[Bug 1917191] Re: firefox will not start after it crashed unexpectedly

John F. Godfrey 1917191 at bugs.launchpad.net
Wed Mar 3 04:14:56 UTC 2021 

Is there a bug fix out there?

On Tue, Mar 2, 2021, 8:10 PM Bug Watch Updater <1917191 at bugs.launchpad.net>
wrote:

> Launchpad has imported 13 comments from the remote bug at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1694670.
>
> If you reply to an imported comment from within Launchpad, your comment
> will be sent to the remote bug automatically. Read more about
> Launchpad's inter-bugtracker facilities at
> https://help.launchpad.net/InterBugTracking.
>
> ------------------------------------------------------------------------
> On 2021-02-24T14:51:58+00:00 Aryx-bugmail wrote:
>
> 90 crashes with various Linux distributions in the last 6 weeks, some
> have beta 0 as version (distros testing?).
>
> Crash report: https://crash-stats.mozilla.org/report/index/2a7dee73
> -3a4d-490a-96fd-4af7f0210224
> <https://crash-stats.mozilla.org/report/index/2a7dee73-3a4d-490a-96fd-4af7f0210224>
>
> MOZ_CRASH Reason: ```OOB```
>
> Top 10 frames of crashing thread:
> ```
> 0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
> 1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
> 2 libxul.so core::ops::function::Fn::call
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/
> function.rs:70
> 3 libxul.so std::panicking::rust_panic_with_hook library/std/src/
> panicking.rs:595
> 4 libxul.so std::panicking::begin_panic::{{closure}}
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/
> panicking.rs:520
> 5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/
> backtrace.rs:141
> 6 libxul.so std::panicking::begin_panic
> /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/
> panicking.rs:519
> 7 libxul.so qcms_data_create_rgb_with_gamma gfx/qcms/src/c_bindings.rs:287
> 8 libxul.so gfxPlatformGtk::GetPlatformCMSOutputProfileData
> gfx/thebes/gfxPlatformGtk.cpp:483
> 9 libxul.so gfxPlatform::Init gfx/thebes/gfxPlatform.cpp:1005
> ```
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/0
>
> ------------------------------------------------------------------------
> On 2021-02-24T14:55:19+00:00 Jmuizelaar wrote:
>
> It doesn't seem like this should be a security bug as it is just a rust
> panic on startup.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/1
>
> ------------------------------------------------------------------------
> On 2021-02-24T15:37:38+00:00 Jmuizelaar wrote:
>
> Created attachment 9205116
> Bug 1694670 - Fix qcms_data_create_rgb_with_gamma.
>
> This fixes a number of problems:
>
> 1. The check around get_rgb_colorants was inverted. This caused us to
>    only continue if the colorants were wrong.
>
> 2. get_rgb_colorants can just return the Matrix instead of taking
>    a reference to it.
>
> 3. The OOBs checks in write_u32 and write_u16 had their conditions
>    inverted.
>
> 4. No tests
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/2
>
> ------------------------------------------------------------------------
> On 2021-02-24T15:42:48+00:00 Jmuizelaar wrote:
>
> We should just fix the reversed OOB checks here and do the other stuff
> elsewhere.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/3
>
> ------------------------------------------------------------------------
> On 2021-02-24T22:16:13+00:00 Dveditz wrote:
>
> So these particular crashes may not be scary, but
> `qcms_data_create_rgb_with_gamma` is a very large unsafe function so are
> we sure there aren't potentially vulnerable crashes if we've reversed
> the conditions?
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/4
>
> ------------------------------------------------------------------------
> On 2021-02-25T02:03:23+00:00 Jmuizelaar wrote:
>
> `qcms_data_create_rgb_with_gamma` is only called on system local data
> (i.e information from the user's window server). There shouldn't be any
> way to exploit it. Further, the out of bounds checks were only added
> recently, previously there was no check at all.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/5
>
> ------------------------------------------------------------------------
> On 2021-02-25T02:03:52+00:00 Jmuizelaar wrote:
>
> Created attachment 9205268
> Bug 1694670. Fix the OOB check in write_u32/u16.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/6
>
> ------------------------------------------------------------------------
> On 2021-02-25T13:21:29+00:00 Jmuizelaar wrote:
>
> Comment on attachment 9205268
> Bug 1694670. Fix the OOB check in write_u32/u16.
>
> ### Beta/Release Uplift Approval Request
> * **User impact if declined**: This fixes a startup crash that happens
> when users have an invalid color profile on Linux
> * **Is this code covered by automated tests?**: No
> * **Has the fix been verified in Nightly?**: No
> * **Needs manual test from QE?**: No
> * **If yes, steps to reproduce**:
> * **List of other uplifts needed**: None
> * **Risk to taking this patch**: Low
> * **Why is the change risky/not risky? (and alternatives if risky)**: This
> code path is very rare as evidenced by the low crash rate. This patch
> restores the behaviour to what it was prior to being regressed by bug
> 1684095
> * **String changes made/needed**:
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/7
>
> ------------------------------------------------------------------------
> On 2021-02-25T13:21:34+00:00 Pulsebot wrote:
>
> Pushed by jmuizelaar at mozilla.com:
> https://hg.mozilla.org/integration/autoland/rev/95fc70920b71
> Fix the OOB check in write_u32/u16. r=aosmond
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/8
>
> ------------------------------------------------------------------------
> On 2021-02-25T17:52:51+00:00 Ryanvm wrote:
>
> Comment on attachment 9205268
> Bug 1694670. Fix the OOB check in write_u32/u16.
>
> Approved for 87.0b3 so we can get feedback on this ASAP.
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/9
>
> ------------------------------------------------------------------------
> On 2021-02-25T17:53:43+00:00 Ryanvm wrote:
>
> https://hg.mozilla.org/releases/mozilla-
> beta/rev/e24e2d039a0317d0d66bdb041df65792ae69f555
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/10
>
> ------------------------------------------------------------------------
> On 2021-02-25T21:56:07+00:00 Csabou wrote:
>
> https://hg.mozilla.org/mozilla-central/rev/95fc70920b71
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/11
>
> ------------------------------------------------------------------------
> On 2021-02-26T01:44:32+00:00 Jmuizelaar wrote:
>
> *** Bug 1694891 has been marked as a duplicate of this bug. ***
>
> Reply at:
> https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/12
>
>
> ** Changed in: firefox
>        Status: Unknown => Fix Released
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1917191
>
> Title:
>   firefox will not start after it crashed unexpectedly
>
> Status in Mozilla Firefox:
>   Fix Released
> Status in firefox package in Ubuntu:
>   Confirmed
>
> Bug description:
>   firefox crashed unexpectedly, and it will not start or restart.  I am
> running the latest ubuntu-20.04.2 LTS, all updates applied.  firefox
> 86.0+build3
>   ---
>   ProblemType: Bug
>   AddonCompatCheckDisabled: False
>   ApportVersion: 2.20.11-0ubuntu27.16
>   Architecture: amd64
>   AudioDevicesInUse:
>    USER        PID ACCESS COMMAND
>    /dev/snd/controlC0:  johnfg     1725 F.... pulseaudio
>    /dev/snd/controlC1:  johnfg     1725 F.... pulseaudio
>   BuildID: 20210222142601
>   CasperMD5CheckResult: skip
>   Channel: Unavailable
>   CurrentDesktop: ubuntu:GNOME
>   DefaultProfileExtensions: extensions.sqlite corrupt or missing
>   DefaultProfileIncompatibleExtensions: Unavailable (corrupt or
> non-existant compatibility.ini or extensions.sqlite)
>   DefaultProfileLocales: extensions.sqlite corrupt or missing
>   DefaultProfilePrefErrors: Unexpected character ',' before close
> parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348
>   DefaultProfilePrefSources: prefs.js
>   DefaultProfileThemes: extensions.sqlite corrupt or missing
>   DistroRelease: Ubuntu 20.04
>   ForcedLayersAccel: False
>   InstallationDate: Installed on 2020-02-22 (371 days ago)
>   InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
>   IpRoute:
>    default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600
>    10.8.0.0/24 via 10.8.0.17 dev tun0
>    10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18
>    169.254.0.0/16 dev wlp10s0 scope link metric 1000
>    192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8
> metric 600
>   NonfreeKernelModules: openafs
>   Package: firefox 86.0+build3-0ubuntu0.20.04.1
>   PackageArchitecture: amd64
>   ProcEnviron:
>    TERM=xterm-256color
>    PATH=(custom, no user)
>    XDG_RUNTIME_DIR=<set>
>    LANG=en_US.UTF-8
>    SHELL=/bin/bash
>   ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86
>   Profile0Extensions: extensions.sqlite corrupt or missing
>   Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant
> compatibility.ini or extensions.sqlite)
>   Profile0Locales: extensions.sqlite corrupt or missing
>   Profile0PrefErrors: Unexpected character ',' before close parenthesis @
> /usr/lib/firefox/omni.ja:greprefs.js:348
>   Profile0PrefSources: prefs.js
>   Profile0Themes: extensions.sqlite corrupt or missing
>   Profiles:
>    Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date)
>    Profile0 - LastVersion=86.0/20210222142601
>   RunningIncompatibleAddons: False
>   Tags:  focal
>   Uname: Linux 5.4.0-66-generic x86_64
>   UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago)
>   UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
>   _MarkForUpload: True
>   dmi.bios.date: 07/05/2011
>   dmi.bios.vendor: American Megatrends Inc.
>   dmi.bios.version: V4.00L12
>   dmi.board.asset.tag: No Asset Tag
>   dmi.board.name: CF52-4
>   dmi.board.vendor: Panasonic Corporation
>   dmi.board.version: 1
>   dmi.chassis.asset.tag: No Asset Tag
>   dmi.chassis.type: 10
>   dmi.chassis.vendor: Panasonic Corporation
>   dmi.chassis.version: 001
>   dmi.modalias:
> dmi:bvnAmericanMegatrendsInc.:bvrV4.00L12:bd07/05/2011:svnPanasonicCorporation:pnCF-52SLGDD1M:pvr004:rvnPanasonicCorporation:rnCF52-4:rvr1:cvnPanasonicCorporation:ct10:cvr001:
>   dmi.product.family: CF52-4
>   dmi.product.name: CF-52SLGDD1M
>   dmi.product.sku: CF-52SLGDD1M
>   dmi.product.version: 004
>   dmi.sys.vendor: Panasonic Corporation
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/firefox/+bug/1917191/+subscriptions
>

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1917191

Title:
  firefox will not start after it crashed unexpectedly

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1917191/+subscriptions

More information about the Ubuntu-mozillateam-bugs mailing list