MASTER mozilla-thunderbird crashed [@nsNSSCertificateDB::ImportCertsFromFile]

Bug #80964 reported by Marco Rodrigues
6
Affects Status Importance Assigned to Milestone
Mozilla Thunderbird
Fix Released
Critical
mozilla-thunderbird (Ubuntu)
Fix Released
High
Mozilla Bugs

Bug Description

Binary package hint: mozilla-thunderbird

mozilla thunderbird open certificate crash

I tried to import a certificate and clicked on open location and put "http://www.host.com/valid_certificate.com.crt" this file there, a working certificate file trough web url and it crashed. Crash report is in attachment for analysis.

TESTCASE tbird 1.5.0.*
1. open thunderbird
2. go to edit>prefferences>Privacy>security
3. Click on view certificates
4. Click on other peoples
5. import
6. when nautilus opens click the icon in top left (location icon)
7. add http://www.clustercube.com/clustercube.com.crt in the location URL spot
8. click OPEN
9. watch thunderbird crash.

TESTCASE tbird version 2.0.0.4
1. open thunderbird
2. go to edit>prefferences>Advanced>security
3. Click on view certificates
4. Click on other peoples
5. import
6. when nautilus opens click the icon in top left (location icon)
7. add http://www.clustercube.com/clustercube.com.crt in the location URL spot
8. click OPEN
9. watch thunderbird crash.

Extract from retraced stacktrace:
...
#3 <signal handler called>
#4 nsNSSCertificateDB::ImportCertsFromFile (this=0x8bee5c0,
#5 xptiZipLoader::ReadXPTFileFromInputStream (stream=0x8bee5c0,
#6 XPCWrappedNative::CallMethod (ccx=@0xbf925bcc,
#7 XPC_WN_CallMethod (cx=0x8c911f8, obj=0x8d34e48, argc=3,
#8 js_AllocStack (cx=0x8c911f8, nslots=3, markp=0x0)
#9 js_Interpret (cx=0x0, pc=0xb759c140 "\0206\t\b°\236æ\b",
#0 __kernel_vsyscall ()
...

Tags: mt-upstream
Revision history for this message
Marco Rodrigues (gothicx) wrote :
Revision history for this message
Marco Rodrigues (gothicx) wrote :
Changed in mozilla-thunderbird:
assignee: nobody → mozillateam
David Farning (dfarning)
Changed in mozilla-thunderbird:
importance: Undecided → Medium
David Farning (dfarning)
Changed in mozilla-thunderbird:
assignee: mozillateam → mozilla-bugs
Revision history for this message
John Vivirito (gnomefreak) wrote :

assigning it to me for a bit.

Changed in mozilla-thunderbird:
assignee: mozilla-bugs → gnomefreak
Changed in mozilla-thunderbird:
importance: Medium → High
status: Unconfirmed → Needs Info
Revision history for this message
John Vivirito (gnomefreak) wrote :

Here is my crash report while following reporters instructions in #launchpad on irc.freenode.net

TESTCASE:
1. open thunderbird
2. go to edit>prefferences>Privacy>security
3. Click on view certificates
4. Click on other peoples
5. import
6. when nautilus opens click the icon in top left (location icon)
7. add http://www.clustercube.com/clustercube.com.crt in the location URL spot
8. click OPEN
9. watch thunderbird crash.

description: updated
Changed in mozilla-thunderbird:
assignee: gnomefreak → mozilla-bugs
Revision history for this message
Alexander Sack (asac) wrote :

John, can you 100% reproduce? Maybe you can try and see if you can retrace with our dbgsym packages in mt-feisty?

Revision history for this message
Marco Rodrigues (gothicx) wrote :

I still can reproduce it on Feisty Beta (with latest updates)

Changed in mozilla-thunderbird:
status: Needs Info → Confirmed
description: updated
description: updated
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Stacktrace

Retrace done on M. Rodrigues' report.

Extract from retraced stacktrace:
...
#3 <signal handler called>
#4 nsNSSCertificateDB::ImportCertsFromFile (this=0x8bee5c0,
#5 xptiZipLoader::ReadXPTFileFromInputStream (stream=0x8bee5c0,
#6 XPCWrappedNative::CallMethod (ccx=@0xbf925bcc,
#7 XPC_WN_CallMethod (cx=0x8c911f8, obj=0x8d34e48, argc=3,
#8 js_AllocStack (cx=0x8c911f8, nslots=3, markp=0x0)
#9 js_Interpret (cx=0x0, pc=0xb759c140
#0 __kernel_vsyscall ()
...

Tagging as mt-confirm for further processing

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Thread Stacktrace

Retraced Thread Stacktrace

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Stacktrace

Retrace done on gnomefreak's report.

Extract from retraced stacktrace:
...
#3 <signal handler called>
#4 nsNSSCertificateDB::ImportCertsFromFile (this=0x8f0d0c8, aToken=0x0,
#5 XPTC_InvokeByIndex () at xptcinvoke_gcc_x86_unix.cpp:50
#6 XPCWrappedNative::CallMethod (ccx=@0xbff2915c,
#7 XPC_WN_CallMethod (cx=0x8f7f660, obj=0x8ec5d70, argc=3,
#8 js_Invoke (cx=0x8f7f660, argc=3, flags=0) at jsinterp.c:1187
#9 js_Interpret (cx=0x8f7f660, pc=0x8e08b53 ":",
#0 __kernel_vsyscall ()
...

Tagging as mt-confirm for further processing

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Retraced Thread Stacktrace

Retraced Thread Stacktrace

Revision history for this message
John Vivirito (gnomefreak) wrote :

Its reproducible 100% of the time still on version 2.0, only thing that changed is where you find sertificates its under advanced not privacy anyloger

description: updated
Revision history for this message
John Vivirito (gnomefreak) wrote :

I just tested this on upstream thunderbird and it crashes as well, so i will keep looking for upstream bug, if i cant find one i may ask you to file one.

Revision history for this message
In , Marco Rodrigues (gothicx-sapo) wrote :

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)
Build Identifier: 2.0

Open certificate cause crash

I tried to import a certificate manually and clicked on open location at gnome desktop and put "http://www.clustercube.com/clustercube.com.crt" this file there, a working certificate file trough web url and it crashed.

Reproducible: Always

Steps to Reproduce:
v1.5.*
1. open thunderbird
2. go to Edit > Preferences > Privacy > Security
3. Click on view certificates
4. Click on other peoples
5. import
6. when nautilus opens click the icon in top left (location icon)
7. add http://www.clustercube.com/clustercube.com.crt in the location URL spot
8. click OPEN
9. watch thunderbird crash.

---

v2.0
1. open thunderbird
2. go to Edit > Preferences > Advanced > Security
3. Click on view certificates
4. Click on other peoples
5. import
6. when nautilus opens click the icon in top left (location icon)
7. add http://www.clustercube.com/clustercube.com.crt in the location URL spot
8. click OPEN
9. watch thunderbird crash.
Actual Results:
Crash

Expected Results:
Don't crash

More information on Launchpad.net bug report.

Revision history for this message
In , Adam Guthrie (ispiked) wrote :

It appears that a NULL file is getting passed into nsNSSCertificateDB::ImportCertsFromFile.

#3 <signal handler called>
#4 nsNSSCertificateDB::ImportCertsFromFile (this=0x8f0d0c8, aToken=0x0,
#5 XPTC_InvokeByIndex () at xptcinvoke_gcc_x86_unix.cpp:50
#6 XPCWrappedNative::CallMethod (ccx=@0xbff2915c,
#7 XPC_WN_CallMethod (cx=0x8f7f660, obj=0x8ec5d70, argc=3,
#8 js_Invoke (cx=0x8f7f660, argc=3, flags=0) at jsinterp.c:1187
#9 js_Interpret (cx=0x8f7f660, pc=0x8e08b53 ":",
#0 __kernel_vsyscall ()

#4 nsNSSCertificateDB::ImportCertsFromFile (this=0x8f0d0c8, aToken=0x0,
    aFile=0x0, aType=4) at nsNSSCertificateDB.cpp:1028
 rv = <value optimized out>
 fd = (PRFileDesc *) 0x0
 file_info = {type = 3220344488, size = -1209059669,
  creationTime = 68854785104, modifyTime = -4615469847035080500}
 bytes_obtained = <value optimized out>

Revision history for this message
In , Adam Guthrie (ispiked) wrote :

This bug might actually be in the GTK filepicker widget code... it seems like it should error out if the file it gets is NULL. On the other hand, it seems like the NSS function should check for a non-NULL file argument.

Revision history for this message
In , John Vivirito (gnomefreak) wrote :
Changed in thunderbird:
status: Unknown → Confirmed
Revision history for this message
In , Kai Engert (kaie) wrote :

Created attachment 271961
Patch v1

Bob, can you please review this crash fix?

Revision history for this message
In , Rrelyea (rrelyea) wrote :

Comment on attachment 271961
Patch v1

r+=rrelyea

Revision history for this message
In , Kai Engert (kaie) wrote :

fixed in cvs head

Revision history for this message
In , Kai Engert (kaie) wrote :

Comment on attachment 271961
Patch v1

requesting branch approval for trivial crash fix

Alexander Sack (asac)
Changed in mozilla-thunderbird:
status: Confirmed → In Progress
Revision history for this message
Marco Rodrigues (gothicx) wrote :

The patch is already out :-) Just one line.. hehe

Changed in thunderbird:
status: Confirmed → Fix Released
Revision history for this message
In , Dveditz (dveditz) wrote :

Not blockers, but we'll look at the approvals

Revision history for this message
In , Dveditz (dveditz) wrote :

Comment on attachment 271961
Patch v1

approved for 1.8.1.7 and 1.8.0.13, a=dveditz for release-drivers

Revision history for this message
In , Kai Engert (kaie) wrote :

fixed1.8.0.13, fixed1.8.1.7

Revision history for this message
In , Abillings (abillings) wrote :

Verified in 1.8.0.13 Thunderbird RC1 candidate (2007080917) on Ubuntu.

Revision history for this message
In , Cbook (cbook) wrote :

verified fixed 1.8.1.7 using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7pre) Gecko/20070903 Thunderbird/2.0.0.7pre ID:2007090303 on Ubuntu

no crash on the steps to reproduce -> adding verified keyword

Revision history for this message
Marco Rodrigues (gothicx) wrote :

This is fixed on Mozilla Thunderbird (20071022) on Gutsy.

Changed in mozilla-thunderbird:
status: In Progress → Fix Released
Changed in thunderbird:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.