Segfault in libxul

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Segfault in libxul

Unread post by stefan11111 » 2024-03-22, 21:15

When trying to open a webm from /gif/ by dragging the filename to the url bar, palemoon crashed.
Gdb says this:

Code: Select all

[Thread 0x7fffb76ff6c0 (LWP 12817) exited]
[New Thread 0x7fffd1e466c0 (LWP 12826)]

Thread 1 "palemoon" received signal SIGSEGV, Segmentation fault.
0x00007ffff3efc9de in ?? () from /usr/lib64/palemoon/libxul.so
(gdb) bt
#0  0x00007ffff3efc9de in ?? () from /usr/lib64/palemoon/libxul.so
#1  0x00007ffff47b80a9 in ?? () from /usr/lib64/palemoon/libxul.so
#2  0x00007ffff47df8ab in ?? () from /usr/lib64/palemoon/libxul.so
#3  0x00007ffff47e031d in ?? () from /usr/lib64/palemoon/libxul.so
#4  0x00007ffff40474ec in ?? () from /usr/lib64/palemoon/libxul.so
#5  0x00007ffff44ca0a4 in ?? () from /usr/lib64/palemoon/libxul.so
#6  0x00007ffff44f021a in ?? () from /usr/lib64/palemoon/libxul.so
#7  0x00007ffff5ec0849 in ?? () from /usr/lib64/palemoon/libxul.so
#8  0x00007ffff610e762 in ?? () from /usr/lib64/palemoon/libxul.so
#9  0x00000de5e97fbfb6 in ?? ()
#10 0x0000000000000000 in ?? ()
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-24, 12:46

Just tested.
This is not a problem in basilisk.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35651
Joined: 2011-08-28, 17:27
Location: Motala, SE

Re: Segfault in libxul

Unread post by Moonchild » 2024-03-24, 13:21

Are you still on gentoo building from source? In that case we can't do anything with your crash output unless you provide actual stack traces with function names. Have you tried using the official binary as well?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Top
User avatar
smithy
Moon lover
Moon lover
Posts: 77
Joined: 2020-07-02, 11:44

Re: Segfault in libxul

Unread post by smithy » 2024-03-24, 16:19

Works fine on Linux Mknt xfce. No problems.
It is common to think of our own time as standing at the apex of civilisation from which the deficiencies of preceding ages may patronisingly be viewed in the light of what is assumed to be progress. The reality is that in the long perspective of history the present century will not hold an enviable position unless the second half is to redeem its first.

Chief US prosecutor Robert Jackson's closing statement - Nurenburg 1946
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-25, 13:28

Moonchild wrote:
2024-03-24, 13:21
 Are you still on gentoo building from source? In that case we can't do anything with your crash output unless you provide actual stack traces with function names. Have you tried using the official binary as well?
Yes, I am still on gentoo building from source.

I tracked the problem down a bit more.

It seems to be because of noscript.
The problem still happens with an official palemoon build I got from here:
https://www.palemoon.org/download.shtml

I have tried to build palemoon the way I normally build it with an automated build script(gentoo ebuild) and pass -ggdb3 to CFLAGS and CXXFLAGS, disable stripping and enable debugging, but the resulting binary had no debug syms. I will try to do a manual build with debugsyms, in case that somehow results in a binary with debug syms. Is there an official palemoon build with debug syms out there?

I know that noscript is unsupported, but it still seems like a bug that an extension can segfault and crash palemoon.
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-25, 13:31

Retested basilisk with noscript, and is still isn't a problem there.
Top
User avatar
athenian200
Contributing developer
Contributing developer
Posts: 1537
Joined: 2018-10-28, 19:56
Location: Georgia

Re: Segfault in libxul

Unread post by athenian200 » 2024-03-25, 13:41

viewtopic.php?f=3&t=30911

Not sure what more needs to be said here? Though I really am curious why it doesn't happen on Basilisk... I think it's based on the same platform code as PM 33? That's really weird. The only big difference between PM and Basilisk should be the frontend UI code...
"The Athenians, however, represent the unity of these opposites; in them, mind or spirit has emerged from the Theban subjectivity without losing itself in the Spartan objectivity of ethical life. With the Athenians, the rights of the State and of the individual found as perfect a union as was possible at all at the level of the Greek spirit." -- Hegel's philosophy of Mind
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35651
Joined: 2011-08-28, 17:27
Location: Motala, SE

Re: Segfault in libxul

Unread post by Moonchild » 2024-03-25, 14:38

stefan11111 wrote:
2024-03-25, 13:28
 It seems to be because of noscript.
...
*decides to bite tongue instead of replying*
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-25, 20:12

I managed to make a manual build of palemoon with debug syms.
Without noscript, palemoon still receives a segfault, but it seems to catch it and not crash.

Code: Select all

Program ./palemoon (pid = 17380) received signal 11.
Stack:
#01: ???[/lib64/libc.so.6 +0x41d50]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0xd41898]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#12: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#13: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#14: ???[/lib64/libc.so.6 +0x9f43e]
#15: ???[/lib64/libc.so.6 +0x121328]
#16: ??? (???:???)
Sleeping for 300 seconds.
Type 'gdb ./palemoon 17380' to attach your debugger to this thread.
Assertion failure: false (A WorkerRunnable was executed after WorkerThreadPrimaryRunnable ended.), at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerRunnable.cpp:240
#01: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#12: ???[/lib64/libc.so.6 +0x9f43e]
#13: ???[/lib64/libc.so.6 +0x121328]
#14: ??? (???:???)

Program ./palemoon (pid = 17380) received signal 11.
Stack:
#01: ???[/lib64/libc.so.6 +0x41d50]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0xd41898]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#12: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#13: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#14: ???[/lib64/libc.so.6 +0x9f43e]
#15: ???[/lib64/libc.so.6 +0x121328]
#16: ??? (???:???)
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-25, 20:16

Here is the output from gdb

Code: Select all

[Thread 0x7fffc2eff6c0 (LWP 17751) exited]
++DOCSHELL 0x7fffb8270000 == 43 [pid = 17687] [id = 43]
++DOMWINDOW == 88 (0x7fffb8225800) [pid = 17687] [serial = 96] [outer = (nil)]
++DOMWINDOW == 89 (0x7fffb9287400) [pid = 17687] [serial = 97] [outer = 0x7fffb8225800]
++DOMWINDOW == 90 (0x7fffb9df3c00) [pid = 17687] [serial = 98] [outer = 0x7fffb8225800]
[17687] WARNING: '!aWindow', file /home/stefan/Downloads/Pale-Moon/platform/dom/audiochannel/AudioChannelAgent.cpp, line 163
[17687] WARNING: 'NS_FAILED(rv)', file /home/stefan/Downloads/Pale-Moon/platform/dom/html/HTMLMediaElement.cpp, line 5842
[17687] WARNING: '!aWindow', file /home/stefan/Downloads/Pale-Moon/platform/dom/audiochannel/AudioChannelAgent.cpp, line 163
[17687] WARNING: 'NS_FAILED(rv)', file /home/stefan/Downloads/Pale-Moon/platform/dom/html/HTMLMediaElement.cpp, line 5842
[17687] WARNING: '!aWindow', file /home/stefan/Downloads/Pale-Moon/platform/dom/audiochannel/AudioChannelAgent.cpp, line 163
[17687] WARNING: 'NS_FAILED(rv)', file /home/stefan/Downloads/Pale-Moon/platform/dom/html/HTMLMediaElement.cpp, line 5842
[17687] WARNING: '!aWindow', file /home/stefan/Downloads/Pale-Moon/platform/dom/audiochannel/AudioChannelAgent.cpp, line 163
[17687] WARNING: 'NS_FAILED(rv)', file /home/stefan/Downloads/Pale-Moon/platform/dom/html/HTMLMediaElement.cpp, line 5842
[New Thread 0x7fffda24f6c0 (LWP 17794)]
++DOMWINDOW == 91 (0x7fffb9291400) [pid = 17687] [serial = 99] [outer = 0x7fffb8225800]
[New Thread 0x7fffda20e6c0 (LWP 17795)]
[New Thread 0x7fffda1cd6c0 (LWP 17796)]
[New Thread 0x7fffc2eff6c0 (LWP 17797)]
[New Thread 0x7fffb31b36c0 (LWP 17798)]
[New Thread 0x7fffda1406c0 (LWP 17799)]
[New Thread 0x7fffda0bf6c0 (LWP 17800)]
[New Thread 0x7fffcd3ff6c0 (LWP 17801)]
[New Thread 0x7fffcd3be6c0 (LWP 17802)]
[New Thread 0x7fffcd37d6c0 (LWP 17803)]
[New Thread 0x7fffcbeff6c0 (LWP 17804)]
Assertion failure: false (A WorkerRunnable was executed after WorkerThreadPrimaryRunnable ended.), at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerRunnable.cpp:240
#01: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x174732c]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#12: ???[/lib64/libc.so.6 +0x9f43e]
#13: ???[/lib64/libc.so.6 +0x121328]
#14: ??? (???:???)

Thread 24 "DOM Worker" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd9afc6c0 (LWP 17723)]
mozilla::dom::workers::WorkerRunnable::Run (this=0x7fffdff9d180) at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerRunnable.cpp:240
240           MOZ_DIAGNOSTIC_ASSERT(false,
(gdb) bt
#0  mozilla::dom::workers::WorkerRunnable::Run (this=0x7fffdff9d180) at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerRunnable.cpp:240
#1  0x00007ffff1342993 in nsThread::ProcessNextEvent (this=0x7fffdf448060, aMayWait=<optimized out>, aResult=0x7fffd9afb6a7) at /home/stefan/Downloads/Pale-Moon/o/dist/include/nsCOMPtr.h:763
#2  0x00007ffff1384302 in NS_ProcessPendingEvents (aThread=0x7fffdf448060, aTimeout=4294967295) at /home/stefan/Downloads/Pale-Moon/platform/xpcom/glue/nsThreadUtils.cpp:297
#3  0x00007ffff3901873 in mozilla::dom::workers::WorkerPrivate::ClearMainEventQueue (this=this@entry=0x7fffdf797800, aRanOrNot=aRanOrNot@entry=mozilla::dom::workers::WorkerPrivate::WorkerRan)
    at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerPrivate.cpp:5312
#4  0x00007ffff3901a24 in mozilla::dom::workers::WorkerPrivate::ScheduleDeletion (this=0x7fffdf797800, aRanOrNot=mozilla::dom::workers::WorkerPrivate::WorkerRan)
    at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerPrivate.cpp:5159
#5  0x00007ffff388fadd in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0x7fffdf753d30) at
/home/stefan/Downloads/Pale-Moon/platform/dom/workers/RuntimeService.cpp:2847
#6  0x00007ffff1342993 in nsThread::ProcessNextEvent (this=0x7fffdf448060, aMayWait=<optimized out>, aResult=0x7fffd9afbd37) at /home/stefan/Downloads/Pale-Moon/o/dist/include/nsCOMPtr.h:763
#7  0x00007ffff138441a in NS_ProcessNextEvent (aThread=<optimized out>, aMayWait=<optimized out>) at /home/stefan/Downloads/Pale-Moon/platform/xpcom/glue/nsThreadUtils.cpp:355
#8  0x00007ffff195e32c in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0x7fffe9929100, aDelegate=0x7fffe9923180) at /home/stefan/Downloads/Pale-Moon/platform/ipc/glue/MessagePump.cpp:367
#9  0x00007ffff18f86c6 in MessageLoop::RunHandler (this=0x7fffe9923180) at /home/stefan/Downloads/Pale-Moon/platform/ipc/chromium/src/base/message_loop.cc:221
#10 MessageLoop::Run (this=this@entry=0x7fffe9923180) at /home/stefan/Downloads/Pale-Moon/platform/ipc/chromium/src/base/message_loop.cc:201
#11 0x00007ffff133fbd0 in nsThread::ThreadFunc (aArg=0x7fffdf448060) at /home/stefan/Downloads/Pale-Moon/platform/xpcom/threads/nsThread.cpp:458
#12 0x00007ffff79e4096 in _pt_root (arg=0x7ffff777bc40) at /home/stefan/Downloads/Pale-Moon/platform/nsprpub/pr/src/pthreads/ptthread.c:201
#13 0x00007ffff7a9d43e in ?? () from /lib64/libc.so.6
#14 0x00007ffff7b1f328 in ?? () from /lib64/libc.so.6
Top
q160765803
Apollo supporter
Apollo supporter
Posts: 35
Joined: 2023-04-13, 07:57

Re: Segfault in libxul

Unread post by q160765803 » 2024-03-26, 01:22

stefan11111 wrote:
2024-03-25, 20:12
 I managed to make a manual build of palemoon with debug syms.
Without noscript, palemoon still receives a segfault, but it seems to catch it and not crash.

Code: Select all

Program ./palemoon (pid = 17380) received signal 11.
Stack:
#01: ???[/lib64/libc.so.6 +0x41d50]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0xd41898]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#12: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#13: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#14: ???[/lib64/libc.so.6 +0x9f43e]
#15: ???[/lib64/libc.so.6 +0x121328]
#16: ??? (???:???)
Sleeping for 300 seconds.
Type 'gdb ./palemoon 17380' to attach your debugger to this thread.
Assertion failure: false (A WorkerRunnable was executed after WorkerThreadPrimaryRunnable ended.), at /home/stefan/Downloads/Pale-Moon/platform/dom/workers/WorkerRunnable.cpp:240
#01: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#12: ???[/lib64/libc.so.6 +0x9f43e]
#13: ???[/lib64/libc.so.6 +0x121328]
#14: ??? (???:???)

Program ./palemoon (pid = 17380) received signal 11.
Stack:
#01: ???[/lib64/libc.so.6 +0x41d50]
#02: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0xd41898]
#03: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#04: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d302]
#05: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36ea873]
#06: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x36eaa24]
#07: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x3678add]
#08: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x112b993]
#09: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x116d41a]
#10: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x17472da]
#11: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x16e16c6]
#12: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libxul.so +0x1128bd0]
#13: ???[/home/stefan/Downloads/Pale-Moon/o/dist/bin/libnspr4.so +0x33096]
#14: ???[/lib64/libc.so.6 +0x9f43e]
#15: ???[/lib64/libc.so.6 +0x121328]
#16: ??? (???:???)
seems related to https://repo.palemoon.org/MoonchildProd ... ebbf19d20f
upstream discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=1879272
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-03-26, 05:38

q160765803 wrote:
2024-03-26, 01:22
 upstream discussion: https://bugzilla.mozilla.org/show_bug.cgi?id=1879272

Code: Select all

xul.dll  MOZ_Crash  mfbt/Assertions.h:301
I thought libxul was long removed from upstream firefox?
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-04-14, 10:50

Finally got some time to work on this.

Here is a patch to fix the crashes with noscript.

Code: Select all

diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 7828f5bd52..9b7780a1f5 100644
--- a/platform/dom/base/nsGlobalWindow.cpp
+++ b/platform/dom/base/nsGlobalWindow.cpp
@@ -3543,9 +3543,11 @@ nsGlobalWindow::GetEventTargetParent(EventChainPreVisitor& aVisitor)

   aVisitor.mCanHandle = true;
   // Middle/right click shouldn't dispatch click event, use auxclick to instead.
+/*
   if (mDoc->IsXULDocument()) {
     aVisitor.mForceContentDispatch = true; //FIXME! Bug 329119
   }
+*/
   if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
     // QIing to window so that we can keep the old behavior also in case
     // a child window is handling resize.
Judging from that FIXME comment, this is probably a browser problem.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35651
Joined: 2011-08-28, 17:27
Location: Motala, SE

Re: Segfault in libxul

Unread post by Moonchild » 2024-04-14, 10:59

stefan11111 wrote:
2024-04-14, 10:50
 Judging from that FIXME comment, this is probably a browser problem.
Just because there's a FIXME comment doesn't mean there's a problem in the browser.
Your patch would cause issues with click events being properly dispatched; it's not a solution
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-04-14, 11:20

Moonchild wrote: Just because there's a FIXME comment doesn't mean there's a problem in the browser.
Maybe. From the backtrace I worked with, it seems to be a problem with dereferencing a null pointer, in the if statement above the FIXME comment.
It might be just a coincidence that the segfault is near that FIXME comment.

Code: Select all

<snip>
Thread 1 "palemoon" received signal SIGSEGV, Segmentation fault.
0x00007ffff0c127cd in nsCOMPtr<nsIPrincipal>::operator-> (this=<optimized out>) at /home/stefan/Downloads/Pale-Moon/o/dist/include/nsCOMPtr.h:765
765         MOZ_ASSERT(mRawPtr != nullptr,
(gdb) bt
#0  0x00007ffff0c127cd in nsCOMPtr<nsIPrincipal>::operator-> (this=<optimized out>) at /home/stefan/Downloads/Pale-Moon/o/dist/include/nsCOMPtr.h:765
#1  0x00007ffff0c1a7f5 in nsCOMPtr<nsIDocument>::operator-> (this=0x7fffcc834838) at /home/stefan/Downloads/Pale-Moon/platform/dom/base/nsGlobalWindow.cpp:3517
#2  nsGlobalWindow::GetEventTargetParent (this=0x7fffcc834800, aVisitor=...) at /home/stefan/Downloads/Pale-Moon/platform/dom/base/nsGlobalWindow.cpp:3546
#3  0x00007ffff313bc7a in mozilla::EventTargetChainItem::GetEventTargetParent (this=this@entry=0x7fffe31dd0c8, aVisitor=...) at /home/stefan/Downloads/Pale-Moon/platform/dom/events/EventDispatcher.cpp:441
#4  0x00007ffff314fb46 in mozilla::EventDispatcher::Dispatch (aTarget=aTarget@entry=0x7fffcb26e1b0, aPresContext=aPresContext@entry=0x0, aEvent=aEvent@entry=0x7fffcadb7600, aDOMEvent=aDOMEvent@entry=0x7fffcafe0ac0,
    aEventStatus=aEventStatus@entry=0x7fffffff9b90, aCallback=aCallback@entry=0x0, aTargets=<optimized out>) at /home/stefan/Downloads/Pale-Moon/platform/dom/events/EventDispatcher.cpp:890
#5  0x00007ffff315092e in mozilla::EventDispatcher::DispatchDOMEvent (aTarget=aTarget@entry=0x7fffcb26e1b0, aEvent=aEvent@entry=0x0, aDOMEvent=aDOMEvent@entry=0x7fffcafe0ac0, aPresContext=aPresContext@entry=0x0,
    aEventStatus=aEventStatus@entry=0x7fffffff9b90) at /home/stefan/Downloads/Pale-Moon/platform/dom/events/EventDispatcher.cpp:1015
<snip>
Moonchild wrote: Your patch would cause issues with click events being properly dispatched; it's not a solution
Probably, but at least it fixes a segfault and can be a starting point to look into this.
However, the real problem seems to indeed be how noscript does things.

Code: Select all

[2645] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x805E0006: file /home/stefan/Downloads/Pale-Moon/platform/dom/script/ScriptLoader.cpp, line 1398
[2645] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x805E0006: file /home/stefan/Downloads/Pale-Moon/platform/dom/security/nsContentSecurityManager.cpp, line 666
[2645] WARNING: 'NS_FAILED(rv)', file /home/stefan/Downloads/Pale-Moon/platform/netwerk/protocol/http/nsHttpChannel.cpp, line 5666
[2645] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x805E0006: file /home/stefan/Downloads/Pale-Moon/platform/dom/script/ScriptLoader.cpp, line 1398
[2645] ###!!! ASSERTION: This is unsafe! Fix the caller!: 'Error', file /home/stefan/Downloads/Pale-Moon/platform/dom/events/EventDispatcher.cpp, line 770
[2645] ###!!! ASSERTION: This is unsafe! Fix the caller!: 'Error', file /home/stefan/Downloads/Pale-Moon/platform/dom/events/EventDispatcher.cpp, line 770
[2645] WARNING: We should have hit the document element...: file /home/stefan/Downloads/Pale-Moon/platform/layout/xul/BoxObject.cpp, line 169
I'm afraid I can't help too much with this issue, as the code base involved is much bigger that anything I've worked with in the past.
At least I found a stop-gap for anyone interested in running noscript, which, judging from the response in the other thread linked, is quite a few people.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35651
Joined: 2011-08-28, 17:27
Location: Motala, SE

Re: Segfault in libxul

Unread post by Moonchild » 2024-04-14, 12:28

stefan11111 wrote:
2024-04-14, 11:20
 Probably, but at least it fixes a segfault and can be a starting point to look into this.
No, because if mDoc is null due to NoScript yanking the active document out from under us, that's not our fault.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Top
q160765803
Apollo supporter
Apollo supporter
Posts: 35
Joined: 2023-04-13, 07:57

Re: Segfault in libxul

Unread post by q160765803 » 2024-04-14, 12:43

stefan11111 wrote:
2024-04-14, 10:50
 Finally got some time to work on this.

Here is a patch to fix the crashes with noscript.

Code: Select all

diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 7828f5bd52..9b7780a1f5 100644
--- a/platform/dom/base/nsGlobalWindow.cpp
+++ b/platform/dom/base/nsGlobalWindow.cpp
@@ -3543,9 +3543,11 @@ nsGlobalWindow::GetEventTargetParent(EventChainPreVisitor& aVisitor)

   aVisitor.mCanHandle = true;
   // Middle/right click shouldn't dispatch click event, use auxclick to instead.
+/*
   if (mDoc->IsXULDocument()) {
     aVisitor.mForceContentDispatch = true; //FIXME! Bug 329119
   }
+*/
   if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
     // QIing to window so that we can keep the old behavior also in case
     // a child window is handling resize.
Judging from that FIXME comment, this is probably a browser problem.
Maybe you can change from "if (mDoc->IsXULDocument()) {" to "if (mDoc && mDoc->IsXULDocument()) {" instead of commenting out whole if block.
Which is same if block logic in nsDocument.cpp in that change: https://repo.palemoon.org/MoonchildProd ... ebf33164af
Last edited by q160765803 on 2024-04-14, 12:52, edited 1 time in total.
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-04-14, 12:45

q160765803 wrote:
2024-04-14, 12:43
stefan11111 wrote:
2024-04-14, 10:50
 Finally got some time to work on this.

Here is a patch to fix the crashes with noscript.

Code: Select all

diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 7828f5bd52..9b7780a1f5 100644
--- a/platform/dom/base/nsGlobalWindow.cpp
+++ b/platform/dom/base/nsGlobalWindow.cpp
@@ -3543,9 +3543,11 @@ nsGlobalWindow::GetEventTargetParent(EventChainPreVisitor& aVisitor)

   aVisitor.mCanHandle = true;
   // Middle/right click shouldn't dispatch click event, use auxclick to instead.
+/*
   if (mDoc->IsXULDocument()) {
     aVisitor.mForceContentDispatch = true; //FIXME! Bug 329119
   }
+*/
   if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
     // QIing to window so that we can keep the old behavior also in case
     // a child window is handling resize.
Judging from that FIXME comment, this is probably a browser problem.
Maybe you can change from "if (mDoc->IsXULDocument()) {" to "if (mDoc && mDoc->IsXULDocument()) {" instead of commenting out whole if block.
I'm rebuilding palemoon with that as I'm writing this.
I will post the updated patch when the build finishes and I have confirmed that it still works.
Top
User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 30
Joined: 2023-08-13, 18:09

Re: Segfault in libxul

Unread post by stefan11111 » 2024-04-14, 13:47

stefan11111 wrote:
2024-04-14, 12:45
q160765803 wrote:
2024-04-14, 12:43
 Maybe you can change from "if (mDoc->IsXULDocument()) {" to "if (mDoc && mDoc->IsXULDocument()) {" instead of commenting out whole if block.
I'm rebuilding palemoon with that as I'm writing this.
I will post the updated patch when the build finishes and I have confirmed that it still works.
Compilation finished. The improved patch indeed works.

Code: Select all

diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 7828f5bd52..e8c9522f11 100644
--- a/platform/dom/base/nsGlobalWindow.cpp
+++ b/platform/dom/base/nsGlobalWindow.cpp
@@ -3543,7 +3543,7 @@ nsGlobalWindow::GetEventTargetParent(EventChainPreVisitor& aVisitor)

   aVisitor.mCanHandle = true;
   // Middle/right click shouldn't dispatch click event, use auxclick to instead.
-  if (mDoc->IsXULDocument()) {
+  if (mDoc != NULL && mDoc->IsXULDocument()) {
     aVisitor.mForceContentDispatch = true; //FIXME! Bug 329119
   }
   if (msg == eResize && aVisitor.mEvent->IsTrusted()) {
And unlike the first patch, this one shouldn't break anything, at worst introducing some very slight overhead by checking a pointer at runtime.
Top
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35651
Joined: 2011-08-28, 17:27
Location: Motala, SE

Re: Segfault in libxul

Unread post by Moonchild » 2024-04-14, 15:21

I can add this nullcheck but be aware that in many places in window handling it is assumed mDoc exists after initial load, and that this situation caused by NoScript will likely have many more crash potentials. As far as crashes on a freed document go, a null deref is fairly safe. A UAF resulting from the same (e.g. by moving the crash point to somewhere else with this added nullcheck) would not be safe, and that would be an exploitable security bug. So, tread very carefully.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Top

Return to “Browser Development”