[tor-bugs] #31616 [Applications/Tor Browser]: Tor Browser on Android based on 60.9.0 is crashing on every launch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 7 20:30:45 UTC 2019
#31616: Tor Browser on Android based on 60.9.0 is crashing on every launch
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-mobile, tbb-crash, | Actual Points:
TorBrowserTeam201909 |
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:28 gk]:
> Replying to [comment:18 sysrqb]:
> > Replying to [comment:15 gk]:
> > > Replying to [comment:14 sysrqb]:
> > > > Replying to [comment:13 sysrqb]:
> > > > > Google Play shows this is primarily affecting Android 9 on
aarch64. `signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x2aae` is
interesting. This is the same fault address (and same code) as #31140.
> > > >
> > > > This is the same bug as #31140. acat found there was a syntax
error on [ticket:31140#comment:30 #31140] in the original patch and
corrected that. I didn't notice the syntax error while I was testing the
original patch and I incorrectly assumed the patch avoided the gecko
crash, instead the syntax error preventing the code from executing.
> > > >
> > > > After some more testing now, it does seems like
`javascript.options.native_regexp` is the correct pref we should disable.
`ion` is not the cause and it is enable by default (and it does not cause
a crash).
> > >
> > > I am wary having those JIT options on. Cypherpunks mentioned a meta
bug about baseline JIT issues e.g. and there might be other ones as well
(with `ion` as well although it might not be available on aarch64 on
esr60?). I'd really like to avoid playing whack-a-mole here by us doing
release after release to deal with those crash bugs one-by-one. We don't
have the time and capacity for that.
> >
> > Understood, and I definitely agree with this. I modified the original
torbutton patch such that it sets the three `javascript.options.` prefs as
false. This prevents the app crash, but now torbutton is not initialized
for some reason. `about:tor` is a blank, white screen and the torbutton
logs show initialization fails/aborts/errors somewhere, but I haven't yet
successfully found where this is happening in the code. It seems this is
only occurring on aarch64 (torbutton is working on x86_64, but I did not
try armv7).
>
> It seems your patch in `bug31616_01` is working fine for me on the 8.5
branch. I can run an aarch64 bundle with it while without it it would
crash on my system. I'll post the slightly updated branch for review
shortly and a bundle for anyone being affected to try.
Oh, and with that I mean the sec level is correctly initalized in that all
non-JIT prefs are set to standard values but the JIT ones are disabled.
And `about:tor` behaves like normal. I've not tested an upated, though,
yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31616#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list