[Pkg-mozext-maintainers] Bug#782772: logging into metnors.debian.net crashes iceweasel ..

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon May 18 14:07:48 UTC 2015 

On Mon 2015-05-18 00:45:34 -0400, Norbert Preining wrote:
> On Sun, 17 May 2015, Paul Wise wrote:
>> > it seems there is a serious problem with iceweasel crashing on
>> > https sites even from Debian, like mentors.debian.org
>> > (interestingly *not* https://www.debian.org/)
>> > 
>> > I have contacted the Debian Mentors Team, and Paul Wise
>> > advised me to contact both security and icewease packaging team.
>> > 
>> > I have reproduced this with iceweasel --safe-mode, it crashes
>> > (segfaults) repeatetly when accessing any 
>> > 	https://mentors.debian.org/

I think this was supposed to be https://mentors.debian.net/, not .org.

>> > I guess this must be a but in Iceweasel, but follow the advise
>> > of Paul to contact security, too.
>> 
>> There is now a public bug report about this:
>> 
>> https://bugs.debian.org/782772
>
> Unfortunately, this seems to be different. I have HTTPS Everywhere
> disabled, and it still crashes.
>
> Then I removed the package from Debian and it still crashes.
>
> So it seems there are more things concerned. I have also disabled
> other SSL related addons, without success. Crash is 100% repeatable.

I can replicate it as well with 37.0.2-1, starting from a fresh profile
and in safe-mode:

0 dkg at alice:~$ iceweasel -no-remote -profile "$(mktemp -d)" -safe-mode https://mentors.debian.net/

(process:7717): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Segmentation fault
139 dkg at alice:~$ iceweasel -version

(process:7782): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Mozilla Iceweasel 37.0.2
0 dkg at alice:~$

After upgrading to 38.0-2, with iceweasel-dbg, i get the following
backtrace during the segfault:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd94fe700 (LWP 10459)]
0x00007ffff403bb87 in GatherEKUTelemetry (certList=...)
    at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
1047	/tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp: No such file or directory.
(gdb) bt
#0  0x00007ffff403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certList=...)
    at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1047
#1  0x00007ffff403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certList=...)
    at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1117
#2  0x00007ffff403bb87 in mozilla::psm::(anonymous namespace)::AuthCertificate(mozilla::psm::CertVerifier&, mozilla::psm::TransportSecurityInfo*, CERTCertificate*, mozilla::ScopedCERTCertList&, SECItem*, uint32_t, mozilla::pkix::Time) (certVerifier=..., infoObject=0x7fffcccfdbc0, cert=<optimized out>, peerCertChain=..., stapledOCSPResponse=0x0, providerFlags=<optimized out>, time=...)
    at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1182
#3  0x00007ffff403be5b in mozilla::psm::(anonymous namespace)::SSLServerCertVerificationJob::Run() (this=0x7fffcc2e1920)
    at /tmp/buildd/iceweasel-38.0/security/manager/ssl/src/SSLServerCertVerification.cpp:1310
#4  0x00007ffff2c1f799 in nsThreadPool::Run() (this=0x7ffff6b53e80)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThreadPool.cpp:225
---Type <return> to continue, or q <return> to quit---
#5  0x00007ffff2c1d3a3 in nsThread::ProcessNextEvent(bool, bool*) (this=0x7fffcfff8ed0, aMayWait=<optimized out>, aResult=0x7fffd94fddf7)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:855
#6  0x00007ffff2c32829 in NS_ProcessNextEvent(nsIThread*, bool) (aThread=<optimized out>, aMayWait=aMayWait at entry=false)
    at /tmp/buildd/iceweasel-38.0/xpcom/glue/nsThreadUtils.cpp:265
#7  0x00007ffff2de9f64 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) (this=0x7fffce44fbc0, aDelegate=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/glue/MessagePump.cpp:339
#8  0x00007ffff2dde9d7 in MessageLoop::Run() (this=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:226
#9  0x00007ffff2dde9d7 in MessageLoop::Run() (this=this at entry=0x7fffd4cb9fc0)
    at /tmp/buildd/iceweasel-38.0/ipc/chromium/src/base/message_loop.cc:200
#10 0x00007ffff2c21aa1 in nsThread::ThreadFunc(void*) (aArg=0x7fffcfff8ed0)
    at /tmp/buildd/iceweasel-38.0/xpcom/threads/nsThread.cpp:356
#11 0x00007ffff1aeefa8 in _pt_root (arg=0x7fffd1d6dca0) at ptthread.c:212
#12 0x00007ffff7bc70a4 in start_thread (arg=0x7fffd94fe700)
    at pthread_create.c:309
#13 0x00007ffff70eb04d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) 

hth,

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20150518/f6ffa1cb/attachment.sig>

More information about the Pkg-mozext-maintainers mailing list