pkg/50981: security/tor-browser crash on panopticlick test

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/50981: security/tor-browser crash on panopticlick test
From: alnsn%yandex.ru@localhost
Date: Sat, 19 Mar 2016 13:45:00 +0000 (UTC)

>Number:         50981
>Category:       pkg
>Synopsis:       security/tor-browser crash on panopticlick test
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 19 13:45:00 +0000 2016
>Originator:     Alexander Nasonov
>Release:        NetBSD-current and pkgsrc-current
>Organization:
none
>Environment:
NetBSD neva 7.99.26 NetBSD 7.99.26 (NODRMNODIAGNOSTIC) #0: Sun Mar  6 15:41:41 UTC 2016  alnsn@neva:/home/alnsn/netbsd-current/obj/sys/arch/amd64/compile/NODRMNODIAGNOSTIC amd64
>Description:
security/tor-browser crashes when it's being tested by panopticlick.eff.org with NoScript globally enabled.
>How-To-Repeat:
1. Enable ASLR in the kernel:

security.pax.aslr.enabled = 1
security.pax.aslr.global = 1
security.pax.aslr.mmap_len = 32
security.pax.aslr.stack_len = 12
security.pax.aslr.exec_len = 12

2. Start tor-browser
3. Enable NoScript globally
4. Go to panopticlick.eff.org
5. Click the TEST button
6. Wait

(gdb) run
Starting program: /home/alnsn/pkgsrc/WRKOBJDIR/head/gcc-NetBSD/security/tor-browser/work/build/dist/bin/firefox

(process:29074): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
[New LWP 29]
ATTENTION: default value of option force_s3tc_enable overridden by environment.
[New LWP 52]
[New LWP 51]
[New LWP 50]
[New LWP 49]
[New LWP 48]
[New LWP 47]
[New LWP 46]
[New LWP 45]
[New LWP 44]
[New LWP 43]
[New LWP 42]
[New LWP 41]
[New LWP 40]
[New LWP 39]
[New LWP 38]
[New LWP 37]
[New LWP 36]
[New LWP 34]
[New LWP 33]
[New LWP 32]
[New LWP 31]
[New LWP 30]
[New LWP 28]
[New LWP 27]
[New LWP 25]
[New LWP 24]
[New LWP 23]
[New LWP 22]
[New LWP 21]
[New LWP 20]
[New LWP 19]
[New LWP 18]
[New LWP 17]
[New LWP 16]
[New LWP 15]
[New LWP 14]
[New LWP 13]
[New LWP 12]
[New LWP 11]
[New LWP 10]
[New LWP 9]
[New LWP 8]
[New LWP 7]
[New LWP 6]
[New LWP 5]
[New LWP 4]
[New LWP 3]
[New LWP 2]

Program received signal SIGILL, Illegal instruction.
[Switching to LWP 1]
0x0000791f7bd7d09e in ?? ()
(gdb) bt
#0  0x0000791f7bd7d09e in ?? ()
#1  0x0000791f48b1e000 in ?? ()
#2  0x00007f7fff5ba730 in ?? ()
#3  0x0000000000000003 in ?? ()
#4  0x0000000000000000 in ?? ()
(gdb) x/10i 0x0000791f7bd7d09e
=> 0x791f7bd7d09e:      kmovb  %r15d,%k0
   0x791f7bd7d0a3:      kmovw  %k0,%esi
   0x791f7bd7d0a7:      and    $0x1,%esi
   0x791f7bd7d0ad:      vpxor  %xmm5,%xmm5,%xmm5
   0x791f7bd7d0b1:      test   %sil,%sil
   0x791f7bd7d0b4:      jne    0x791f7bd7d112
   0x791f7bd7d0b6:      and    $0x1,%ebx
   0x791f7bd7d0bc:      kmovw  %ebx,%k0
   0x791f7bd7d0c0:      kmovw  %k0,%esi
   0x791f7bd7d0c4:      and    $0x1,%esi
(gdb) x/1000i 0x0000791f7bd7d000
   0x791f7bd7d000:      push   %rbp
   0x791f7bd7d001:      mov    %rsp,%rbp
   0x791f7bd7d004:      push   %r15
   0x791f7bd7d006:      push   %r14
   0x791f7bd7d008:      push   %r13
   0x791f7bd7d00a:      push   %r12
   0x791f7bd7d00c:      push   %rbx
   0x791f7bd7d00d:      mov    %r8,-0x38(%rbp)
   0x791f7bd7d011:      mov    %rcx,-0x30(%rbp)
   0x791f7bd7d015:      mov    %rsi,%r12
   0x791f7bd7d018:      mov    0x10(%rbp),%rax
   0x791f7bd7d01c:      lea    -0x1(%rcx,%r8,1),%r10d
   0x791f7bd7d021:      mov    (%rax),%r8d
   0x791f7bd7d024:      mov    0x4(%rax),%r11d
   0x791f7bd7d028:      mov    (%rdx),%r9
   0x791f7bd7d02b:      mov    0x8(%rdx),%r14d
   0x791f7bd7d02f:      mov    (%rdi),%rax
   0x791f7bd7d032:      mov    %rax,-0x40(%rbp)
   0x791f7bd7d036:      mov    0xc8(%rdi),%rax
   0x791f7bd7d03d:      mov    %rax,-0x48(%rbp)
   0x791f7bd7d041:      vxorps %ymm9,%ymm9,%ymm9
   0x791f7bd7d046:      mov    $0x7,%edi
   0x791f7bd7d04b:      movabs $0x791f7c02e000,%rax
   0x791f7bd7d055:      vbroadcastsd (%rax),%ymm10
   0x791f7bd7d05a:      movabs $0x791f7c02e020,%rax
   0x791f7bd7d064:      vbroadcastss (%rax),%ymm2
   0x791f7bd7d069:      vpxor  %ymm3,%ymm3,%ymm3
   0x791f7bd7d06d:      nopl   (%rax)
   0x791f7bd7d070:      lea    -0x7(%rcx,%rdi,1),%ebx
   0x791f7bd7d074:      cmp    %r10d,%ebx
   0x791f7bd7d077:      cmovg  %r10d,%ebx
   0x791f7bd7d07b:      mov    %r8d,%eax
   0x791f7bd7d07e:      mul    %ebx
   0x791f7bd7d080:      seto   %r15b
   0x791f7bd7d084:      add    %r11d,%eax
   0x791f7bd7d087:      sbb    %bl,%bl
   0x791f7bd7d089:      mov    %eax,%esi
   0x791f7bd7d08b:      add    $0xc,%esi
   0x791f7bd7d08e:      sbb    %dl,%dl
   0x791f7bd7d090:      vpxor  %xmm8,%xmm8,%xmm8
   0x791f7bd7d095:      vpxor  %xmm5,%xmm5,%xmm5
   0x791f7bd7d099:      cmp    %r14d,%esi
   0x791f7bd7d09c:      ja     0x791f7bd7d112
=> 0x791f7bd7d09e:      kmovb  %r15d,%k0
   0x791f7bd7d0a3:      kmovw  %k0,%esi
   0x791f7bd7d0a7:      and    $0x1,%esi
   0x791f7bd7d0ad:      vpxor  %xmm5,%xmm5,%xmm5
   0x791f7bd7d0b1:      test   %sil,%sil
   0x791f7bd7d0b4:      jne    0x791f7bd7d112
   0x791f7bd7d0b6:      and    $0x1,%ebx
   0x791f7bd7d0bc:      kmovw  %ebx,%k0

0000791f7bd79000-0000791f7bd7afff       8k 0000000000000000 r--p+ (rwx) 1/0/0 00:08  426866 - /usr/pkg/share/fonts/X11/100dpi/helvB24-ISO8859-1.pcf.gz [0xfffffe819c0253a0]
0000791f7bd7d000-0000791f7bd7efff       8k 0000000000000000 r-xp- (rwx) 1/0/0 00:00       0 -   [ anon ]
0000791f7bd7f000-0000791f7bd7ffff       4k 0000000000000000 ---p+ (rwx) 1/0/0 00:00       0 -   [ anon ]
>Fix:
Not known.

Follow-Ups:
- Re: pkg/50981: security/tor-browser crash on panopticlick test
  - From: Alexander Nasonov

Prev by Date: Re: pkg/48252 (x11/rxvt-unicode invalid assembly macro for sparc)
Next by Date: Re: pkg/50981: security/tor-browser crash on panopticlick test
Previous by Thread: Re: pkg/48252 (x11/rxvt-unicode invalid assembly macro for sparc)
Next by Thread: Re: pkg/50981: security/tor-browser crash on panopticlick test
Indexes:

Home | Main Index | Thread Index | Old Index