Bug#780801: iceweasel: null pointer dereference in SSLServerCertVerification.cpp

Jakub Wilk jwilk at debian.org
Thu Mar 19 16:35:57 UTC 2015 

Package: iceweasel
Version: 36.0.1-2

Iceweasel crashes with segmentation fault on https://mentors.debian.net/.
GDB says it's a null pointer dereference:

(gdb) up 5
#5  0xf44d410c in GatherEKUTelemetry (certList=...) at /build/iceweasel-xyTURW/iceweasel-36.0.1/security/manager/ssl/src/SSLServerCertVerification.cpp:993
993	  for (size_t i = 0; endEntityCert->extensions[i]; i++) {
(gdb) print endEntityCert->extensions
$1 = (CERTCertExtension **) 0x0
(gdb) bt
#0  0xf7783425 in __kernel_vsyscall ()
#1  0xf7758bb6 in raise (sig=11) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:37
#2  0xf4574f79 in nsProfileLock::FatalSignalHandler (signo=11, info=0xe7ffcbec, context=0xe7ffcbec) at /build/iceweasel-xyTURW/iceweasel-36.0.1/profile/dirserviceprovider/nsProfileLock.cpp:180
#3  0xf48c1dd5 in AsmJSFaultHandler (signum=11, info=0xe7ffccbc, context=0xe7ffcd3c) at /build/iceweasel-xyTURW/iceweasel-36.0.1/js/src/asmjs/AsmJSSignalHandlers.cpp:907
#4  <signal handler called>
#5  0xf44d410c in GatherEKUTelemetry (certList=...) at /build/iceweasel-xyTURW/iceweasel-36.0.1/security/manager/ssl/src/SSLServerCertVerification.cpp:993
#6  GatherSuccessfulValidationTelemetry (certList=...) at /build/iceweasel-xyTURW/iceweasel-36.0.1/security/manager/ssl/src/SSLServerCertVerification.cpp:1063
#7  mozilla::psm::(anonymous namespace)::AuthCertificate (certVerifier=..., infoObject=0xdc980d50, cert=0x0, peerCertChain=..., stapledOCSPResponse=0x0, providerFlags=0, time=...) at /build/iceweasel-xyTURW/iceweasel-36.0.1/security/manager/ssl/src/SSLServerCertVerification.cpp:1122
#8  0xf44d43de in mozilla::psm::(anonymous namespace)::SSLServerCertVerificationJob::Run (this=0xdc894c00) at /build/iceweasel-xyTURW/iceweasel-36.0.1/security/manager/ssl/src/SSLServerCertVerification.cpp:1243
#9  0xf300f55a in nsThreadPool::Run (this=0xef2176a0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/xpcom/threads/nsThreadPool.cpp:220
#10 0xf3010258 in nsThread::ProcessNextEvent (this=0xea7f58d0, aMayWait=false, aResult=0xe7ffd1fb) at /build/iceweasel-xyTURW/iceweasel-36.0.1/xpcom/threads/nsThread.cpp:830
#11 0xf30236bc in NS_ProcessNextEvent (aThread=<optimized out>, aMayWait=false) at /build/iceweasel-xyTURW/iceweasel-36.0.1/xpcom/glue/nsThreadUtils.cpp:265
#12 0xf31f037a in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0xe90eab50, aDelegate=0xea7f8fa0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/ipc/glue/MessagePump.cpp:339
#13 0xf31e4764 in MessageLoop::RunInternal (this=0xea7f8fa0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/ipc/chromium/src/base/message_loop.cc:233
#14 0xf31e48b2 in RunHandler (this=0xea7f8fa0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/ipc/chromium/src/base/message_loop.cc:226
#15 MessageLoop::Run (this=0xea7f8fa0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/ipc/chromium/src/base/message_loop.cc:200
#16 0xf3010ffc in nsThread::ThreadFunc (aArg=0xea7f58d0) at /build/iceweasel-xyTURW/iceweasel-36.0.1/xpcom/threads/nsThread.cpp:350
#17 0xf7390ba5 in _pt_root (arg=0xea4d29c0) at ptthread.c:212
#18 0xf7750efb in start_thread (arg=0xe7ffdb40) at pthread_create.c:309
#19 0xf74b562e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages iceweasel depends on:
ii  debianutils               4.4+b1
ii  fontconfig                2.11.0-6.3
ii  libasound2                1.0.28-1
ii  libatk1.0-0               2.14.0-1
ii  libc6                     2.19-17
ii  libcairo2                 1.14.0-2.1
ii  libdbus-1-3               1.8.16-1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2
ii  libffi6                   3.1-2+b2
ii  libfontconfig1            2.11.0-6.3
ii  libfreetype6              2.5.2-4
ii  libgcc1                   1:5-20150316-1
ii  libgdk-pixbuf2.0-0        2.31.1-2+b1
ii  libglib2.0-0              2.42.1-1
ii  libgtk2.0-0               2.24.25-3
ii  libhunspell-1.3-0         1.3.3-3
ii  libnspr4                  2:4.10.7-1
ii  libnss3                   2:3.17.2-1.1
ii  libpango-1.0-0            1.36.8-3
ii  libsqlite3-0              3.8.7.4-1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                5-20150316-1
ii  libvpx1                   1.3.0-3
ii  libx11-6                  2:1.6.2-3
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  procps                    2:3.3.9-9
ii  zlib1g                    1:1.2.8.dfsg-2+b1

-- 
Jakub Wilk

More information about the pkg-mozilla-maintainers mailing list