firefox 2.0.0.17 distributed with gutsy security crashes on most sites
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Fix Released
|
Critical
|
|||
firefox-3.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: firefox
Firefox 2.0.0.17 just distributed as a security upgrade to ubuntu gutsy i386 is not usable as it crashes on most sites. E.g. try www.fineco.it
In Mozilla Bugzilla #456705, Steve-england (steve-england) wrote : | #1 |
In Mozilla Bugzilla #456705, 1001110-gmx (1001110-gmx) wrote : | #2 |
Firefox did not crash when I create a new profile. It also does NOT crash if I open https-sites in the new profile.
I did not sent Talkback Crash data - I've enabled it now. Starting Firefox with my default profile makes it crashing again on entering https-sites. It seems to be a problem with one of the extensions.
I have sent a crash report with the following description:
Crash related to:
https:/
I hope that helps
In Mozilla Bugzilla #456705, 1001110-gmx (1001110-gmx) wrote : | #3 |
The Feedback Agent just told me that it was unable to send the report since it is unable to connect to the server. I think there is some firewall on my side that is blocking it.
In Mozilla Bugzilla #456705, Tobbi-bugs (tobbi-bugs) wrote : | #4 |
First of all: I'm not a developer.
As you know that it's a plugin that causes the crash it would now be helpful to know, which plugin of those three crashes. Thus you might have to disable one add-on a time and restart firefox.
First go to Tools > Add-ons. Right click an entry under 'Add-Ons' and click 'disable' in the context menu entry. Restart Firefox.
Then try again to access a https web site.
When you know the add-on that crashes, go to the appropriate web site of this add-on and report the issue there.
Adblock Plus: http://
FoxyProxy: http://
In Mozilla Bugzilla #456705, Steve-england (steve-england) wrote : | #5 |
For future reference, plugins are specifically things like flash, java, etc, whilst extensions are specifically the firefox addons.
In Mozilla Bugzilla #456705, Tobbi-bugs (tobbi-bugs) wrote : | #6 |
(In reply to comment #5)
> For future reference, plugins are specifically things like flash, java, etc,
> whilst extensions are specifically the firefox addons.
You're right and of course I know the difference. Just muddled these two up this time.
In Mozilla Bugzilla #456705, 1001110-gmx (1001110-gmx) wrote : | #7 |
It is a problem with Adblock Plus: Element Hiding Helper 1.0.5 and FoxyProxy 2.8.5. If one of these two extensions is enabled in any combination, Firefox will crash (on https).
Adblock Plus 0.7.5.5 alone will work fine. FoxyProxy (even if enabled alone) will crash Firefox. Adblock Plus: Element Hiding Helper will run only with Adblock Plus. Running the two Adblock Plus extensions together will crash Firefox.
I will go to the extension forums with this problem.
In Mozilla Bugzilla #456705, Chrisretusn (chrisretusn) wrote : | #8 |
Additional info: This is a 100% reproducible problem. Using XP Pro SP3, Fx 2.0.0.17 of course and FoxyProxy 2.8.5. I have 42 installed extensions. Of those one is Adblock Plus 0.7.5.5 which as a previous poster stated causes no problems.
When running Fx in Safe Mode, no problems. Running with all add-ons disabled, no problems. Running with all add-ons enabled except FoxyProxy, no problems. Problems occur only if FoxyProxy is enabled. This is as standalone only add-on installed or with other extensions installed (enabled or disabled).
I have also reported this problem to the author at:
http://
In Mozilla Bugzilla #456705, Steve-england (steve-england) wrote : | #9 |
Is this a regression? Did things work in 2.0.0.16
Sergio Callegari (callegar) wrote : | #10 |
Binary package hint: firefox
Firefox 2.0.0.17 just distributed as a security upgrade to ubuntu gutsy i386 is not usable as it crashes on most sites. E.g. try www.fineco.it
In Mozilla Bugzilla #456705, Timeless-bemail (timeless-bemail) wrote : | #11 |
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #12 |
An addon should not be able to crash the browser unless the addon is using binary contents (not only written in JS/xul)
In Mozilla Bugzilla #456705, Chrisretusn (chrisretusn) wrote : | #13 |
(In reply to comment #9)
> Is this a regression? Did things work in 2.0.0.16
In my case things worked in 2.0.0.16, failed after upgrading to 2.0.0.17
In Mozilla Bugzilla #456705, 1001110-gmx (1001110-gmx) wrote : | #14 |
Same here, things where fine in Firefox 2.0.0.16.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #15 |
(In reply to comment #11)
> An addon should not be able to crash the browser unless the addon is using
> binary contents (not only written in JS/xul)
True, and yet just as a web page "should not" be able to crash the browser it does sometimes happen.
In Mozilla Bugzilla #456705, Abillings (abillings) wrote : | #16 |
I confirmed the bug. It Foxyproxy 2.8.5 crashes Firefox 2.0.0.17 on first run after installation. On subsequent runs, I'm not seeing it crash.
In Mozilla Bugzilla #456705, Jbecerra-mozilla (jbecerra-mozilla) wrote : | #17 |
Firefox 2.0.0.16 does not crash on shutdown with FoxyProxy 2.8.5, but 2.0.0.17 does. Talkback Id for this crash: TB49885565Z
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #18 |
I see lots of crashes like TB49885565 at [0x00000000 8560629a] with no stack (i.e. useless), at least one of which mentions FoxyProxy and a couple mention it's constant since upgrading. Also lots of crashes at PL_DHashTableOp
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #19 |
*** Bug 457031 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #20 |
*** Bug 456982 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #21 |
Created attachment 340417
Stacktrace for this crash generated with Windbg, from bug 456982
In Mozilla Bugzilla #456705, Cbook (cbook) wrote : | #22 |
Created attachment 340425
stack Mac 10.5.5.
stack using foxyproxy and 2.0.0.17 Debug Build on Mac (Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.18pre Gecko/2008092519 Firefox/
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #23 |
As author of FoxyProxy, I can tell you that I have no idea how to fix this. Could really use some help. FoxyProxy has no binary components.
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #24 |
As mentioned in bug 456705, this is affecting roughly 35,000 users. I've confirmed that FoxyProxy with Firefox 2.0.0.17 crashes whenever visiting a SSL site.
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #25 |
Crash does not occur with versions 2.x versions of Firefox before 2.0.0.17, and it doesn't occur with Firefox 3.x.
In Mozilla Bugzilla #456705, Jesper Staun Hansen (jesper-staun-hansen-deactivatedaccount) wrote : | #26 |
Created attachment 340463
backtrace on ubuntu
Attached is the backtrace for ubuntu
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #27 |
This seems a consistent enough crash that we can narrow down the regression window -- that'd be a good start.
In Mozilla Bugzilla #456705, Cbook (cbook) wrote : | #28 |
i will work on a regression range for this bug.
In Mozilla Bugzilla #456705, Timeless-bemail (timeless-bemail) wrote : | #29 |
well, here are some problems (based on attachment 340417):
http://
nsSSLIOLayerHel
http://
nsNSSComponent:
this code is broken:
http://
it should null out mutex because it's not a class variable, it's a static.
attachment 340425 deals w/ a different mutex which seems less likely to be dead in the same way, afaict it should be alive here:
1022 nsAutoLock threadLock(
and unhappy here:
1046 nsAutoLock threadLock(
note that conceivably if the lifespan of the thread is wrong, bad things could happen, however i'm not able to find an obvious path for this (and finding a pretty source browser for foxyproxy was hard, so i gave up [yes, i downloaded the addon itself, but i have to pack for vacation or something...]).
attachment 340463 is different. table is null. it could stem from failing to check the Init method:
http://
but again this is unlikely (although it is a bug).
In Mozilla Bugzilla #456705, Timeless-bemail (timeless-bemail) wrote : | #30 |
eric, this comment's for you (comment 28 was for kaie):
proxy.js has:
fileProtoco
which is wrong. protocolhandlers are singletons. the proper way to get one can be found here:
http://
mook points out that nsIProtocolHandlers aren't usefully threadsafe, you must get a proxy for them, and in fact, you really want them to give you proxied objects, otherwise what you get is fairly useless.
you should look at some patches i've done involving nsIURIs and crashing (i think i may have even written some of them at your place)
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #31 |
Kai: comment 28 was for you
Sergio Callegari (callegar) wrote : | #32 |
Actually a (serious) regression of 2.0.0.17 also affecting Windows versions.
Many bugs reports indicate this as triggered by pages including https stuff and by the usage of the foxyproxy extension.
But an extension /not containing/ binary code should not crash the browser unless there is some issue issue in the browser itself.
See https:/
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #33 |
@timeless: pretty source browser for foxyproxy is here: http://
I've replaced all references of CC["@mozilla.
Instead of explicitly creating proxy objects for the service (can that be done in JS?), I've tried to ensure that use of the nsIFileProtocol
IOW, this kind of code:
var fph = CC["@mozilla.
function doStuff() {
// use fph here. fcn may be called whenever and by whomever
}
has been converted to this kind of code:
function doStuff() {
var fph = CC["@mozilla.
// use fph here. fcn may be called whenever and by whomever
}
Is that sufficient to guarantee single-threaded use of the service within JS?
In Mozilla Bugzilla #456705, Cbook (cbook) wrote : | #34 |
Found the regression window:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
Gecko/2008082603 BonEcho/2.0.0.17pre - works on SSL Sites with Proxyproxy
installed -> no crash
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17pre)
Gecko/2008082703 BonEcho/2.0.0.17pre - fails on SSL Sites with Proxyproxy
installed -> crash
Bonsai Query for this Timeframe -> http://
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #35 |
(In reply to comment #32)
> Bonsai Query for this Timeframe -> http://
This crash goes away if I back out the fix for bug 445890 ("XMLHttpReques
FoxyProxy uses XMLHttpRequest to load a PAC file, load strings from a chrome: URI, and load an .xml settings file out of the prefs. I don't know what XMLHttpRequest and multiple instances of the file protocol handler have to do with crashing on SSL connections.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #36 |
> and load an .xml settings file out of the prefs
I meant "profile [directory]".
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #37 |
(In reply to comment #33)
> This crash goes away if I back out the fix for bug 445890
> ("XMLHttpReques
>
> FoxyProxy uses XMLHttpRequest to load a PAC file, load strings from a chrome:
> URI, and load an .xml settings file out of the prefs. I don't know what
> XMLHttpRequest and multiple instances of the file protocol handler have to do
> with crashing on SSL connections.
I don't know if this helps, but FoxyProxy does define a custom protocol handler (see components/
From the FoxyProxy help:
For PAC files on an ftp server, use the ftp:// scheme. For example, ftp://leahscape
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #38 |
With FoxyProxy enabled I get lots of these even before I try to visit an SSL sites:
###!!! ASSERTION: nsNSSComponent is a singleton, but instantiated multiple times!: '(0 == mInstanceCount)', file /Users/
###!!! ASSERTION: nsSSLThread is a singleton, caller attempts to create another instance!: '!ssl_thread_
Break: at file /Users/
###!!! ASSERTION: nsCertVerificat
Break: at file /Users/
...mostly for nsNSSComponent. With the FoxyProxy addon removed i don't see those.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #39 |
Now I can tie the NSS assertion, FoxyProxy, and the XMLHttpRequest change together. In 2.0.0.17 w/FoxyProxy the first call to the nsNSSComponent constructor is due to FoxyProxy doing a XMLHttpRequest to load "chrome:
The change in bug 445890 tried to set an owner on the channel, but mPrincipal was null. If there had been an owner that would have avoided the jar signature check. In other uses (loading our own resources) the jar channels usually have an explicit system principal owner -- maybe XMLHttpRequest should be using that when called from chrome?
Not always though: when we load chrome:
If foxyproxy were "flat" instead of jarred this wouldn't come up, but that's ducking the issue.
Using XMLHttpRequest on a chrome: resource seems like an abuse of the feature, but I suppose it's an attractive nuisance to have a feature that does so much for you. Stringbundle is the feature made for loading localized strings, but that's a little more code. Is it a common pattern for addons to avoid stringbundles by using XML entities and XHR instead?
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #40 |
(In reply to comment #37)
> Stringbundle is the feature made for loading localized strings, but
> that's a little more code. Is it a common pattern for addons to avoid
> stringbundles by using XML entities and XHR instead?
The use of localized XML entities here is a way to avoid redundant translation strings. To elaborate:
I do indeed use a stringbundle (search for chrome:
I would speculate this pattern isn't done frequently, but I do know at least one other major extension which does it--FoxClocks. Andy McDonald, FoxClocks author, was the one who coined this idea AFAIK.
I am open to alternative uses of stringbundles/DTD files/etc to avoid double translation issues... please let me know if Andy and I have missed the obvious!
> If foxyproxy were "flat" instead of jarred this wouldn't come up, but that's
> ducking the issue.
I realize you're trying to fix the underlying cause. At the moment, I'm trying to patch FoxyProxy so Firefox 2.x users can use it. With that in mind, do you know if this would come up if I avoid XHR for reading strings.xml and instead use a file input stream?
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #41 |
(In reply to comment #38)
> I am open to alternative uses of stringbundles/DTD files/etc to avoid double
> translation issues... please let me know if Andy and I have missed the obvious!
p.s. using document.
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #42 |
(In reply to comment #37)
> If foxyproxy were "flat" instead of jarred this wouldn't come up, but that's
> ducking the issue.
I've built a "flat" (jar-less) XPI of foxyproxy and, indeed, the crashing behavior disappears on Windows and Ubuntu; can't test OS/X. I am releasing this shortly to AMO, so please don't blacklist FoxyProxy for Firefox 2.0.0.17.
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #43 |
To the OP and other FoxyProxy users: please get FoxyProxy 2.8.6 at https:/
In Mozilla Bugzilla #456705, A-geek (a-geek) wrote : | #44 |
*** Bug 457439 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #456705, A-geek (a-geek) wrote : | #45 |
To comment #41: I just updated and got 2.8.7 which allows me to enable FoxyProxy and still surf pages like this (HTTPS). I'll have to keep an eye on the crashes and hangs on exit, but would otherwise say "WORKS FOR ME" (Thank you!).
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #46 |
*** Bug 457505 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #456705, 1001110-gmx (1001110-gmx) wrote : | #47 |
I have now installed FoxyProxy 2.8.8 and it works fine for me. No crashes on https:// and no crashes or hangs on exit.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #48 |
(In reply to comment #36)
> ###!!! ASSERTION: nsNSSComponent is a singleton, but instantiated multiple
> times!: '(0 == mInstanceCount)', file
This should get changed into a hard abort.
In Mozilla Bugzilla #456705, Dtownsend (dtownsend) wrote : | #49 |
(In reply to comment #37)
> Now I can tie the NSS assertion, FoxyProxy, and the XMLHttpRequest change
> together. In 2.0.0.17 w/FoxyProxy the first call to the nsNSSComponent
> constructor is due to FoxyProxy doing a XMLHttpRequest to load
> "chrome:
> Along the way this calls nsJARChannel:
> if the jar is signed which fires up nsNSSComponent. Apparently it's too early
> to initialize NSS? nsNSSComponent:
> NS_APP_
> added to the component manager's service hashtable, which means it'll try again
> later even though nsNSSComponent has now been created and partially
> initialized.
Yeah as a general rule of thumb you should ignore really doing anything in the app-startup notification. The profile has not been selected at that point and I think it isn't even determined that the app will not be restarted to install/uninstall extensions as well.
The normal pattern is to use an app-startup observer to register for the profile-
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #50 |
(In reply to comment #47)
> (In reply to comment #37)
> > Now I can tie the NSS assertion, FoxyProxy, and the XMLHttpRequest change
> > together. In 2.0.0.17 w/FoxyProxy the first call to the nsNSSComponent
> > constructor is due to FoxyProxy doing a XMLHttpRequest to load
> > "chrome:
> > Along the way this calls nsJARChannel:
> > if the jar is signed which fires up nsNSSComponent. Apparently it's too early
> > to initialize NSS? nsNSSComponent:
> > NS_APP_
> > added to the component manager's service hashtable, which means it'll try again
> > later even though nsNSSComponent has now been created and partially
> > initialized.
>
> Yeah as a general rule of thumb you should ignore really doing anything in the
> app-startup notification. The profile has not been selected at that point and I
> think it isn't even determined that the app will not be restarted to
> install/uninstall extensions as well.
>
> The normal pattern is to use an app-startup observer to register for the
> profile-
> fires after essentially everything is available. In Firefox 3.1 you will even
> be able to directly register for profile-
> and avoid app-startup entirely.
The only thing FoxyProxy does in app-startup is:
gObsSvc.
gObsSvc.
gObsSvc.
The XHR to load chrome:
In Mozilla Bugzilla #456705, Bzbarsky (bzbarsky) wrote : | #51 |
OK. I've finally had a chance to read through this whole thing...
Looks like dveditz is spot on in comment 37. We should probably fix PSM/NSS so that it doesn't leave itself in an inconsistent state.
Re: comment 38, using a file input stream would in fact help the problem too.
Re: comment 48, the XHR happens from _loadStrings(), which is called from the constructor, which is executed when the core code creates the component so that it can send it the app-startup notification. So it's not happening _in_ FoxyProxy's app-startup, but immediately before it.
Over to PSM to fix the initialization issue...
In Mozilla Bugzilla #456705, Matti-mversen (matti-mversen) wrote : | #52 |
*** Bug 457693 has been marked as a duplicate of this bug. ***
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #53 |
(In reply to comment #49)
> Re: comment 38, using a file input stream would in fact help the problem too.
OK, thanks.
> Re: comment 48, the XHR happens from _loadStrings(), which is called from the
> constructor
Yep, you're right. I was looking at loadSettings(), not _loadStrings(). Sorry for the confusion.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #54 |
Last week Boris helped to understand this bug better, I promised to summarize the findings here.
In addition to the bug already reported above, Doug ran into another scenario that trigger the failure, with assertion
###!!! ASSERTION: nsNSSComponent is a sin
gleton, but instantiated multiple times!: '(0 == mInstanceCount)', file c:/builds/
SComponent.cpp, line 300
When we first try to init the XPCOM nsNSSComponent, we sometimes fail. No service object gets registered. As a result it will be retried at a later time, when someone else asks for the service.
Unfortunately the nsNSSComponent fails to clean up correctly. This is because there are strong references to it, despite the init failure, and therefore the XPCOM manager fails to clean up the failed instance.
Boris identified that the references are because of RegisterObserver. We must unregister on failure. The init code should get checked for other activity that needs to be undone.
I'd also like to add some self protection mechanism. After we do above cleanup, should we still run into multiple instances, the secondary instances should refrain from any activity.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #55 |
Kai: does the 1.9 branch have a similar initialization problem, even if it's not causing crashes?
Changed in firefox: | |
status: | Unknown → Confirmed |
Sergio Callegari (callegar) wrote : | #56 |
Newer versions of foxyproxy seem to fix the issue for me.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #57 |
Kai: I think we need to clean up the initialization issues here. FoxyProxy may not be triggering this crash anymore, but having to un-jar the addon is an ugly workaround that shows it's really a core issue we have to clean up. There might be other paths that similarly initialize NSS too early.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #58 |
Kai, what's the status of this bug? I could work on it if you don't have cycles.
In Mozilla Bugzilla #456705, Samuel-sidler+old (samuel-sidler+old) wrote : | #59 |
Boris is doing some work to mitigate this in bug 462806, but that doesn't solve NSS issue.
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #60 |
The pressure is off the immediate problem with Boris's fix, but we'll still want NSS to initialize/shutdown cleanly. Will take branch patches when this blocking bug is fixed on mozilla-central.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #61 |
-> me
Changed in firefox: | |
status: | Confirmed → In Progress |
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #62 |
Created attachment 349913
v1 for 1.8 branch
This is branch version of my fix for the psm/nss initialize.
- EnsureNSSInitia
- Moved thread creation from the constructor to safe position in Init() method; second creation caused deadlock of sockets
- Releasing the instance from observer service as Boris suggested; sufficient to let the service be released
- NSS generic constructors now fails when "@psm;1" could not be initialized; this probably also fixes bug 427715 (have no STR to check)
- This patch is missing a way to block second creation of nsNSSComponent instance (by accidental call of createInstance); should also be introduced?
Tested w/ and w/o Boris' patch for bug 462806 and isntalled FoxyProxy. No crashes.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #63 |
Created attachment 349914
v1 for 1.9.1
Same as v1 for 1.8 branch, just merged.
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #64 |
(In reply to comment #59)
> Tested w/ and w/o Boris' patch for bug 462806 and isntalled FoxyProxy. No
> crashes.
Please be sure you're using FoxyProxy 2.8.5 or earlier. 2.8.6 and higher work around this bug by not using a jar in the XPI. You can get 2.8.5 at https:/
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #65 |
I did use 2.8.5.
In Mozilla Bugzilla #456705, Bdm-fenrir (bdm-fenrir) wrote : | #66 |
I'm assuming that this fix will make it into a new nss/nspr release sometime soon? I currently have nss-3.12.2.0 on Fedora 9, which clearly does not have the fix (a plugin on my MUA uses curl to fetch RSS feeds which uses nss, it crashes regularly). Can someone suggest when an updated nss will appear ready for distro packagers to include it in updates?
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #67 |
Both patches are PSM fixes. There is no change to NSS.
In Mozilla Bugzilla #456705, Timeless-bemail (timeless-bemail) wrote : | #68 |
bdm: please file a bug with a stack trace (from gdb, not a system call trace!), psm is based on xpcom which is not something that curl would typically use.
In Mozilla Bugzilla #456705, Bdm-fenrir (bdm-fenrir) wrote : | #69 |
Should I be filing this as a Mozilla bug? Or a Fedora bug against nss?
I'm actually using Claws Mail with the RSSyl RSS plugin that calls curl which then uses nss for https:// RSS feeds.
In Mozilla Bugzilla #456705, Bzbarsky (bzbarsky) wrote : | #70 |
Or a Claws Mail bug, or an RSSyl plugin bug?
I'd start by filing against the thing using NSS in this case, and seeing what they say.
In Mozilla Bugzilla #456705, Bdm-fenrir (bdm-fenrir) wrote : | #71 |
I Bugzilla'd this on the Fedora Bugzilla against nss, so far I have not seen any response. There is a stack trace there as requested.
I suppose I could put it in the Mozilla bugzilla, but I don't understand the difference between nss and xpcom or the way in which they fit with the Fedora packages.
In Mozilla Bugzilla #456705, Bdm-fenrir (bdm-fenrir) wrote : | #72 |
The Fedora bug link is below:
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #73 |
This bug is not about NSSRWLock_
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #74 |
The workaround for this bug described by Dan in comment #37 (packaging the extension flat instead of jar'd) causes another issue: plugins (not addons) are mysteriously enabled after restart,excepting the java plugin. That is, if you disable all plugins and restart FF, all plugins (except java) are re-enabled. FoxyProxy does nothing to plugins explicitly. Jar'ing the XPI fixes the problem. There is a full description here: http://
Please let me know if I should open a new issue for this.
Thanks,
Eric
In Mozilla Bugzilla #456705, Gavin Sharp (gavin-sharp) wrote : | #75 |
You should open a new issue for that! Best to err on the side of unnecessarily opening a new bug in general, too - they're cheap!
In Mozilla Bugzilla #456705, ericjung (eric-jung) wrote : | #76 |
(In reply to comment #72)
> You should open a new issue for that! Best to err on the side of unnecessarily
> opening a new bug in general, too - they're cheap!
Done. Bug 471245.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #77 |
NS_
rv = inst->_
if(
rv = inst->QueryInte
+ if (triggeredByNSS
+ EnsureNSSInitia
} \
+ else \
+ EnsureNSSInitia
Are you sure you always want to reset? What about:
+ if (triggeredByNSS
+ EnsureNSSInitia
Or is there a reason I don't see?
In my understanding, we can arrive here while NSS is initialized, but we failed to create some other object (maybe hash wrapper object etc.)
>-// We must ensure that the nsNSSComponent has been loaded before
>-// creating any other components.
>-static void EnsureNSSInitia
>-{
>- static PRBool haveLoaded = PR_FALSE;
>- if (haveLoaded)
>- return;
>-
>- haveLoaded = PR_TRUE;
>-
>- if (triggeredByNSS
>- // We must prevent a recursion, as nsNSSComponent creates
>- // additional instances
>- return;
>- }
>-
>- nsCOMPtr<
>- = do_GetService(
>-}
I'm wondering about races for variable haveLoaded.
With the old code, the variable started at false, and whatever happened afterwards, it remained at true, so it wasn't necessary to use a lock/mutex.
I see a possible race with the new code, because of your new "reset" feature.
Let's avoid unnecessary changes to the variable, only change when it's about the nssComponent object.
>+// We must ensure that the nsNSSComponent has been loaded before
>+// creating any other components.
>+PRBool EnsureNSSInitia
>+{
>+ static PRBool haveLoaded = PR_FALSE;
>+
>+ if (op == ensureReset) {
>+ haveLoaded = PR_FALSE;
>+ return PR_FALSE;
>+ }
>+
>+ if (haveLoaded)
>+ return PR_TRUE;
>+
>+ haveLoaded = PR_TRUE;
I propose to remove this line
>+
>+ if (op == ensureCalledByN
>+ // We must prevent a recursion, as nsNSSComponent creates
>+ // additional instances
add
haveLoaded = PR_TRUE;
here
>+ return PR_TRUE;
>+ }
>+
>+ nsCOMPtr<
>+ = do_GetService(
>+
>+ // Check if something didn't fail during nss init, if so,
>+ // uncheck the haveLoaded flag to try again later.
>+ if (!nssComponent)
>+ haveLoaded = PR_FALSE;
revert this to:
if (nssComponent)
haveLoaded = PR_TRUE;
>+
>+ return haveLoaded;
>+}
Does this make sense?
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #78 |
>+ // Check if something didn't fail during nss init, if so,
>+ // uncheck the haveLoaded flag to try again later.
I think you have a typo, accidental double negation here.
And with the new code, maybe you want to write
"Check if NSS init succeeded"
or maybe it's obvious now and you can delete the comment.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #79 |
I said
>+ if (op == ensureCalledByN
>+ // We must prevent a recursion, as nsNSSComponent creates
>+ // additional instances
add
here
Actually, can we remove that assignement completely?
If we only do the final
if (nssComponent)
haveLoaded = PR_TRUE;
does it still work?
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #80 |
Comment on attachment 349913
v1 for 1.8 branch
Will soon comment back on the review.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #81 |
Created attachment 361403
v2 for 1.8
There is no need to worry about races, we are protected by monitor of nsComponentMana
What you suggest in comment 76 will work (first tests show it still works). Only in case we first create nss component service independently and then we create a component that ensure the nss service we call do_GetService for it a second time. It's probably a very little overhead.
Tested again on 1.8.1 branch with FoxyProxy 2.8.5 and reversed patch for bug 462806.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #82 |
Created attachment 361404
v2 for 1.9.1 and trunk
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #83 |
Honza, I have a problem with your patch, but I don't know yet where the problem is. I'm currently working on a patch for bug 390036, it introduces additional SSL worker threads.
Whenever I merge your patch here with the patch from there, I get assertions that multiple instances of nsNSSComponent get created (with session restore of a https page).
My patch alone: works fine
Your patch alone: works fine
The new combination, or your changed order of init calls, or the changed logic of the XPCOM-constructor macro, or a side effect in my patch. So far I was unable to find the cause.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #84 |
Created attachment 361986
merge test (a)
This is your trunk patch with my new feature patch from bug 390036 merged.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #85 |
Created attachment 361994
fix for the merge test (a)
>diff --git a/security/
>--- a/security/
>+++ b/security/
>@@ -1747,9 +1762,25 @@ nsNSSComponent:
> rv = InitializeNSS(
> if (NS_FAILED(rv)) {
> PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
>+
>+ DeregisterObser
>+ mPIPNSSBundle = nsnull;
> return rv;
> }
>
>+ nsSSLIOLayerHel
>+ nsSSLThreadCont
>+ nsSSLThreadCont
>+ mCertVerificati
>+ if (mCertVerificat
>+ mCertVerificati
>+
>+ if (!mSSLThread || !mCertVerificat
>+ {
>+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS init, could not create threads\n"));
>+ return NS_ERROR_
>+ }
You left here !mSSLThread in the condition. Should be nsSSLThreadCont
Also, it's obviously my fault that I do not deregister observers on this failure, that is why you got two instances, I have to add it to my patch for bug 456705.
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #86 |
Thanks Honza! That helps me.
Will you attach a new patch to this bug, where you fix the observers?
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #87 |
(In reply to comment #83)
> Will you attach a new patch to this bug, where you fix the observers?
Yes, probably today.
Sergio Callegari (callegar) wrote : | #88 |
I believe that this bug report can be closed. The issue appeared to be caused by a bad interaction between foxyproxy and firefox.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #89 |
Created attachment 362318
v2.1 for 1.9.1 and trunk
Fixing pre-return code in nsNSSComponent:
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #90 |
Created attachment 362319
v2.1 for 1.8
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #91 |
Comment on attachment 362318
v2.1 for 1.9.1 and trunk
r=kaie
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #92 |
Comment on attachment 362319
v2.1 for 1.8
r=kaie
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #93 |
Comment on attachment 362318
v2.1 for 1.9.1 and trunk
I'll land this soon on trunk.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #94 |
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #95 |
Cause getService re-entrance, I had to catch this, reverting to the first version of the patch that prevents this.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #96 |
Ok, for now I backed out, it is not that simple to return to the first version of the patch, I have to retest all the stuff again, it's for hours...
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #97 |
Created attachment 363903
v3, trunk, 1.9.1
I added one more flag, that's set TRUE during nss component is in process of initiation. This prevents reenter of do_GetService for it (that leads to assertion false) and cleans the whole code up.
I change the flags only and only when called from nss component constructor now that prevents any race conditions - we are protected by XPCOM component manager monitor.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #98 |
Created attachment 363906
v3, for 1.8.1
Tested again with patch -R bz's fix and FoxyProxy 2.8.5.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #99 |
Created attachment 363916
v3.1, trunk, 1.9.1
Found a little mistake in the constructor, I was calling EnsureNSSInitia
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #100 |
Created attachment 363917
v3.1, 1.8.1
...
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #101 |
Comment on attachment 363916
v3.1, trunk, 1.9.1
Honza, thanks a lot.
r=kaie
In Mozilla Bugzilla #456705, Kai Engert (kaie) wrote : | #102 |
Comment on attachment 363917
v3.1, 1.8.1
r=kaie
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #103 |
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #104 |
Backed out, we get assertion failure on leak test boxes, see bottom of
http://
Changed in firefox: | |
status: | In Progress → Confirmed |
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #105 |
Created attachment 364570
v3.2 [Checkin mozilla-central comment 102][Checkin mozilla-1.9.1 comment 106]
Ok, no assertions anymore, re-entrance protection was to protective.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #106 |
Changed in firefox: | |
status: | Confirmed → Fix Released |
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #107 |
Created attachment 364968
v3.2 for 1.8.1 [Checkin comment 109]
3.2 successfully landed on mozilla-central, we can try to land on 1.8.1. Locally deeply tested as STR for this bug is for FF 2.0.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #108 |
Comment on attachment 364570
v3.2 [Checkin mozilla-central comment 102][Checkin mozilla-1.9.1 comment 106]
Successfully landed on mozilla-central.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #109 |
Created attachment 365009
v3.2 for 1.9.0 [Checkin comment 111]
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #110 |
Comment on attachment 364570
v3.2 [Checkin mozilla-central comment 102][Checkin mozilla-1.9.1 comment 106]
(As it's blocking 1.9.1 doesn't need approval)
http://
John Vivirito (gnomefreak) wrote : | #111 |
2.0 is no loager supported adn for future crash reports please use apport to file it.
Changed in firefox-3.0 (Ubuntu): | |
status: | New → Invalid |
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #112 |
Comment on attachment 364968
v3.2 for 1.8.1 [Checkin comment 109]
Approved for 1.8.1.22, a=dveditz for release-drivers
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #113 |
If this fixes topcrash bug 427715 then it'd be worth taking for sure.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #114 |
Comment on attachment 364968
v3.2 for 1.8.1 [Checkin comment 109]
Checking in nsNSSComponent.cpp;
/cvsroot/
new revision: 1.126.2.10; previous revision: 1.126.2.9
done
Checking in nsNSSComponent.h;
/cvsroot/
new revision: 1.38.4.4; previous revision: 1.38.4.3
done
Checking in nsNSSIOLayer.cpp;
/cvsroot/
new revision: 1.97.2.21; previous revision: 1.97.2.20
done
Checking in nsNSSIOLayer.h;
/cvsroot/
new revision: 1.27.28.6; previous revision: 1.27.28.5
done
Checking in nsNSSModule.cpp;
/cvsroot/
new revision: 1.38.4.2; previous revision: 1.38.4.1
done
In Mozilla Bugzilla #456705, Dveditz (dveditz) wrote : | #115 |
Comment on attachment 365009
v3.2 for 1.9.0 [Checkin comment 111]
Approved for 1.9.0.10, a=dveditz for release-drivers
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #116 |
Comment on attachment 365009
v3.2 for 1.9.0 [Checkin comment 111]
Landed on 1.9.0.
Checking in nsNSSComponent.cpp;
/cvsroot/
new revision: 1.168; previous revision: 1.167
done
Checking in nsNSSComponent.h;
/cvsroot/
new revision: 1.54; previous revision: 1.53
done
Checking in nsNSSIOLayer.cpp;
/cvsroot/
new revision: 1.165; previous revision: 1.164
done
Checking in nsNSSIOLayer.h;
/cvsroot/
new revision: 1.47; previous revision: 1.46
done
Checking in nsNSSModule.cpp;
/cvsroot/
new revision: 1.52; previous revision: 1.51
done
In Mozilla Bugzilla #456705, Dietrich-mozilla (dietrich-mozilla) wrote : | #117 |
This sent fxdbug-linux-tbox all leaky on 1.9.0.
In Mozilla Bugzilla #456705, Samuel-sidler+old (samuel-sidler+old) wrote : | #118 |
(In reply to comment #112)
> This sent fxdbug-linux-tbox all leaky on 1.9.0.
Since it's never more than 92.0B, you're likely seeing bug 454837.
In Mozilla Bugzilla #456705, Honzab-moz (honzab-moz) wrote : | #119 |
I believe that leak is not caused by my land. As I was watching the tree, it failed before already the same way. Just after my check-in it happened more often, but not in 100% cases, there were also greens. I'll check the leaks, my patch may be somehow related.
In Mozilla Bugzilla #456705, Abillings (abillings) wrote : | #120 |
Verified for 1.9.0.11 with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11pre) Gecko/2009051305 GranParadiso/
Changed in firefox: | |
importance: | Unknown → Critical |
When you crash do you submit any Talkback Crash data?
Does the crash happen if you make a new profile for a test? support. mozilla. com/en- US/kb/Managing+ profiles
- http://