Date: Thu, 9 Oct 2008 09:38:55 -0700 From: Jos Backus <jos@catnook.com> To: Tim Kientzle <kientzle@freebsd.org> Cc: Andrey Chernov <ache@nagual.pp.ru>, freebsd-current@freebsd.org Subject: Re: firefox3-bin crashes near arc4random_buf() Message-ID: <20081009163855.GB49963@lizzy.catnook.local> In-Reply-To: <48EC11D1.3090304@freebsd.org> References: <20081004222249.GA48928@lizzy.catnook.local> <48E80F02.4070309@freebsd.org> <20081005233256.GB8507@lizzy.catnook.local> <48E95D0E.50202@freebsd.org> <20081006051424.GA5858@lizzy.catnook.local> <48EA2FA0.8060007@freebsd.org> <20081006190750.GA14017@lizzy.catnook.local> <48EAE8DA.2000908@freebsd.org> <20081007163143.GA25284@lizzy.catnook.local> <48EC11D1.3090304@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 07, 2008 at 06:50:09PM -0700, Tim Kientzle wrote: > This is a lot more interesting. This points to a crash > within libc's db code. Somehow, it's trying to compute > a hash for some element with length -10618, which is > getting converted to an unsigned 4294956678, which is > causing the crash. > > Does Firefox have knobs to use a newer Berkeley DB? Not that I am aware of. Maybe I should ask ports@... > I can't > recall whether newer Berkeley DB versions are thread-safe but > I'm pretty sure the old version in our libc isn't. If Firefox > is assuming the BDB code is thread-safe that could certainly > cause corruption of the BDB data with all sorts of unpleasant > consequences. That's just a random guess, though. Maybe someone > else on this mailing list knows better. I think you're on to something. Also, I have found a reliable way to cause the crash. It happens when I go to https://wellpointnextrx.com/ and try to accept the cert for the session. -- Jos Backus jos at catnook.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081009163855.GB49963>