[tor-bugs] #1906 [EFF-HTTPS Everywhere]: HTTPS-Everywhere crashes Firefox (not BeeFREE!!!!!!!)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Sep 8 19:42:38 UTC 2010
#1906: HTTPS-Everywhere crashes Firefox (not BeeFREE!!!!!!!)
----------------------------------+-----------------------------------------
Reporter: bee | Owner: pde
Type: enhancement | Status: new
Priority: blocker | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: flaw | Parent:
----------------------------------+-----------------------------------------
Comment(by bee):
Well!!!!!!!!!!!!!!!!!!! I'm sure you just don't know how to do it
straightly!!!!!!!!!!! and i want to point out that my addon is not related
to this flaw of HTTPS EVERY Where!!!!!!!!!!!
If you want find a cause!!! At the very first!!!!!!!!!!!! You've to
install the debug infos!!!!
$ beesu yum install xulrunner-debuginfo firefox-debuginfo
or, you could download the debuginfo RPMs from the NET!!!!
http://koji.fedoraproject.org/koji/buildinfo?buildID=194231 you've to take
the same firefox debug version as yours!!!!!!! The more debug packages the
better accurate info of crashes!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
To start firefox in the debug mode type!!
$ firefox --debug 2>&1 |tee /tmp/ff.txt
Type "run" and wait for a crash!!!!!!!!!!!!! also type "continue" when the
process freeze, so it'll crash on itself!! haha!!!!!!!!
If you're unable to use a debugger!! and i know you're unable!!!!!!!!!!
You'll never find out the reason of this flaw!!!!!!
This is a demo of what i've got!!! no images of memory!!
{{{
..........blah blah a long text!!
[Thread 0xac4ffb70 (LWP 4337) exited]
[New Thread 0x7bd6b70 (LWP 4338)]
[Thread 0x7bd6b70 (LWP 4338) exited]
Detaching after fork from child process 4340.
[New Thread 0x7bd6b70 (LWP 4349)]
[Thread 0x7bd6b70 (LWP 4349) exited]
[New Thread 0xac4ffb70 (LWP 4350)]
[Thread 0xac4ffb70 (LWP 4350) exited]
[New Thread 0xac4ffb70 (LWP 4352)]
Program received signal SIGSEGV, Segmentation fault.
nsExpirationTracker<imgCacheEntry, 3u>::RemoveObject (this=0xb2d512e0,
aObj=0xb3131680) at ../../../dist/include/nsExpirationTracker.h:155
155 PRUint32 last = generation.Length() - 1;
Missing separate debuginfos, use: debuginfo-install GConf2-2.28.1-1
ORBit2-2.14.18-1 PackageKit-gtk-module-0.6.6-1 alsa-lib-1.0.23-1
atk-1.30.0-1
audiofile-0.2.6-11 avahi-0.6.25-7 avahi-glib-0.6.25-7 cairo-1.8.10-1
dbus-glib-0.86-4 dbus-libs-1.2.24-1 esound-libs-0.2.41-3 expat-2.0.1-10
fontconfig-2.8.0-1 freetype-2.3.11-3 gamin-0.1.10-7 gecko-
mediaplayer-0.9.9.2-2
glib2-2.24.1-1 glibc-2.12-3.i686 gnome-vfs2-2.24.3-1 gtk2-2.20.1-1
gtk2-engines-2.20.1-1 gvfs-1.6.2-1 hunspell-1.2.8-17 keyutils-libs-1.2-6
krb5-libs-1.7.1-10 libICE-1.0.6-2 libSM-1.1.0-7 libX11-1.3.1-3
libXScrnSaver-1.2.0-1 libXau-1.0.5-1 libXcomposite-0.4.1-2
libXcursor-1.1.10-4
libXdamage-1.1.2-2 libXext-1.1.2-2 libXfixes-4.0.4-2 libXi-1.3.2-1
libXinerama-1.1-2 libXrandr-1.3.0-5 libXrender-0.9.5-1 libXt-1.0.7-1
libacl-2.2.49-6 libart_lgpl-2.3.20-5 libattr-2.4.44-3 libbonobo-2.24.2-2
libbonoboui-2.24.3-1 libcanberra-0.24-1 libcanberra-gtk2-0.24-1
libcom_err-1.41.10-7 libgcc-4.4.4-10 libgcrypt-1.4.5-4 libgnome-2.30.0-1
libgnome-keyring-2.30.1-1 libgnomecanvas-2.30.1-1 libgnomeui-2.24.3-1
libgpg-error-1.7-1 libjpeg-6b-46 libnotify-0.5.0-1 libogg-1.2.0-1
libpng-1.2.44-1 libselinux-2.0.90-5 libstdc++-4.4.4-10 libtdb-1.2.1-2
libtool-ltdl-2.2.6-20 libudev-153-3 libuuid-2.17.2-8 libvorbis-1.3.1-1
libxcb-1.5-1 libxml2-2.7.7-1 nspr-4.8.4-2 nss-3.12.6-12 nss-
softokn-3.12.6-3
nss-softokn-freebl-3.12.6-3 nss-util-3.12.6-1 openssl-1.0.0a-1
pango-1.28.0-1
pixman-0.18.0-1 popt-1.13-7 rhythmbox-0.12.8-4 sqlite-3.6.22-1
startup-notification-0.10-4 totem-mozplugin-2.30.2-1 totem-pl-
parser-2.30.2-1
xcb-util-0.3.6-1 zlib-1.2.3-23
(gdb) backtrace
#0 nsExpirationTracker<imgCacheEntry, 3u>::RemoveObject (this=0xb2d512e0,
aObj=0xb3131680) at ../../../dist/include/nsExpirationTracker.h:155
#1 0x4159247e in nsExpirationTracker<imgCacheEntry, 3u>::MarkUsed
(this=0xb2d512e0, aObj=0xb3131680) at
../../../dist/include/nsExpirationTracker.h:176
#2 0x4159117d in imgLoader::LoadImage (this=0xb2fec490, aURI=0xaa1be030,
aInitialDocumentURI=0xb28962f0, aReferrerURI=0xb28962f0,
aLoadGroup=0xb3aa3ca0,
aObserver=0xb35538e0, aCX=0xb2a63800, aLoadFlags=5120, aCacheKey=0x0,
aRequest=0x0, _retval=0xb3577060) at imgLoader.cpp:1400
#3 0x41704a94 in nsContentUtils::LoadImage (aURI=0xaa1be030,
aLoadingDocument=0xb2a63800, aLoadingPrincipal=0xb4f2eb40,
aReferrer=0xb28962f0, aObserver=
0xb35538e0, aLoadFlags=5120, aRequest=0xb3577060) at
nsContentUtils.cpp:2473
#4 0x416db8bc in nsImageBoxFrame::UpdateImage (this=0xb3577010) at
nsImageBoxFrame.cpp:273
#5 0x416dbda5 in nsImageBoxFrame::AttributeChanged (this=0xb3577010,
aNameSpaceID=0, aAttribute=0xb334dcc4, aModType=2) at
nsImageBoxFrame.cpp:174
#6 0x415a5ca3 in nsCSSFrameConstructor::AttributeChanged
(this=0xb3c57700, aContent=0xb3c38310, aNameSpaceID=0,
aAttribute=0xb334dcc4, aModType=2,
aStateMask=0) at nsCSSFrameConstructor.cpp:8137
#7 0x415de42c in PresShell::AttributeChanged (this=0xb2e8cfe0,
aDocument=0xb2a63800, aContent=0xb3c38310, aNameSpaceID=0,
aAttribute=0xb334dcc4, aModType=
2, aStateMask=0) at nsPresShell.cpp:5017
#8 0x417499d3 in nsNodeUtils::AttributeChanged (aContent=0xb3c38310,
aNameSpaceID=0, aAttribute=0xb334dcc4, aModType=2, aStateMask=0)
at nsNodeUtils.cpp:124
#9 0x417404b5 in nsGenericElement::SetAttrAndNotify (this=0xb3c38310,
aNamespaceID=0, aName=0xb334dcc4, aPrefix=0x0, aOldValue=...,
aParsedValue=...,
aModification=0, aFireMutation=0, aNotify=1,
aValueForAfterSetAttr=0xbfff7a1c) at nsGenericElement.cpp:4372
#10 0x4174096b in nsGenericElement::SetAttr (this=0xb3c38310,
aNamespaceID=0, aName=0xb334dcc4, aPrefix=0x0, aValue=..., aNotify=1)
at nsGenericElement.cpp:4305
#11 0x4173cafc in SetAttr (this=0xb3c38310, aName=..., aValue=...) at
nsGenericElement.h:387
#12 nsGenericElement::SetAttribute (this=0xb3c38310, aName=...,
aValue=...) at nsGenericElement.cpp:2081
#13 0x41468f76 in nsIDOMElement_SetAttribute (cx=0xb2706800, argc=2,
vp=0xb30882ec) at dom_quickstubs.cpp:3203
#14 0x04e34876 in js_Interpret (cx=0xb2706800) at jsops.cpp:2208
#15 0x04e3e876 in js_Invoke (cx=0xb2706800, argc=4, vp=0xb3088080,
flags=<value optimized out>) at jsinterp.cpp:1368
#16 0x4143cd12 in nsXPCWrappedJSClass::CallMethod (this=0xb208ea60,
wrapper=0xb20aa6c0, methodIndex=3, info=0xb4eb6890,
nativeParams=0xbfff7fc8)
at xpcwrappedjsclass.cpp:1696
#17 0x41438452 in nsXPCWrappedJS::CallMethod (this=0xb20aa6c0,
methodIndex=3, info=0xb4eb6890, params=0xbfff7fc8) at xpcwrappedjs.cpp:570
#18 0x41dd6de2 in PrepareAndDispatch (methodIndex=<value optimized out>,
self=0xb208d400, args=<value optimized out>) at
xptcstubs_gcc_x86_unix.cpp:95
#19 0x41bad54d in nsBrowserStatusFilter::OnStateChange (this=0xb2063be0,
aWebProgress=0xb7d4ed34, aRequest=0xacdbc28c, aStateFlags=786448, aStatus=
2152398850) at nsBrowserStatusFilter.cpp:183
#20 0x41aca640 in nsDocLoader::FireOnStateChange (this=0xb7d4ed20,
aProgress=0xb7d4ed34, aRequest=0xacdbc28c, aStateFlags=786448,
aStatus=2152398850)
at nsDocLoader.cpp:1314
#21 0x41aca754 in nsDocLoader::doStopDocumentLoad (this=0xb7d4ed20,
request=0xacdbc28c, aStatus=2152398850) at nsDocLoader.cpp:937
#22 0x41acb6d0 in nsDocLoader::DocLoaderIsEmpty (this=0xb7d4ed20,
aFlushLayout=1) at nsDocLoader.cpp:802
#23 0x41acb91f in nsDocLoader::OnStopRequest (this=0xb7d4ed20,
aRequest=0xac91e760, aCtxt=0x0, aStatus=2152398850) at nsDocLoader.cpp:697
#24 0x4149d107 in nsLoadGroup::RemoveRequest (this=0xb33fc760,
request=0xac91e760, ctxt=0x0, aStatus=2152398850) at nsLoadGroup.cpp:680
#25 0x4149d4cd in nsLoadGroup::Cancel (this=0xb33fc760, status=2152398850)
at nsLoadGroup.cpp:331
#26 0x41acbae0 in nsDocLoader::Stop (this=0xb7d4ed20) at
nsDocLoader.cpp:328
#27 0x41ab1b2a in nsDocShell::Stop (this=0xb7d4ed20, aStopFlags=1) at
nsDocShell.cpp:3968
#28 0x41abf286 in nsDocShell::InternalLoad (this=0xb7d4ed20,
aURI=0xaa237320, aReferrer=0xac749b60, aOwner=0xac762d80, aFlags=0,
aWindowTarget=0xbfff86a8,
aTypeHint=0xbfff87ec "", aPostData=0x0, aHeadersData=0x0,
aLoadType=2097153, aSHEntry=0x0, aFirstParty=1, aDocShell=0x0,
aRequest=0x0)
at nsDocShell.cpp:8000
#29 0x41abfbf7 in nsDocShell::OnLinkClickSync (this=0xb7d4ed20,
aContent=0xab85da00, aURI=0xaa237320, aTargetSpec=0xa9ed12d8,
aPostDataStream=0x0,
aHeadersDataStream=0x0, aDocShell=0x0, aRequest=0x0) at
nsDocShell.cpp:10909
#30 0x41ac256f in OnLinkClickEvent::Run (this=0xaa54fbb0) at
nsDocShell.cpp:10773
#31 0x41dc904f in nsThread::ProcessNextEvent (this=0xb7d86e70, mayWait=0,
result=0xbfff8a00) at nsThread.cpp:527
#32 0x41dd62a3 in NS_InvokeByIndex_P () from
/usr/lib/xulrunner-1.9.2/libxul.so
#33 0x4143fe97 in XPCWrappedNative::CallMethod (ccx=...,
mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2722
#34 0x41448a9a in XPC_WN_CallMethod (cx=0xb2706800, obj=0xacd1c1c0,
argc=1, argv=0xb3088060, vp=0xbfff8dbc) at xpcwrappednativejsops.cpp:1740
#35 0x04e3e45e in js_Invoke (cx=0xb2706800, argc=1, vp=0xb3088058,
flags=<value optimized out>) at jsinterp.cpp:1360
#36 0x04e2e96c in js_Interpret (cx=0xb2706800) at jsops.cpp:2240
#37 0x04e3e876 in js_Invoke (cx=0xb2706800, argc=1, vp=0xb3088020,
flags=<value optimized out>) at jsinterp.cpp:1368
#38 0x4143cd12 in nsXPCWrappedJSClass::CallMethod (this=0xb3893c10,
wrapper=0xb307b1c0, methodIndex=3, info=0xb4d191e0,
nativeParams=0xbfff9374)
at xpcwrappedjsclass.cpp:1696
#39 0x41438452 in nsXPCWrappedJS::CallMethod (this=0xb307b1c0,
methodIndex=3, info=0xb4d191e0, params=0xbfff9374) at xpcwrappedjs.cpp:570
#40 0x41dd6de2 in PrepareAndDispatch (methodIndex=<value optimized out>,
self=0xb2cd6730, args=<value optimized out>) at
xptcstubs_gcc_x86_unix.cpp:95
#41 0x4177b0a4 in nsEventListenerManager::HandleEventSubType
(this=0xb34d8e20, aListenerStruct=0xb2f09e40, aListener=0xb2cd6730,
aDOMEvent=0xab2026d0,
aCurrentTarget=0xb3c38c40, aPhaseFlags=2) at
nsEventListenerManager.cpp:1041
#42 0x4177b44e in nsEventListenerManager::HandleEvent (this=0xb34d8e20,
aPresContext=0xac759c00, aEvent=0xab707640, aDOMEvent=0xbfff96bc,
aCurrentTarget=
0xb3c38c40, aFlags=2, aEventStatus=0xbfff96c0) at
nsEventListenerManager.cpp:1147
#43 0x417900dd in nsEventTargetChainItem::HandleEvent (this=0xb360f0c0,
aVisitor=..., aFlags=2, aMayHaveNewListenerManagers=1) at
nsEventDispatcher.cpp:246
#44 0x41790272 in nsEventTargetChainItem::HandleEventTargetChain
(this=0xb360f3a0, aVisitor=..., aFlags=6, aCallback=0x0,
aMayHaveNewListenerManagers=1)
at nsEventDispatcher.cpp:332
#45 0x4179080f in nsEventDispatcher::Dispatch (aTarget=0xac758c00,
aPresContext=0xac759c00, aEvent=0xab707640, aDOMEvent=0xab2026d0,
aEventStatus=
0xbfff9788, aCallback=0x0, aTargets=0x0) at nsEventDispatcher.cpp:573
#46 0x41790a6e in nsEventDispatcher::DispatchDOMEvent (aTarget=0xac758c00,
aEvent=0x0, aDOMEvent=0xab2026d0, aPresContext=0xac759c00, aEventStatus=
0xbfff9788) at nsEventDispatcher.cpp:636
#47 0x4171f107 in nsDocument::DispatchEvent (this=0xac758c00,
aEvent=0xab2026d0, _retval=0xbfff97b4) at nsDocument.cpp:6261
#48 0x41705fdc in nsContentUtils::DispatchTrustedEvent (aDoc=0xac758c00,
aTarget=0xac758c00, aEventName=..., aCanBubble=1, aCancelable=1,
aDefaultAction=
0x0) at nsContentUtils.cpp:3228
#49 0x41724b86 in nsDocument::DispatchContentLoadedEvents
(this=0xac758c00) at nsDocument.cpp:4003
#50 0x4172c3ec in nsRunnableMethod<nsDocument, void>::Run
(this=0xac705180) at ../../../dist/include/nsThreadUtils.h:282
#51 0x41dc904f in nsThread::ProcessNextEvent (this=0xb7d86e70, mayWait=0,
result=0xbfff991c) at nsThread.cpp:527
#52 0x41d9587a in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=0) at nsThreadUtils.cpp:250
#53 0x41d0513e in mozilla::ipc::MessagePump::Run (this=0xb7de5670,
aDelegate=0xb7d1ea60) at MessagePump.cpp:118
#54 0x41d621f8 in MessageLoop::RunInternal (this=0xb7d1ea60) at
src/base/message_loop.cc:216
#55 0x41d6221d in MessageLoop::RunHandler (this=0xb7d1ea60) at
src/base/message_loop.cc:199
#56 0x41d622aa in MessageLoop::Run (this=0xb7d1ea60) at
src/base/message_loop.cc:173
#57 0x41c76024 in nsBaseAppShell::Run (this=0xb6f27a60) at
nsBaseAppShell.cpp:174
#58 0x41b27dbf in nsAppStartup::Run (this=0xb4f2be80) at
nsAppStartup.cpp:183
#59 0x4141134b in XRE_main (argc=1, argv=0xbffff0d4, aAppData=0xb7d21700)
at nsAppRunner.cpp:3483
#60 0x08049f2b in main (argc=1, argv=0xbffff0d4) at nsXULStub.cpp:583
(gdb) backtrace full
#0 nsExpirationTracker<imgCacheEntry, 3u>::RemoveObject (this=0xb2d512e0,
aObj=0xb3131680) at ../../../dist/include/nsExpirationTracker.h:155
state = 0xb3131694
generation = @0xb2d51320
last = <value optimized out>
lastObj = <value optimized out>
index = 2
#1 0x4159247e in nsExpirationTracker<imgCacheEntry, 3u>::MarkUsed
(this=0xb2d512e0, aObj=0xb3131680) at
../../../dist/include/nsExpirationTracker.h:176
state = 0xb3131694
#2 0x4159117d in imgLoader::LoadImage (this=0xb2fec490, aURI=0xaa1be030,
aInitialDocumentURI=0xb28962f0, aReferrerURI=0xb28962f0,
aLoadGroup=0xb3aa3ca0,
aObserver=0xb35538e0, aCX=0xb2a63800, aLoadFlags=5120, aCacheKey=0x0,
aRequest=0x0, _retval=0xb3577060) at imgLoader.cpp:1400
request = {mRawPtr = 0xb3379560}
rv = <value optimized out>
requestFlags = 5120
spec = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> =
{mData = 0xac6588d8 "http://www.amazon.com/favicon.ico", mLength = 33,
mFlags =
OMITTED!!!!!!!!!!!!!!!!!!!!!!!!
(gdb) continue
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00110424 in __kernel_vsyscall ()
(gdb) continue
Continuing.
[Thread 0x3c28b70 (LWP 4331) exited]
[Thread 0x19a3b70 (LWP 4326) exited]
[Thread 0xad8b1b70 (LWP 4325) exited]
[Thread 0xb137eb70 (LWP 4324) exited]
[Thread 0x2e70b70 (LWP 4328) exited]
[Thread 0x246fb70 (LWP 4327) exited]
[Thread 0x594bb70 (LWP 4330) exited]
[Thread 0xb4cffb70 (LWP 4322) exited]
[Thread 0xb5afdb70 (LWP 4321) exited]
[Thread 0xb64feb70 (LWP 4320) exited]
[Thread 0xb6effb70 (LWP 4319) exited]
[Thread 0xb7affb70 (LWP 4318) exited]
[Thread 0xac4ffb70 (LWP 4352) exited]
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) quit
}}}
I think the flaw is not related to addons configurations, but to HTTPS
EVERYWHERE alone!!!!!!! YEAH!!!!!!!! firefox crashes even with HTTPS
EveryWHERE alone!!!!!
This is easy to understand!!! In linux or windows!! with https-everywhere,
crash and burns are everywhere!!!! with https-nowhere, crashes are
nowhere!!!!!!! YEAH!!!!! No https-everywhere, no crashes!!!!!! I think the
APIs of firefox for addons, are just not enough to have an addon like
this!!!!!!!!! And i'm very sure that something of what "HTTPS every and
where" does is very bad and unsafe!!!!!!!! YEAH!!! What it does of bad is
to rewrite the nsIURI.scheme value!!!! it's very unsafe!!!!!!!!!!!!! And
also rewriting favicons is not allowed!!!!!!!!!!!!
The BACKTRACE i pasted above is quite easy to understand!!! even for less
fortunate people like you!!!!!! "http://www.amazon.com/favicon.ico" is
after the crash!!! Yeah!!! It crashes due to favicons rewritings!!!!!! I
even told you this before at
https://trac.torproject.org/projects/tor/ticket/1649 !!!!! but you don't
like to listen honey bees, and then you keep the bad bugs yet you can't
find the cause!!!!!!!!!! yeah!!!!!
SUPER HONEY BEES!!!!!!!!!!!! honey bees everywhere!!!!!!!!! mike perries'
off!!!!!
bye!!!!!!!!!!!!!!!
~bee!!!!!!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1906#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list