/iceweasel-38.0/xpcom/glue/nsThreadUtils.cpp:265
#7  0x00007ffff2de9f64 in 
mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) 
(this=0x7fffce44fbc0, aDelegate=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/glue/MessagePump.cpp:339
#8  0x00007ffff2dde9d7 in MessageLoop::Run() (this=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:226
#9  0x00007ffff2dde9d7 in MessageLoop::Run() (this=this@entry=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:200
#10 0x00007ffff2c21aa1 in nsThread::ThreadFunc(void*) (aArg=0x7fffcfff8ed0)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:356
#11 0x00007ffff1aeefa8 in _pt_root (arg=0x7fffd1d6dca0) at ptthread.c:212
#12 0x00007ffff7bc70a4 in start_thread (arg=0x7fffd94fe700)
    at pthread_create.c:309
#13 0x00007ffff70eb04d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) 

hth,

      --dkg

signature.asc
Description: PGP signature

Bug#782772: logging into metnors.debian.net crashes iceweasel ..

Reply via email to