Is there a bug fix out there? On Tue, Mar 2, 2021, 8:10 PM Bug Watch Updater <[email protected]> wrote:
> Launchpad has imported 13 comments from the remote bug at > https://bugzilla.mozilla.org/show_bug.cgi?id=1694670. > > If you reply to an imported comment from within Launchpad, your comment > will be sent to the remote bug automatically. Read more about > Launchpad's inter-bugtracker facilities at > https://help.launchpad.net/InterBugTracking. > > ------------------------------------------------------------------------ > On 2021-02-24T14:51:58+00:00 Aryx-bugmail wrote: > > 90 crashes with various Linux distributions in the last 6 weeks, some > have beta 0 as version (distros testing?). > > Crash report: https://crash-stats.mozilla.org/report/index/2a7dee73 > -3a4d-490a-96fd-4af7f0210224 > <https://crash-stats.mozilla.org/report/index/2a7dee73-3a4d-490a-96fd-4af7f0210224> > > MOZ_CRASH Reason: ```OOB``` > > Top 10 frames of crashing thread: > ``` > 0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17 > 1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89 > 2 libxul.so core::ops::function::Fn::call > /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/ > function.rs:70 > 3 libxul.so std::panicking::rust_panic_with_hook library/std/src/ > panicking.rs:595 > 4 libxul.so std::panicking::begin_panic::{{closure}} > /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/ > panicking.rs:520 > 5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace > /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/ > backtrace.rs:141 > 6 libxul.so std::panicking::begin_panic > /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/ > panicking.rs:519 > 7 libxul.so qcms_data_create_rgb_with_gamma gfx/qcms/src/c_bindings.rs:287 > 8 libxul.so gfxPlatformGtk::GetPlatformCMSOutputProfileData > gfx/thebes/gfxPlatformGtk.cpp:483 > 9 libxul.so gfxPlatform::Init gfx/thebes/gfxPlatform.cpp:1005 > ``` > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/0 > > ------------------------------------------------------------------------ > On 2021-02-24T14:55:19+00:00 Jmuizelaar wrote: > > It doesn't seem like this should be a security bug as it is just a rust > panic on startup. > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/1 > > ------------------------------------------------------------------------ > On 2021-02-24T15:37:38+00:00 Jmuizelaar wrote: > > Created attachment 9205116 > Bug 1694670 - Fix qcms_data_create_rgb_with_gamma. > > This fixes a number of problems: > > 1. The check around get_rgb_colorants was inverted. This caused us to > only continue if the colorants were wrong. > > 2. get_rgb_colorants can just return the Matrix instead of taking > a reference to it. > > 3. The OOBs checks in write_u32 and write_u16 had their conditions > inverted. > > 4. No tests > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/2 > > ------------------------------------------------------------------------ > On 2021-02-24T15:42:48+00:00 Jmuizelaar wrote: > > We should just fix the reversed OOB checks here and do the other stuff > elsewhere. > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/3 > > ------------------------------------------------------------------------ > On 2021-02-24T22:16:13+00:00 Dveditz wrote: > > So these particular crashes may not be scary, but > `qcms_data_create_rgb_with_gamma` is a very large unsafe function so are > we sure there aren't potentially vulnerable crashes if we've reversed > the conditions? > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/4 > > ------------------------------------------------------------------------ > On 2021-02-25T02:03:23+00:00 Jmuizelaar wrote: > > `qcms_data_create_rgb_with_gamma` is only called on system local data > (i.e information from the user's window server). There shouldn't be any > way to exploit it. Further, the out of bounds checks were only added > recently, previously there was no check at all. > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/5 > > ------------------------------------------------------------------------ > On 2021-02-25T02:03:52+00:00 Jmuizelaar wrote: > > Created attachment 9205268 > Bug 1694670. Fix the OOB check in write_u32/u16. > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/6 > > ------------------------------------------------------------------------ > On 2021-02-25T13:21:29+00:00 Jmuizelaar wrote: > > Comment on attachment 9205268 > Bug 1694670. Fix the OOB check in write_u32/u16. > > ### Beta/Release Uplift Approval Request > * **User impact if declined**: This fixes a startup crash that happens > when users have an invalid color profile on Linux > * **Is this code covered by automated tests?**: No > * **Has the fix been verified in Nightly?**: No > * **Needs manual test from QE?**: No > * **If yes, steps to reproduce**: > * **List of other uplifts needed**: None > * **Risk to taking this patch**: Low > * **Why is the change risky/not risky? (and alternatives if risky)**: This > code path is very rare as evidenced by the low crash rate. This patch > restores the behaviour to what it was prior to being regressed by bug > 1684095 > * **String changes made/needed**: > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/7 > > ------------------------------------------------------------------------ > On 2021-02-25T13:21:34+00:00 Pulsebot wrote: > > Pushed by [email protected]: > https://hg.mozilla.org/integration/autoland/rev/95fc70920b71 > Fix the OOB check in write_u32/u16. r=aosmond > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/8 > > ------------------------------------------------------------------------ > On 2021-02-25T17:52:51+00:00 Ryanvm wrote: > > Comment on attachment 9205268 > Bug 1694670. Fix the OOB check in write_u32/u16. > > Approved for 87.0b3 so we can get feedback on this ASAP. > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/9 > > ------------------------------------------------------------------------ > On 2021-02-25T17:53:43+00:00 Ryanvm wrote: > > https://hg.mozilla.org/releases/mozilla- > beta/rev/e24e2d039a0317d0d66bdb041df65792ae69f555 > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/10 > > ------------------------------------------------------------------------ > On 2021-02-25T21:56:07+00:00 Csabou wrote: > > https://hg.mozilla.org/mozilla-central/rev/95fc70920b71 > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/11 > > ------------------------------------------------------------------------ > On 2021-02-26T01:44:32+00:00 Jmuizelaar wrote: > > *** Bug 1694891 has been marked as a duplicate of this bug. *** > > Reply at: > https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1917191/comments/12 > > > ** Changed in: firefox > Status: Unknown => Fix Released > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1917191 > > Title: > firefox will not start after it crashed unexpectedly > > Status in Mozilla Firefox: > Fix Released > Status in firefox package in Ubuntu: > Confirmed > > Bug description: > firefox crashed unexpectedly, and it will not start or restart. I am > running the latest ubuntu-20.04.2 LTS, all updates applied. firefox > 86.0+build3 > --- > ProblemType: Bug > AddonCompatCheckDisabled: False > ApportVersion: 2.20.11-0ubuntu27.16 > Architecture: amd64 > AudioDevicesInUse: > USER PID ACCESS COMMAND > /dev/snd/controlC0: johnfg 1725 F.... pulseaudio > /dev/snd/controlC1: johnfg 1725 F.... pulseaudio > BuildID: 20210222142601 > CasperMD5CheckResult: skip > Channel: Unavailable > CurrentDesktop: ubuntu:GNOME > DefaultProfileExtensions: extensions.sqlite corrupt or missing > DefaultProfileIncompatibleExtensions: Unavailable (corrupt or > non-existant compatibility.ini or extensions.sqlite) > DefaultProfileLocales: extensions.sqlite corrupt or missing > DefaultProfilePrefErrors: Unexpected character ',' before close > parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348 > DefaultProfilePrefSources: prefs.js > DefaultProfileThemes: extensions.sqlite corrupt or missing > DistroRelease: Ubuntu 20.04 > ForcedLayersAccel: False > InstallationDate: Installed on 2020-02-22 (371 days ago) > InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) > IpRoute: > default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600 > 10.8.0.0/24 via 10.8.0.17 dev tun0 > 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18 > 169.254.0.0/16 dev wlp10s0 scope link metric 1000 > 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8 > metric 600 > NonfreeKernelModules: openafs > Package: firefox 86.0+build3-0ubuntu0.20.04.1 > PackageArchitecture: amd64 > ProcEnviron: > TERM=xterm-256color > PATH=(custom, no user) > XDG_RUNTIME_DIR=<set> > LANG=en_US.UTF-8 > SHELL=/bin/bash > ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86 > Profile0Extensions: extensions.sqlite corrupt or missing > Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant > compatibility.ini or extensions.sqlite) > Profile0Locales: extensions.sqlite corrupt or missing > Profile0PrefErrors: Unexpected character ',' before close parenthesis @ > /usr/lib/firefox/omni.ja:greprefs.js:348 > Profile0PrefSources: prefs.js > Profile0Themes: extensions.sqlite corrupt or missing > Profiles: > Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date) > Profile0 - LastVersion=86.0/20210222142601 > RunningIncompatibleAddons: False > Tags: focal > Uname: Linux 5.4.0-66-generic x86_64 > UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago) > UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo > _MarkForUpload: True > dmi.bios.date: 07/05/2011 > dmi.bios.vendor: American Megatrends Inc. > dmi.bios.version: V4.00L12 > dmi.board.asset.tag: No Asset Tag > dmi.board.name: CF52-4 > dmi.board.vendor: Panasonic Corporation > dmi.board.version: 1 > dmi.chassis.asset.tag: No Asset Tag > dmi.chassis.type: 10 > dmi.chassis.vendor: Panasonic Corporation > dmi.chassis.version: 001 > dmi.modalias: > dmi:bvnAmericanMegatrendsInc.:bvrV4.00L12:bd07/05/2011:svnPanasonicCorporation:pnCF-52SLGDD1M:pvr004:rvnPanasonicCorporation:rnCF52-4:rvr1:cvnPanasonicCorporation:ct10:cvr001: > dmi.product.family: CF52-4 > dmi.product.name: CF-52SLGDD1M > dmi.product.sku: CF-52SLGDD1M > dmi.product.version: 004 > dmi.sys.vendor: Panasonic Corporation > > To manage notifications about this bug go to: > https://bugs.launchpad.net/firefox/+bug/1917191/+subscriptions > -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1917191 Title: firefox will not start after it crashed unexpectedly Status in Mozilla Firefox: Fix Released Status in firefox package in Ubuntu: Confirmed Bug description: firefox crashed unexpectedly, and it will not start or restart. I am running the latest ubuntu-20.04.2 LTS, all updates applied. firefox 86.0+build3 --- ProblemType: Bug AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.16 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: johnfg 1725 F.... pulseaudio /dev/snd/controlC1: johnfg 1725 F.... pulseaudio BuildID: 20210222142601 CasperMD5CheckResult: skip Channel: Unavailable CurrentDesktop: ubuntu:GNOME DefaultProfileExtensions: extensions.sqlite corrupt or missing DefaultProfileIncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite) DefaultProfileLocales: extensions.sqlite corrupt or missing DefaultProfilePrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348 DefaultProfilePrefSources: prefs.js DefaultProfileThemes: extensions.sqlite corrupt or missing DistroRelease: Ubuntu 20.04 ForcedLayersAccel: False InstallationDate: Installed on 2020-02-22 (371 days ago) InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) IpRoute: default via 192.168.1.1 dev wlp10s0 proto dhcp metric 600 10.8.0.0/24 via 10.8.0.17 dev tun0 10.8.0.17 dev tun0 proto kernel scope link src 10.8.0.18 169.254.0.0/16 dev wlp10s0 scope link metric 1000 192.168.1.0/24 dev wlp10s0 proto kernel scope link src 192.168.1.8 metric 600 NonfreeKernelModules: openafs Package: firefox 86.0+build3-0ubuntu0.20.04.1 PackageArchitecture: amd64 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86 Profile0Extensions: extensions.sqlite corrupt or missing Profile0IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite) Profile0Locales: extensions.sqlite corrupt or missing Profile0PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:348 Profile0PrefSources: prefs.js Profile0Themes: extensions.sqlite corrupt or missing Profiles: Profile1 (Default) - LastVersion=80.0/20200818235255 (Out of date) Profile0 - LastVersion=86.0/20210222142601 RunningIncompatibleAddons: False Tags: focal Uname: Linux 5.4.0-66-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-04-24 (309 days ago) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 07/05/2011 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: V4.00L12 dmi.board.asset.tag: No Asset Tag dmi.board.name: CF52-4 dmi.board.vendor: Panasonic Corporation dmi.board.version: 1 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: Panasonic Corporation dmi.chassis.version: 001 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrV4.00L12:bd07/05/2011:svnPanasonicCorporation:pnCF-52SLGDD1M:pvr004:rvnPanasonicCorporation:rnCF52-4:rvr1:cvnPanasonicCorporation:ct10:cvr001: dmi.product.family: CF52-4 dmi.product.name: CF-52SLGDD1M dmi.product.sku: CF-52SLGDD1M dmi.product.version: 004 dmi.sys.vendor: Panasonic Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1917191/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
