[tbb-bugs] #22327 [Applications/Tor Browser]: First party isolation of Page Info

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 26 10:09:09 UTC 2017 

#22327: First party isolation of Page Info
-----------------------------------------------+---------------------------
 Reporter:  arthuredelstein                    |          Owner:
                                               |  arthuredelstein
     Type:  defect                             |         Status:
                                               |  needs_revision
 Priority:  High                               |      Milestone:
Component:  Applications/Tor Browser           |        Version:
 Severity:  Normal                             |     Resolution:
 Keywords:  tbb-7.0-must TorBrowserTeam201705  |  Actual Points:
Parent ID:                                     |         Points:
 Reviewer:                                     |        Sponsor:
-----------------------------------------------+---------------------------
Changes (by gk):

 * status:  needs_review => needs_revision
 * keywords:  tbb-7.0-must TorBrowserTeam201705R => tbb-7.0-must
     TorBrowserTeam201705


Comment:

 Here is the stacktrace in case it helps:
 {{{
 Thread 1 "firefox" received signal SIGSEGV, Segmentation fault.
 0x00007fffecc13b77 in mozilla::net::GetLoadContextInfo (aLoadContext=
     0x7fffbd7e3c00, aIsAnonymous=false)
     at /home/thomas/Arbeit/Tor/tor-
 browser/netwerk/base/LoadContextInfo.cpp:147
 147       MOZ_ASSERT(pb == (doa.mPrivateBrowsingId > 0));
 (gdb bt
 #0  0x00007fffecc13b77 in mozilla::net::GetLoadContextInfo (
     aLoadContext=0x7fffbd7e3c00, aIsAnonymous=false)
     at /home/thomas/Arbeit/Tor/tor-
 browser/netwerk/base/LoadContextInfo.cpp:147
 #1  0x00007fffecc137fe in
 mozilla::net::LoadContextInfoFactory::FromLoadContext (
     this=0x7fffc938e500, aLoadContext=0x7fffbd7e3c00, aAnonymous=false,
     _retval=0x7fffffffa988)
     at /home/thomas/Arbeit/Tor/tor-
 browser/netwerk/base/LoadContextInfo.cpp:100
 #2  0x00007fffecb72740 in NS_InvokeByIndex (that=0x7fffc938e500,
 methodIndex=7,
     paramCount=3, params=0x7fffffffa958)
     at /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/reflect/xptcall/md/unix/xptcinvoke_x86_64_unix.cpp:182
 #3  0x00007fffed9b6fd9 in CallMethodHelper::Invoke (this=0x7fffffffa910)
     at /home/thomas/Arbeit/Tor/tor-
 browser/js/xpconnect/src/XPCWrappedNative.cpp:2058
 #4  0x00007fffed9b4c0e in CallMethodHelper::Call (this=0x7fffffffa910)
     at /home/thomas/Arbeit/Tor/tor-
 browser/js/xpconnect/src/XPCWrappedNative.cpp:1377
 #5  0x00007fffed999d11 in XPCWrappedNative::CallMethod (ccx=...,
     mode=XPCWrappedNative::CALL_METHOD)
     at /home/thomas/Arbeit/Tor/tor-
 browser/js/xpconnect/src/XPCWrappedNative.cpp:1344
 #6  0x00007fffed9a2884 in XPC_WN_CallMethod (cx=0x7fffdff65000, argc=2,
     vp=0x7fffd9d2d098)
     at /home/thomas/Arbeit/Tor/tor-
 browser/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:999
 #7  0x00007ffff2404ac6 in js::CallJSNative (cx=0x7fffdff65000,
     native=0x7fffed9a257b <XPC_WN_CallMethod(JSContext*, unsigned int,
 JS::Value*)>, args=...) at /home/thomas/Arbeit/Tor/tor-
 browser/js/src/jscntxtinlines.h:239
 #8  0x00007ffff23d0a3e in js::InternalCallOrConstruct (cx=0x7fffdff65000,
     args=..., construct=js::NO_CONSTRUCT)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:459
 #9  0x00007ffff23d0d82 in InternalCall (cx=0x7fffdff65000, args=...)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:504
 #10 0x00007ffff23d0dac in js::CallFromStack (cx=0x7fffdff65000, args=...)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:510
 #11 0x00007ffff23de3f9 in Interpret (cx=0x7fffdff65000, state=...)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:2922
 #12 0x00007ffff23d068c in js::RunScript (cx=0x7fffdff65000, state=...)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:405
 #13 0x00007ffff23d1b66 in js::ExecuteKernel (cx=0x7fffdff65000,
 script=...,
     envChainArg=..., newTargetValue=..., evalInFrame=...,
 result=0x7fffffffc350)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:686
 #14 0x00007ffff23d1e56 in js::Execute (cx=0x7fffdff65000, script=...,
     envChainArg=..., rval=0x7fffffffc350)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/vm/Interpreter.cpp:719
 #15 0x00007ffff213d788 in ExecuteScript (cx=0x7fffdff65000, scope=...,
 script=..., rval=0x7fffffffc350)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/jsapi.cpp:4350
 #16 0x00007ffff213dd65 in JS::CloneAndExecuteScript (cx=0x7fffdff65000,
     scriptArg=..., rval=...)
     at /home/thomas/Arbeit/Tor/tor-browser/js/src/jsapi.cpp:4413
 #17 0x00007fffefdf03cc in mozilla::dom::XULDocument::ExecuteScript (
     this=0x7fffc413b800, aScript=0x7fffc8cfe290)
     at /home/thomas/Arbeit/Tor/tor-browser/dom/xul/XULDocument.cpp:3523
 #18 0x00007fffefdefcbb in
 mozilla::dom::XULDocument::OnScriptCompileComplete (
     this=0x7fffc413b800, aScript=0x7fffc3b2d120, aStatus=nsresult::NS_OK)
     at /home/thomas/Arbeit/Tor/tor-browser/dom/xul/XULDocument.cpp:3410
 #19 0x00007fffefe05212 in NotifyOffThreadScriptCompletedRunnable::Run (
     this=0x7fffbd999f40)
     at /home/thomas/Arbeit/Tor/tor-browser/dom/xul/nsXULElement.cpp:2797
 #20 0x00007fffecb4432b in nsThread::ProcessNextEvent (this=0x7ffff6823600,
     aMayWait=false, aResult=0x7fffffffc79f)
     at /home/thomas/Arbeit/Tor/tor-browser/xpcom/threads/nsThread.cpp:1216
 #21 0x00007fffecbb1089 in NS_ProcessNextEvent (aThread=0x7ffff6823600,
     aMayWait=false)
     at /home/thomas/Arbeit/Tor/tor-
 browser/xpcom/glue/nsThreadUtils.cpp:361
 #22 0x00007fffed241843 in mozilla::ipc::MessagePump::Run
 (this=0x7ffff6958580,
     aDelegate=0x7ffff6845c00)
     at /home/thomas/Arbeit/Tor/tor-browser/ipc/glue/MessagePump.cpp:96
 #23 0x00007fffed1b1bfb in MessageLoop::RunInternal (this=0x7ffff6845c00)
     at /home/thomas/Arbeit/Tor/tor-
 browser/ipc/chromium/src/base/message_loop.cc:232
 #24 0x00007fffed1b1b8e in MessageLoop::RunHandler (this=0x7ffff6845c00)
     at /home/thomas/Arbeit/Tor/tor-
 browser/ipc/chromium/src/base/message_loop.cc:225
 #25 0x00007fffed1b1b67 in MessageLoop::Run (this=0x7ffff6845c00)
     at /home/thomas/Arbeit/Tor/tor-
 browser/ipc/chromium/src/base/message_loop.cc:205
 #26 0x00007fffeff6494c in nsBaseAppShell::Run (this=0x7fffd989e5a0)
     at /home/thomas/Arbeit/Tor/tor-browser/widget/nsBaseAppShell.cpp:156
 #27 0x00007ffff0c44175 in nsAppStartup::Run (this=0x7fffd986b450)
     at /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/components/startup/nsAppStartup.cpp:283
 #28 0x00007ffff0d1c50d in XREMain::XRE_mainRun (this=0x7fffffffcc60)
     at /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/xre/nsAppRunner.cpp:5028
 #29 0x00007ffff0d1cabd in XREMain::XRE_main (this=0x7fffffffcc60, argc=3,
     argv=0x7fffffffe0a8, aAppData=0x7fffffffde80)
     at /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/xre/nsAppRunner.cpp:5161
 #30 0x00007ffff0d1cd36 in XRE_main (argc=3, argv=0x7fffffffe0a8,
     aAppData=0x7fffffffde80, aFlags=0)
     at /home/thomas/Arbeit/Tor/tor-
 browser/toolkit/xre/nsAppRunner.cpp:5252
 #31 0x000055555555c0a0 in do_main (argc=3, argv=0x7fffffffe0a8,
     envp=0x7fffffffe0c8, xreDirectory=0x7ffff685ac00)
     at /home/thomas/Arbeit/Tor/tor-
 browser/browser/app/nsBrowserApp.cpp:282
 #32 0x000055555555c386 in main (argc=3, argv=0x7fffffffe0a8,
 envp=0x7fffffffe0c8)
     at /home/thomas/Arbeit/Tor/tor-
 browser/browser/app/nsBrowserApp.cpp:415
 }}}
 FWIW it happens with an optimized build as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22327#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list