[tor-bugs] #22999 [Applications/Tor Browser]: SIGSEGV when cancelling out of a download popup
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 21 19:35:03 UTC 2017
#22999: SIGSEGV when cancelling out of a download popup
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
On a particular website, when I click cancel on a download popup, the
browser crashes.
System: linux 64bit (arch linux), gnome 3, Tor Browser 7.2
Security slider set to low
1) Go to https://www.projectaon.org/staff/eric/lw01.htm
2) Click on the cogwheel icon
3) A "Download an external file type?" popup shows up
4) Click cancel
5) Browser segfaults here.
{{{
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f699af3c690 in raise () from /usr/lib/libpthread.so.0
[Current thread is 1 (Thread 0x7f699b371740 (LWP 11239))]
(gdb) bt
#0 0x00007f699af3c690 in raise () at /usr/lib/libpthread.so.0
#1 0x00007f69973ade00 in nsProfileLock::FatalSignalHandler(int, siginfo*,
void*) (signo=11, info=0x7ffd9becbd30, context=0x7ffd9becbc00) at
/home/debian/build/tor-browser/toolkit/profile/nsProfileLock.cpp:181
#2 0x00007f6997e7f471 in WasmFaultHandler<(Signal)0>(int, siginfo_t*,
void*) (signum=<optimized out>, info=0x7ffd9becbd30,
context=0x7ffd9becbc00) at /home/debian/build/tor-
browser/js/src/wasm/WasmSignalHandlers.cpp:1239
#3 0x00007f699af3c7e0 in <signal handler called> () at
/usr/lib/libpthread.so.0
#4 0x00005595d690eb75 in mozalloc_abort(char const*)
(msg=msg at entry=0x7ffd9becc3c0 "[Parent 11239] ###!!! ABORT: __delete__()d
actor: file /home/debian/build/tor-browser/ipc/glue/ProtocolUtils.cpp,
line 299")
at /home/debian/build/tor-
browser/memory/mozalloc/mozalloc_abort.cpp:33
#5 0x00007f6995ba8892 in Abort (aMsg=0x7ffd9becc3c0 "[Parent 11239]
###!!! ABORT: __delete__()d actor: file /home/debian/build/tor-
browser/ipc/glue/ProtocolUtils.cpp, line 299") at /home/debian/build/tor-
browser/xpcom/base/nsDebugImpl.cpp:449
#6 0x00007f6995ba8892 in NS_DebugBreak(uint32_t, char const*, char
const*, char const*, int32_t) (aSeverity=<optimized out>,
aStr=0x7f6998051ac7 "__delete__()d actor", aExpr=0x0, aFile=0x7f69980515ed
"/home/debian/build/tor-browser/ipc/glue/ProtocolUtils.cpp",
aLine=<optimized out>) at /home/debian/build/tor-
browser/xpcom/base/nsDebugImpl.cpp:436
#7 0x00007f69960e1c0d in
mozilla::dom::PExternalHelperApp::Transition(mozilla::ipc::Trigger,
mozilla::dom::PExternalHelperApp::State*) (trigger=..., trigger at entry=...,
next=next at entry=0x7f69671ed420)
at /home/debian/build/tor-browser/obj-x86_64-pc-linux-
gnu/ipc/ipdl/PExternalHelperApp.cpp:43
#8 0x00007f69960e2187 in
mozilla::dom::PExternalHelperAppParent::SendCancel(nsresult const&)
(this=0x7f69671ed400, aStatus=@0x7ffd9becc65c: -2142568446,
aStatus at entry=@0x7ffd9becc65c: <optimized out>)
at /home/debian/build/tor-browser/obj-x86_64-pc-linux-
gnu/ipc/ipdl/PExternalHelperAppParent.cpp:57
#9 0x00007f69961d2aaa in
mozilla::dom::ExternalHelperAppParent::Cancel(nsresult) (this=<optimized
out>, aStatus=-2142568446) at /home/debian/build/tor-
browser/uriloader/exthandler/ExternalHelperAppParent.cpp:244
#10 0x00007f69961da93d in
nsExternalAppHandler::OnStartRequest(nsIRequest*, nsISupports*)
(this=0x7f69672ac900, request=0x7f69671ed468, aCtxt=<optimized out>)
at /home/debian/build/tor-
browser/uriloader/exthandler/nsExternalHelperAppService.cpp:1695
#11 0x00007f69961d274c in
mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest(nsCString
const&) (this=0x7f69671ed400, entityID=...) at /home/debian/build/tor-
browser/uriloader/exthandler/ExternalHelperAppParent.cpp:126
#12 0x00007f69960e528c in
mozilla::dom::PExternalHelperAppParent::OnMessageReceived(IPC::Message
const&) (this=<optimized out>, msg__=...) at /home/debian/build/tor-
browser/obj-x86_64-pc-linux-gnu/ipc/ipdl/PExternalHelperAppParent.cpp:129
#13 0x00007f69960be54a in
mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&)
(this=0x7f696968b800, msg__=...) at /home/debian/build/tor-browser/obj-
x86_64-pc-linux-gnu/ipc/ipdl/PContentParent.cpp:3052
#14 0x00007f6995ed371f in
mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)
(this=0x7f696968b8a8, aMsg=...) at /home/debian/build/tor-
browser/ipc/glue/MessageChannel.cpp:1743
#15 0x00007f6995ed99bb in
mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)
(this=this at entry=0x7f696968b8a8, aMsg=...) at /home/debian/build/tor-
browser/ipc/glue/MessageChannel.cpp:1681
#16 0x00007f6995edac4a in
mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)
(this=0x7f696968b8a8, aTask=...) at /home/debian/build/tor-
browser/ipc/glue/MessageChannel.cpp:1572
#17 0x00007f6995edad98 in mozilla::ipc::MessageChannel::MessageTask::Run()
(this=0x7f69674ce0c0) at /home/debian/build/tor-
browser/ipc/glue/MessageChannel.cpp:1597
#18 0x00007f6995beb05d in nsThread::ProcessNextEvent(bool, bool*)
(this=0x7f6999daf480, aMayWait=<optimized out>, aResult=0x7ffd9beccd9f) at
/home/debian/build/tor-browser/xpcom/threads/nsThread.cpp:1216
#19 0x00007f6995c05c61 in NS_ProcessNextEvent(nsIThread*, bool)
(aThread=<optimized out>, aThread at entry=0x7f6999daf480,
aMayWait=aMayWait at entry=false) at /home/debian/build/tor-
browser/xpcom/glue/nsThreadUtils.cpp:361
#20 0x00007f6995ed132d in
mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)
(this=0x7f698c0994c0, aDelegate=0x7f6999da94e0) at /home/debian/build/tor-
browser/ipc/glue/MessagePump.cpp:96
#21 0x00007f6995ea20fa in MessageLoop::RunHandler() (this=<optimized out>)
at /home/debian/build/tor-
browser/ipc/chromium/src/base/message_loop.cc:225
#22 0x00007f6995ea20fa in MessageLoop::Run() (this=<optimized out>) at
/home/debian/build/tor-browser/ipc/chromium/src/base/message_loop.cc:205
#23 0x00007f6996e6b2e3 in nsBaseAppShell::Run() (this=0x7f698151b340) at
/home/debian/build/tor-browser/widget/nsBaseAppShell.cpp:156
#24 0x00007f6997367657 in nsAppStartup::Run() (this=0x7f6981512600) at
/home/debian/build/tor-
browser/toolkit/components/startup/nsAppStartup.cpp:283
#25 0x00007f69973b560a in XREMain::XRE_mainRun()
(this=this at entry=0x7ffd9becd010) at /home/debian/build/tor-
browser/toolkit/xre/nsAppRunner.cpp:5028
#26 0x00007f69973b58b1 in XREMain::XRE_main(int, char**, nsXREAppData
const*) (this=this at entry=0x7ffd9becd010, argc=argc at entry=5,
argv=argv at entry=0x7ffd9bece428, aAppData=aAppData at entry=0x7ffd9becd248)
at /home/debian/build/tor-browser/toolkit/xre/nsAppRunner.cpp:5161
#27 0x00007f69973b5ae7 in XRE_main(int, char**, nsXREAppData const*,
uint32_t) (argc=5, argv=0x7ffd9bece428, aAppData=0x7ffd9becd248,
aFlags=<optimized out>) at /home/debian/build/tor-
browser/toolkit/xre/nsAppRunner.cpp:5252
#28 0x00005595d690e8d1 in do_main(int, char**, char**, nsIFile*) (argc=5,
argv=0x7ffd9bece428, envp=<optimized out>, xreDirectory=0x7f6999da1780) at
/home/debian/build/tor-browser/browser/app/nsBrowserApp.cpp:282
#29 0x00005595d690e043 in main(int, char**, char**) (argc=5,
argv=0x7ffd9bece428, envp=0x7ffd9bece458) at /home/debian/build/tor-
browser/browser/app/nsBrowserApp.cpp:415
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22999>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list