*** NSPlugin Viewer runaway errors are causing .xsession-errors file to fill hard drive partition

Bug #720833 reported by Doug Morse
38
This bug affects 7 people
Affects Status Importance Assigned to Milestone
nspluginwrapper (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: firefox

After running apt-get upgrade in the last 24 hours, I noticed that the backup of my home directory using backup2l -- an incremental backup program -- jumped to have a gigabyte for one days' increment. Alarmed by this, I investigated and seems that NSPlugin Viewer is writing the following lines to $HOME/.xsession-errors at least once every second and as such is rapidly filling the /home partition:

$ ls -l .xession-errors

-rw------- 1 morse morse 610290736 2011-02-17 10:44 .xsession-errors

this file is normally 32-64k or such, and in less than 24 hours is now 610MB, entirely due to these identical entries:

*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer *** WARNING:(/build/buildd/nspluginwrapper-1.2.2/src/npw-viewer.c:1017):invoke_NPN_InvalidateRect: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))

once i ran:

$ pkill -9 -f npview

the file stopped growing.

I am marking this bug as a security vulnerability because I believe it needs immediate attention and I know of no other way of informing canonical of the urgency of this matter. While technical not a security concern, runaway processes like this that fill up partitions can make machines and servers unusable. My apologies in advance if this was not the appropriate way to report this, but I'd rather error on the side of being a bit alarmist about this because, if this problem isn't somehow specific to my machine -- which I tend to doubt, because nothing has changed in my usage, installed programs, etc. other than running apt-get upgrade -- then a lot of less technical users could be very adversely affected. As such, I feel important that someone look into this quickly.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Thu Feb 17 10:47:53 2011
FirefoxPackages:
 firefox 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
 firefox-gnome-support 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
 firefox-branding 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
 abroswer N/A
 abrowser-branding N/A
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: firefox

Revision history for this message
Doug Morse (dm-dougmorse) wrote :
Revision history for this message
Doug Morse (dm-dougmorse) wrote :

Hi,

ALSO IMPORTANT:

I forgot to include: I strongly suspect that this might be due to the update to Flash plugin, as these were the npviewer processes running while the .xsession-errors file was still growing:

morse@localhost ~> ps aux | grep npview
morse 2886 11.3 0.8 161200 70220 ? Sl Feb16 213:54 /usr/lib/nspluginwrapper/i386/linux/npviewer.bin --plugin /usr/lib/flashplugin-installer/libflashplayer.so --connection /org/wrapper/NSPlugins/libflashplayer.so/2828-1
morse 14338 0.0 0.0 7628 996 pts/2 S+ 10:44 0:00 grep --color=auto npv
morse 24032 1.0 0.6 128544 52444 ? S Feb16 18:23 /usr/lib/nspluginwrapper/i386/linux/npviewer.bin --plugin /usr/lib/flashplugin-installer/libflashplayer.so --connection /org/wrapper/NSPlugins/libflashplayer.so/23581-3

Hope this helps. Ugh, I hate Flash. :) I long for the days when HTML5 or some other open technology takes over. :)

Best,
Doug

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
visibility: private → public
affects: firefox (Ubuntu) → nspluginwrapper (Ubuntu)
Revision history for this message
Doug Morse (dm-dougmorse) wrote : Re: [Bug 720833] Re: *** NSPlugin Viewer runaway errors are causing .xsession-errors file to fill hard drive partition

Hi Marc,

Certainly, and again I realize I was reporting something out-of-band (i.e., non-security). I do hope you pass this report along to others within (or associated with) Canonical who handle higher-urgency, non-security matters, just as a "heads up" of a potential problem that might have adverse widescale impact. Obviously, it's unclear at this point if the problem was a one-time occurrence (e.g., perhaps related to a particular website) or perhaps specific to something about my configuration, or in the worst case something about which you all are about to flooded with very unhappy users. It's this latter possibility that I'm concerned about. As for me, I can certainly handle this issue by just keeping an eye on my .xsession-error files and/or disable the Flash plugin and/or npviewer altogether if need be. It's the less technical Ubuntu user who I'm concerned about who might suddenly find themselves with a full /home partition and suddenly and unexpectedly not be able to wor
 k and not understand why or what to do about it. Best to be proactive about such things IMO.

Anyway, best regards and thanks for all you do!

Cheers,
Doug

On Thu, 17 Feb 2011 17:51:05 -0000 Marc Deslauriers <email address hidden> wrote:
>
> ----------------------- Original Message -----------------------
>
> From: Marc Deslauriers <email address hidden>
> To: <email address hidden>
> Date: Thu, 17 Feb 2011 17:51:05 -0000
> Subject: [Bug 720833] Re: *** NSPlugin Viewer runaway errors are causing .xsession-errors file to fill hard drive partition
>
> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. We appreciate the difficulties you are facing, but this appears
> to be a "regular" (non-security) bug. I have unmarked it as a security
> issue since this bug does not show evidence of allowing attackers to
> cross privilege boundaries nor directly cause loss of data/privacy.
> Please feel free to report any other bugs you may find.
>
> ** Visibility changed to: Public
>
> ** This bug is no longer flagged as a security vulnerability
>
> ** Package changed: firefox (Ubuntu) => nspluginwrapper (Ubuntu)
>

Revision history for this message
Doug Morse (dm-dougmorse) wrote :

Hi,

This .xession-errors runaway file problem has stuck again, and this time it's repeatable. If I run abiword on this machine, it acts strangely -- I can type in a few characters and then it looks up (but gnome never offers to close it -- and when I close it sometime the abiword process ends, sometimes it doesn't. Also, sometimes the abiword window closes, sometimes it doesn't. Regardless, once I attempt to terminate Abiword, either it or some other process unknown to me at this time runs away and my $HOME/.xession-errors files grows by about 100Mb per minute. This will eventually fill up the partition (/home) and lock up the machine, but I've learned that if I remove the .xsession-error file, the partition stops filling. HOWEVER, there is then a discrepancy between what 'du -sh /home' reports and 'df -h /home' report. My /home is a 3.5Gb partition. Right now, du -sh shows usage 1.2Gb (which is correct), but df -h reports 1.4Gb. One time when the .xsession-error file nearly filed the partition, du -sh would still report 1.2Gb after I removed .xession-errors, but df -h reported 3.4Gb used. In this latter case, the machine eventually locked up anyway (after 30-40 minutes). So, I'm beginning to wonder if filesystem corruption is a part of this. I'm about to log out and unmount and remount /home so as to (hopefully) not lock up again here in a few minutes.

I've attached the last 500 lines of these .xession-errors files from the last two times abiword has done this (which, BTW, is every time I run it, hence the defect is determinant). I included previously the .xession-errors messages from when NSPlugin did this. So, I'm pretty sure we're looking at a more structural problem here than just typical Adobe Flash nonsense.

Thanks,
Doug

Revision history for this message
Doug Morse (dm-dougmorse) wrote :

Here is a file with the last 500 lines of the second .xsession-errors file after the file runaway problem (abiword).

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nspluginwrapper (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.