[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: firefox Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
Launchpad has imported 3 comments from the remote bug at https://bugzilla.mozilla.org/show_bug.cgi?id=803961. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-10-21T12:20:27+00:00 Scoobidiver wrote: It's #5 top browser crasher in 16.0.1 on Linux. It's correlated to 4 extensions in Ubuntu but most likely Webapps-team: unity_webapps_available_application_get_application_domain|SIGSEGV (31 crashes) 100% (31/31) vs. 10% (123/1224) {2e1445b0-2682-11e1-bfc2-0800200c9a66} 100% (31/31) vs. 10% (125/1224) webapps-t...@lists.launchpad.net 100% (31/31) vs. 69% (844/1224) globalm...@ubuntu.com 100% (31/31) vs. 80% (984/1224) ubu...@ubuntu.com Signature unity_webapps_available_application_get_application_domain More Reports Search UUID184d0775-ae00-43b9-998f-29c472121021 Date Processed 2012-10-21 12:01:32 Uptime 875 Last Crash 50.4 minutes before submission Install Age 1.3 hours since version was first installed. Install Time2012-10-21 10:46:03 Product Firefox Version 16.0.1 Build ID20121010223852 Release Channel release OS Linux OS Version 0.0.0 Linux 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 Crash ReasonSIGSEGV Crash Address 0x4c App Notes OpenGL: Intel Open Source Technology Center -- Mesa DRI Intel(R) Sandybridge Desktop x86/MMX/SSE2 -- 3.0 Mesa 9.0 -- texture_from_pixmap EMCheckCompatibilityTrue Frame Module Signature Source 0 libunity-webapps-repository.so.0.0.0 unity_webapps_available_application_get_application_domain unity-webapps-available-application.c:65 1 libunity-webapps-repository.so.0.0.0 unity_webapps_application_repository_get_resolved_application_domain unity-webapps-application-repository.c:446 2 libxul.so libxul.so@0x1390bb9 3 libxul.so ffi_callffi.c:303 4 libxul.so js::ctypes::FunctionType::Call CTypes.cpp:5576 5 libxul.so js::InvokeKerneljscntxtinlines.h:382 6 libxul.so js::Invoke jsinterp.h:119 7 libxul.so js::IndirectProxyHandler::call jsproxy.cpp:442 8 libxul.so js::DirectWrapper::call jswrapper.cpp:383 9 libxul.so js::CrossCompartmentWrapper::call jswrapper.cpp:777 10 libxul.so proxy_Call jsproxy.cpp:1143 11 libxul.so js::InvokeKerneljscntxtinlines.h:382 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=unity_webapps_available_application_get_application_domain Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity- webapps/+bug/1068495/comments/1 On 2012-10-22T11:06:29+00:00 Chris Coulson wrote: FWIW, I reported this to Ubuntu's bug tracker on Friday (19th). No response yet though Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity- webapps/+bug/1068495/comments/2 On 2012-12-01T15:11:33+00:00 Scoobidiver wrote: It's no longer a top crasher on Linux in 17.0. Reply at: https://bugs.launchpad.net/ubuntu/+source/libunity- webapps/+bug/1068495/comments/10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This bug was fixed in the package libunity-webapps - 2.4.3daily12.11.28-0ubuntu1 --- libunity-webapps (2.4.3daily12.11.28-0ubuntu1) raring; urgency=low [ Robert Bruce Park ] * -debian/patches/lp_1065556.patch * Inline packaging. [ Ken VanDine ] * Automatic snapshot from revision 795 (bootstrap) [ Didier Roche ] * debian/*symbols: - remove now unexported private symbols [ Alex Launi ] * Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] (LP: #1068495) [ Chris Coulson ] * Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] (LP: #1068495) [ Maxim Ermilov ] * ubuntu-webapps-update-index crashed with SIGSEGV in unity_webapps_url_db_insert_url_prepare_statement() (LP: #1061677) * Youtube sound menu integration doesn't behave correctly (LP: #1038491) [ Automatic PS uploader ] * Automatic snapshot from revision 862 -- Automatic PS uploader ps-jenk...@lists.canonical.com Wed, 28 Nov 2012 05:01:36 + ** Changed in: libunity-webapps (Ubuntu Raring) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This bug was fixed in the package libunity-webapps - 2.4.1-0ubuntu3.2 --- libunity-webapps (2.4.1-0ubuntu3.2) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via use after free (LP: #1068495) - debian/patches/CVE-2012-4551.patch: properly store with reference in src/libunity-webapps-repository/unity-webapps-application-repository.c. - CVE-2012-4551 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 13 Nov 2012 13:28:10 -0500 ** Changed in: libunity-webapps (Ubuntu Quantal) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
Unless someone objects, I intend on pushing the fix out as a security update for Quantal this week. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Also affects: libunity-webapps (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: libunity-webapps (Ubuntu Raring) Importance: High Status: New ** Changed in: libunity-webapps (Ubuntu Quantal) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: libunity-webapps (Ubuntu Quantal) Status: New = Confirmed ** Changed in: libunity-webapps (Ubuntu Raring) Status: New = Confirmed ** Changed in: libunity-webapps (Ubuntu Quantal) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This is CVE-2012-4551 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4551 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Branch linked: lp:~chrisccoulson/libunity-webapps/lp1068495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Status: In Progress = Fix Committed ** Changed in: libunity-webapps Milestone: None = 2.3.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: libunity-webapps Assignee: Alexandre Abreu (abreu-alexandre) = Alex Launi (alexlauni) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Branch linked: lp:~alexlauni/libunity-webapps/firefox-crash-lp1068495 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
As best I can tell without being able to reproduce the bug and get a better trace, this is being caused by a bad cast. I've added a series of checks to ensure we don't try and access members of a null pointer. ** Changed in: libunity-webapps Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
I commented on the MP, but I'll copy that here too: I'm not sure this is going to fix it. From looking at the crash reports, the issue just looks like a classic use-after-free rather than an issue with gobject type casts. In unity_webapps_available_application_get_application_domain, it's most likely the dereferencing of |app| which triggers it ( ((UnityWebappsAvailableApplicationClass *)(((GTypeInstance *)app)-g_class))-get_application_domain(app) ) In fact, it looks like the bug is here: http://bazaar.launchpad.net/~webapps/libunity- webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps- application-repository.c#L347 unity_webapps_local_url_index_load_applications (index); app = unity_webapps_local_url_index_get_application_by_name (index, name); g_hash_table_replace (data-repository-priv-applications_by_name, g_strdup (name), app); --- } ... |app| is stored without a reference, so next time a webapp is installed, this app is destroyed when it is replaced here: http://bazaar.launchpad.net/~webapps/libunity- webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps- application-collector.c#L217 app_name = unity_webapps_application_manifest_get_package_name (manifest); app = (UnityWebappsLocalAvailableApplication *) unity_webapps_local_available_application_new (manifest); g_hash_table_replace (collector-priv-found_applications, g_strdup (app_name), g_object_ref (app)); out: if (manifest != NULL) { g_object_unref (G_OBJECT (manifest)); } if (app != NULL) { g_object_unref (G_OBJECT (app)); } return ret; -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
This issue may have a security impact. Subscribing the security team. ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Also affects: libunity-webapps Importance: Undecided Status: New ** Changed in: libunity-webapps Importance: Undecided = High ** Changed in: libunity-webapps Assignee: (unassigned) = Alexandre Abreu (abreu-alexandre) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Bug watch added: Mozilla Bugzilla #803961 https://bugzilla.mozilla.org/show_bug.cgi?id=803961 ** Also affects: firefox via https://bugzilla.mozilla.org/show_bug.cgi?id=803961 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1068495] Re: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ]
** Changed in: firefox Status: Unknown = Confirmed ** Changed in: firefox Importance: Unknown = Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068495 Title: Firefox 16.0.1 Crash Report [@ unity_webapps_available_application_get_application_domain ] To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1068495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs