Opened 3 years ago

Closed 3 years ago

#20899 closed defect (fixed)

sandboxed tor browser crashing

Reported by: cypherpunks Owned by: yawning
Priority: Medium Milestone:
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords:
Cc: yawning Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm on ubuntu amd64 and had two crashes today, both using a freshly built sandboxed tor browser with the newest code. The first time launching resulted in immediate crashing:

2016/12/06  launch: Starting Tor Browser.
2016/12/06  launch: Complete.
2016/12/06  firefox: Gtk-Message: Failed to load module "gail"
2016/12/06  firefox: Gtk-Message: Failed to load module "atk-bridge"
2016/12/06  firefox: Gtk-Message: Failed to load module "canberra-gtk-module"
2016/12/06  firefox: Unable to update the static FcBlanks: 0x0600
2016/12/06  firefox: Unable to update the static FcBlanks: 0x0601
2016/12/06  firefox: Unable to update the static FcBlanks: 0x0602
2016/12/06  firefox: Unable to update the static FcBlanks: 0x0603
2016/12/06  firefox: Unable to update the static FcBlanks: 0x06dd
2016/12/06  firefox: Unable to update the static FcBlanks: 0x070f
2016/12/06  firefox: Unable to update the static FcBlanks: 0x2028
2016/12/06  firefox: Unable to update the static FcBlanks: 0x2029
2016/12/06  firefox: Unable to update the static FcBlanks: 0xfff9
2016/12/06  firefox: Unable to update the static FcBlanks: 0xfffa
2016/12/06  firefox: Unable to update the static FcBlanks: 0xfffb
2016/12/06  firefox: [3] ###!!! ABORT: Request 130.3: BadShmSeg; 3 requests ago: file /home/debian/build/tor-browser/toolkit/xre/nsX11ErrorHandler.cpp, line 157
2016/12/06  firefox: [3] ###!!! ABORT: Request 130.3: BadShmSeg; 3 requests ago: file /home/debian/build/tor-browser/toolkit/xre/nsX11ErrorHandler.cpp, line 157
2016/12/06  fatal error in the user interface: waitid: no child processes
2016/12/06  tor: Dec 06  [notice] Catching signal TERM, exiting cleanly.



Launching it again seemed to work but then playing a youtube video crashed the browser. It was a webm video using opus

firefox: ERROR: Failed to dlopen() libpulsecore.so: libspeexdsp.so.1: wrong ELF class: ELFCLASS32
2016/12/06  firefox: Redirecting call to abort() to mozalloc_abort
2016/12/06  fatal error in the user interface: waitid: no child processes
2016/12/06  tor: Dec 06  [notice] Catching signal TERM, exiting cleanly.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by yawning

Which version of ubuntu? I can't reproduce either issue with a freshly installed Ubuntu 16.04 in a new VM.

I assume the first issue is: https://bugzilla.mozilla.org/show_bug.cgi?id=1271100

The sandbox has a workaround for this that works on every other Linux system, but as far as I can tell, FF on Ubuntu isn't asking nicely before using MIT-SHM. I might try disallowing SysV SHM all together.

The second issue, I'd need full debug output ("--debug") to see where it's pulling in libraries from.

comment:2 Changed 3 years ago by yawning

Priority: HighMedium
Severity: CriticalNormal

https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/commit/?id=5fffd424a5ed6043197793c7ed54c9a03ccf820d

That probably fixes the PulseAudio issue, though I still do want to see debug logs for the failure case, because it suggests that Ubuntu is doing something odd with directory layout or there's a bug in how I enumerate libraries.

Don't know what there is to do about the X11. I don't see calls to XQueryExtension, and if Ubuntu is shipping library code that uses shared memory without checking with the X server, my inclination is that this is for them to sort out, not me.

comment:3 Changed 3 years ago by yawning

Status: newneeds_information

Ah, this is a cairo bug.

https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/commit/?id=f27830a7f5af70c245f03e574d982ec49146d514

Should prevent the crashes.

I'm setting this as needs information because there's nothing more to do here without debugging information from the launch process.

comment:4 Changed 3 years ago by cypherpunks

here is the debug output:

https://share.riseup.net/#JtZwBwYfo6l6EnTWCu1WCg

I also got another crash before making the debug output: https://share.riseup.net/#tnF9hYZGznepW6n3Z0iAUA

comment:5 Changed 3 years ago by yawning

Resolution: fixed
Status: needs_informationclosed

there's a bug in how I enumerate libraries.

Yup, there was a dumb bug, because I don't have a multi-lib system anywhere. The ELF Class check should be sufficient to do the right thing, but I corrected the flag check as well.

2e81ec6ecee2ce96c91fff961eba5c298f2fc253

Note: See TracTickets for help on using tickets.