[tor-bugs] #26320 [Applications/Tor Browser]: Orfox 52.8.0esr-7.5-1 Crash

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 6 19:11:53 UTC 2018 

#26320: Orfox 52.8.0esr-7.5-1 Crash
--------------------------------------+-----------------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Immediate                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------
Changes (by sysrqb):

 * status:  new => needs_information
 * keywords:   => tbb-mobile
 * priority:  Medium => Immediate


Comment:

 The crash is reproducible
 [[https://people.torproject.org/~sysrqb/mobile.nytimes.com/|here]]

 I think there may be two different crash scenarios we're seeing. The
 first:

 {{{
 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xfffffff0 in
 tid 15134 (JS Helper)
 }}}

 {{{
 F MOZ_Assert: Assertion failure: [infer failure] Missing type in object
 [Object * 0x92f15310] _dirty: float, at
              /opt/Orfox/external/tor-
 browser/js/src/vm/TypeInference.cpp:256
 F MOZ_CRASH: Hit MOZ_CRASH() at /opt/Orfox/external/tor-
 browser/js/src/vm/TypeInference.cpp:257
 }}}

 Appears in the javascript runtime. This has been the main focus.

 However, I am not seeing that crash anymore (and now I have doubt the
 above webpage actually reproduced that crash. Below is the current crash I
 see - stack corruption.

 {{{
 adb| [23490] WARNING: Write failed (non-fatal): file
 /home/sysrqb/Orfox/external/tor-browser/xpcom/io/nsInputStreamTee.cpp,
 line 179
 adb| void mozilla::AndroidBridge::HandleGeckoMessage(JSContext*,
 JS::HandleObject)
 adb| No listeners for PrivateBrowsing:Data in dispatchEvent
 [New Thread 23826]

 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 23826]
 0xf41ca080 in ?? ()
 (gdb) info stack
 #0  0xf41ca080 in ?? ()
 #1  0xf41cab42 in ?? ()
 #2  0xf41cab42 in ?? ()
 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
 }}}

 And from adb:
 {{{
 F/libc    (13049): Fatal signal 11 (SIGSEGV), code 2, fault addr
 0x74736e75 in tid 13071 (Gecko)
 }}}

 igt0, can you still reproduce the first crash?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26320#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list