[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: firefox Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
Launchpad has imported 3 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=803961.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2012-10-21T12:20:27+00:00 Scoobidiver wrote:
It's #5 top browser crasher in 16.0.1 on Linux.
It's correlated to 4 extensions in Ubuntu but most likely Webapps-team:
unity_webapps_available_application_get_application_domain|SIGSEGV (31
crashes)
100% (31/31) vs. 10% (123/1224) {2e1445b0-2682-11e1-bfc2-0800200c9a66}
100% (31/31) vs. 10% (125/1224) webapps-t...@lists.launchpad.net
100% (31/31) vs. 69% (844/1224) globalm...@ubuntu.com
100% (31/31) vs. 80% (984/1224) ubu...@ubuntu.com
Signature unity_webapps_available_application_get_application_domain More
Reports Search
UUID184d0775-ae00-43b9-998f-29c472121021
Date Processed 2012-10-21 12:01:32
Uptime 875
Last Crash 50.4 minutes before submission
Install Age 1.3 hours since version was first installed.
Install Time2012-10-21 10:46:03
Product Firefox
Version 16.0.1
Build ID20121010223852
Release Channel release
OS Linux
OS Version 0.0.0 Linux 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08
UTC 2012 i686
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 42 stepping 7
Crash ReasonSIGSEGV
Crash Address 0x4c
App Notes
OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) Sandybridge
Desktop x86/MMX/SSE2 -- 3.0 Mesa 9.0 -- texture_from_pixmap
EMCheckCompatibilityTrue
Frame Module Signature Source
0 libunity-webapps-repository.so.0.0.0
unity_webapps_available_application_get_application_domain
unity-webapps-available-application.c:65
1 libunity-webapps-repository.so.0.0.0
unity_webapps_application_repository_get_resolved_application_domain
unity-webapps-application-repository.c:446
2 libxul.so libxul.so@0x1390bb9
3 libxul.so ffi_callffi.c:303
4 libxul.so js::ctypes::FunctionType::Call CTypes.cpp:5576
5 libxul.so js::InvokeKerneljscntxtinlines.h:382
6 libxul.so js::Invoke jsinterp.h:119
7 libxul.so js::IndirectProxyHandler::call jsproxy.cpp:442
8 libxul.so js::DirectWrapper::call jswrapper.cpp:383
9 libxul.so js::CrossCompartmentWrapper::call
jswrapper.cpp:777
10 libxul.so proxy_Call jsproxy.cpp:1143
11 libxul.so js::InvokeKerneljscntxtinlines.h:382
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=unity_webapps_available_application_get_application_domain
Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity-
webapps/+bug/1068495/comments/1
On 2012-10-22T11:06:29+00:00 Chris Coulson wrote:
FWIW, I reported this to Ubuntu's bug tracker on Friday (19th). No
response yet though
Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity-
webapps/+bug/1068495/comments/2
On 2012-12-01T15:11:33+00:00 Scoobidiver wrote:
It's no longer a top crasher on Linux in 17.0.
Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity-
webapps/+bug/1068495/comments/10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1068495
Title:
Firefox 16.0.1 Crash Report [@
unity_webapps_available_application_get_application_domain ]
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This bug was fixed in the package libunity-webapps - 2.4.3daily12.11.28-0ubuntu1 --- libunity-webapps (2.4.3daily12.11.28-0ubuntu1) raring; urgency=low [ Robert Bruce Park ] * -debian/patches/lp_1065556.patch * Inline packaging. [ Ken VanDine ] * Automatic snapshot from revision 795 (bootstrap) [ Didier Roche ] * debian/*symbols: - remove now unexported private symbols [ Alex Launi ] * Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] (LP: #1068495) [ Chris Coulson ] * Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] (LP: #1068495) [ Maxim Ermilov ] * ubuntu-webapps-update-index crashed with SIGSEGV in unity_webapps_url_db_insert_url_prepare_statement() (LP: #1061677) * Youtube sound menu integration doesn't behave correctly (LP: #1038491) [ Automatic PS uploader ] * Automatic snapshot from revision 862 -- Automatic PS uploader ps-jenk...@lists.canonical.com Wed, 28 Nov 2012 05:01:36 + ** Changed in: libunity-webapps (Ubuntu Raring) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This bug was fixed in the package libunity-webapps - 2.4.1-0ubuntu3.2 --- libunity-webapps (2.4.1-0ubuntu3.2) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via use after free (LP: #1068495) - debian/patches/CVE-2012-4551.patch: properly store with reference in src/libunity-webapps-repository/unity-webapps-application-repository.c. - CVE-2012-4551 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 13 Nov 2012 13:28:10 -0500 ** Changed in: libunity-webapps (Ubuntu Quantal) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
Unless someone objects, I intend on pushing the fix out as a security update for Quantal this week. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Also affects: libunity-webapps (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: libunity-webapps (Ubuntu Raring) Importance: High Status: New ** Changed in: libunity-webapps (Ubuntu Quantal) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: libunity-webapps (Ubuntu Quantal) Status: New = Confirmed ** Changed in: libunity-webapps (Ubuntu Raring) Status: New = Confirmed ** Changed in: libunity-webapps (Ubuntu Quantal) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This is CVE-2012-4551 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4551 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Branch linked: lp:~chrisccoulson/libunity-webapps/lp1068495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Status: In Progress = Fix Committed ** Changed in: libunity-webapps Milestone: None = 2.3.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Assignee: Alexandre Abreu (abreu-alexandre) = Alex Launi (alexlauni) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Branch linked: lp:~alexlauni/libunity-webapps/firefox-crash-lp1068495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
As best I can tell without being able to reproduce the bug and get a better trace, this is being caused by a bad cast. I've added a series of checks to ensure we don't try and access members of a null pointer. ** Changed in: libunity-webapps Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
I commented on the MP, but I'll copy that here too:
I'm not sure this is going to fix it. From looking at the crash
reports, the issue just looks like a classic use-after-free rather than
an issue with gobject type casts. In
unity_webapps_available_application_get_application_domain, it's most
likely the dereferencing of |app| which triggers it (
((UnityWebappsAvailableApplicationClass *)(((GTypeInstance
*)app)-g_class))-get_application_domain(app) )
In fact, it looks like the bug is here:
http://bazaar.launchpad.net/~webapps/libunity-
webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps-
application-repository.c#L347
unity_webapps_local_url_index_load_applications (index);
app = unity_webapps_local_url_index_get_application_by_name (index, name);
g_hash_table_replace (data-repository-priv-applications_by_name,
g_strdup (name), app); ---
}
... |app| is stored without a reference, so next time a webapp is
installed, this app is destroyed when it is replaced here:
http://bazaar.launchpad.net/~webapps/libunity-
webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps-
application-collector.c#L217
app_name = unity_webapps_application_manifest_get_package_name (manifest);
app = (UnityWebappsLocalAvailableApplication *)
unity_webapps_local_available_application_new (manifest);
g_hash_table_replace (collector-priv-found_applications, g_strdup
(app_name),
g_object_ref (app));
out:
if (manifest != NULL)
{
g_object_unref (G_OBJECT (manifest));
}
if (app != NULL)
{
g_object_unref (G_OBJECT (app));
}
return ret;
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1068495
Title:
Firefox 16.0.1 Crash Report [@
unity_webapps_available_application_get_application_domain ]
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This issue may have a security impact. Subscribing the security team. ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Also affects: libunity-webapps Importance: Undecided Status: New ** Changed in: libunity-webapps Importance: Undecided = High ** Changed in: libunity-webapps Assignee: (unassigned) = Alexandre Abreu (abreu-alexandre) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Bug watch added: Mozilla Bugzilla #803961 https://bugzilla.mozilla.org/show_bug.cgi?id=803961 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=803961 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: firefox Status: Unknown = Confirmed ** Changed in: firefox Importance: Unknown = Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
