Closed
Bug 536862
Opened 15 years ago
Closed 15 years ago
Crash because of GSSAPI lib with Kerberos for Windows
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: shopik, Unassigned)
Details
(Keywords: crash)
My crash not yet submited to crash stat server, still in pending dir. But here stack output from debug tools for windows. This happends during start up when it start spamming me with lots password requests and I keep pressing cancel very fast.
FAULTING_IP:
ntdll!RtlpCoalesceFreeBlocks+128
7c911689 8b09 mov ecx,dword ptr [ecx]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 7c911689 (ntdll!RtlpCoalesceFreeBlocks+0x00000128)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
DEFAULT_BUCKET_ID: NULL_POINTER_READ
PROCESS_NAME: thunderbird.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
READ_ADDRESS: 00000000
FAULTING_THREAD: 00000de4
PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ
LAST_CONTROL_TRANSFER: from 7c91084c to 7c911689
STACK_TEXT:
055ff0c0 7c91084c 00000000 06507a18 055ff178 ntdll!RtlpCoalesceFreeBlocks+0x128
055ff194 7c34218a 06500000 00000000 06507a20 ntdll!RtlFreeHeap+0x2e9
055ff1dc 064978ce 06507a20 00000000 0573dc40 msvcr71!free+0xc3 [f:\vs70builds\3052\vc\crtbld\crt\src\free.c @ 103]
WARNING: Stack unwind information not available. Following frames may be wrong.
055ff23c 064978bc 06507a20 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x169bd
055ff29c 06495884 06504998 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x169ab
055ff304 0649572e 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x14973
055ff35c 0649568f 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x1481d
055ff3bc 064957f7 06504880 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x1477e
055ff414 064959dc 065068d8 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x148e6
055ff474 0649680c 065068d8 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x14acb
055ff4d4 06448839 06504ca0 00000000 0573dc40 krb5_32!krb5_c_make_checksum+0x158fb
055ff530 064449a4 06503d60 00000000 0573dc40 krb5_32!krb5_free_config_files+0xb4
055ff588 1c0045dd 06503d60 00000000 0573dc40 krb5_32!krb5_free_context+0x11
055ff600 1c00a141 055ff7a4 00000000 06506840 gssapi32!gss_indicate_mechs+0x11a8
055ff688 1c00d4b6 00000000 055ff7a4 00000000 gssapi32!gss_indicate_mechs+0x6d0c
055ff738 00484178 055ff7a4 00000000 0573dc48 gssapi32!gss_init_sec_context+0x1b8
055ff800 004845cb 0573dc40 00000000 00000000 thunderbird!nsScriptableRegion::AddRef+0x25fa8
055ff894 00ab26e4 030d66c0 00000000 00000000 thunderbird!nsScriptableRegion::AddRef+0x263fb
055ff96c 00a37b4e 055ff9c4 055ffd20 055ffa58 thunderbird!DeviceContextImpl::AddRef+0x163a1e
055ffa50 7c91005d 055ffa6c 00000000 00010011 thunderbird!DeviceContextImpl::AddRef+0xe8e88
055ffb0c 002b607d 00000001 80000000 00000000 ntdll!RtlFreeHeap+0x647
055ffb1c 002dee23 05784ca0 00000004 00000000 xpcom_core!nsRunnable::Release+0x20
00000000 00000000 00000000 00000000 00000000 xpcom_core!NS_GetProxyForObject+0xe72
FOLLOWUP_IP:
msvcr71!free+c3 [f:\vs70builds\3052\vc\crtbld\crt\src\free.c @ 103]
7c34218a e8b7010000 call msvcr71!__SEH_epilog (7c342346)
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: msvcr71!free+c3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr71
IMAGE_NAME: msvcr71.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 3e561eac
STACK_COMMAND: ~16s; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_POINTER_READ_c0000005_msvcr71.dll!free
BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_msvcr71!free+c3
Followup: MachineOwner
---------
Reporter | ||
Comment 1•15 years ago
|
||
Crash may related to changes in bug 525238
Comment 2•15 years ago
|
||
Please post detailed reproduction steps.
And KfW for me just means Kreditanstalt für Wiederaufbau.
Version: 3.0 → 1.0
Reporter | ||
Comment 3•15 years ago
|
||
Ben,
I'm still trying to find exact steps but with no luck so far.
Summary: Crash when using GSSAPI and KfW → Crash when using GSSAPI and Kerberos for Windows
Comment 4•15 years ago
|
||
Nikolay, any luck on figuring out this ?
Can you reproduce ? If so can you provide access to debug ?
Version: 1.0 → 3.0
Reporter | ||
Comment 5•15 years ago
|
||
So far I seems can't reproduce it anymore, maybe when patch for bug 525238 landed this will be possible. Because crash appears to be happens after I work with patched version and then move back to unpatched.
Comment 6•15 years ago
|
||
This crash is deep within the GSSAPI library itself. Whilst that stack trace is almost certainly corrupt, it looks like we're dying somewhere in the middle of the memory management code. It's possible that this is a thread safety issue. GSSAPI's thread safety model requires that an individual GSSAPI context (which in our case translates to a single instance of a nsIAuthModule) not be used simultaneously by more than one thread.
Nikolay: Did you say that this happened whilst many password prompts were appearing?
Reporter | ||
Comment 7•15 years ago
|
||
Yes it was asking my password but these request fails so I continue pressing cancel, until late password request appear which accept my password.
Comment 8•15 years ago
|
||
What is the "it" that showed you the password prompts?
If you canceled many of them in quick succession, it may be that your GSSAPI lib got confused with the UI and therefore crashed.
It doesn't seem related at all to prefs migration, as you claimed in bug 525238 comment 69.
Comment 9•15 years ago
|
||
we don't prompt for passwords when doing gssapi auth, so was it non gssapi auth that was prompting for passwords? Or maybe some event pumping aspect of password prompts lead to the thread safety issue Simon mentioned.
Reporter | ||
Comment 10•15 years ago
|
||
(In reply to comment #9)
> we don't prompt for passwords when doing gssapi auth, so was it non gssapi auth
> that was prompting for passwords? Or maybe some event pumping aspect of
> password prompts lead to the thread safety issue Simon mentioned.
Yeah it was Kerberos for Windows repetitively promoting passwords not Thunderbird. If this is problem in GSSAPI lib itself probably I should close this bug.
Reporter | ||
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Summary: Crash when using GSSAPI and Kerberos for Windows → Crash because of GSSAPI lib with Kerberos for Windows
You need to log in
before you can comment on or make changes to this bug.
Description
•