Oxide

Crash when accessing page with revoked SSL EV certificate

Bug #1371569 reported by Michael Sheldon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Fix Released
Undecided
Unassigned

Bug Description

Accessing pages with revoked SSL EV certificates triggers a seg fault in oxide related to OxideQCertificateError.

Steps to reproduce

 1) Visit https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html in webbrowser-app

This is reproducible on both the phone and the desktop.

Backtrace:

#0 operator= (p=0x555557c467d0, this=0x30) at ../../../../third_party/chromium/src/base/memory/ref_counted.h:307
#1 operator= (r=..., this=0x30) at ../../../../third_party/chromium/src/base/memory/ref_counted.h:315
#2 operator= (this=0x30) at ../../../../third_party/chromium/src/base/callback_internal.h:37
#3 operator= (this=0x30) at ../../../../third_party/chromium/src/base/callback.h:371
#4 oxide::PermissionRequest::SetCancelCallback(base::Callback<void ()> const&) (this=0x0, callback=...)
    at ../../../../shared/browser/oxide_permission_request.cc:181
#5 0x00007fffc86af876 in OxideQCertificateError::OxideQCertificateError (this=<optimised out>, dd=..., parent=<optimised out>)
    at ../../../../qt/core/api/oxideqcertificateerror.cc:117
#6 0x00007fffc86af925 in OxideQCertificateErrorPrivate::Create (url=..., is_main_frame=is_main_frame@entry=true,
    is_subresource=is_subresource@entry=false, strict_enforcement=strict_enforcement@entry=false, certificate=...,
    cert_error=cert_error@entry=OxideQCertificateError::ErrorRevoked, request=..., parent=parent@entry=0x0)
    at ../../../../qt/core/api/oxideqcertificateerror.cc:104
#7 0x00007fffc86a8e0d in oxide::qt::WebView::OnCertificateError (this=this@entry=0x5555579786d0, is_main_frame=<optimised out>,
    cert_error=oxide::CERT_ERROR_REVOKED, cert=..., request_url=..., resource_type=resource_type@entry=content::RESOURCE_TYPE_MAIN_FRAME,
    strict_enforcement=strict_enforcement@entry=false, request=...) at ../../../../qt/core/browser/oxide_qt_web_view.cc:777
#8 0x00007fffc86e6863 in oxide::WebView::AllowCertificateError(content::RenderFrameHost*, int, net::SSLInfo const&, GURL const&, content::ResourceType, bool, bool, base::Callback<void (bool)> const&, content::CertificateRequestResultType*) (this=0x5555579786d0, rfh=<optimised out>,
    cert_error=<optimised out>, ssl_info=..., request_url=..., resource_type=content::RESOURCE_TYPE_MAIN_FRAME, overridable=false,
    strict_enforcement=false, callback=..., result=0x7fffffffce9c) at ../../../../shared/browser/oxide_web_view.cc:1426
#9 0x00007fffcaa45329 in content::SSLPolicy::OnCertErrorInternal (this=this@entry=0x5555579825d0, handler=handler@entry=0x7fff74055d20,
    options_mask=<optimised out>) at ../../../../third_party/chromium/src/content/browser/ssl/ssl_policy.cc:218
#10 0x00007fffcaa454de in content::SSLPolicy::OnCertError (this=0x5555579825d0, handler=0x7fff74055d20)
    at ../../../../third_party/chromium/src/content/browser/ssl/ssl_policy.cc:86
#11 0x00007fffc8709698 in Run (this=0x7fffffffd138) at ../../../../third_party/chromium/src/base/callback.h:401
#12 base::debug::TaskAnnotator::RunTask (this=this@entry=0x555557927320, queue_function=queue_function@entry=0x7fffcb076b2d "MessageLoop::PostTask",
    run_function=run_function@entry=0x7fffcb076b4c "MessageLoop::RunTask", pending_task=...)
    at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:62
#13 0x00007fffc8738394 in base::MessageLoop::RunTask (this=this@entry=0x5555579271d0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:436
#14 0x00007fffc87386a1 in base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0x5555579271d0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:445
#15 0x00007fffc873b875 in base::MessageLoop::DoWork (this=0x5555579271d0)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:552
#16 0x00007fffc86a49da in oxide::qt::MessagePump::customEvent (this=0x55555791bb60, event=<optimised out>)
    at ../../../../qt/core/browser/oxide_qt_message_pump.cc:60
#17 0x00007ffff79aa63d in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007ffff5d156dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007ffff5d1a456 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007ffff797a9d5 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff797c827 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
---Type <return> to continue, or q <return> to quit---
#22 0x00007ffff79d2243 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007ffff4028c2d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007ffff4028f18 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ffff4028fcc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ffff79d16bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#27 0x00007ffff79788eb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#28 0x00007ffff797ff46 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x000055555557ad05 in BrowserApplication::run() ()
#30 0x00005555555726e3 in main ()

Michael Sheldon (michael-sheldon)
Changed in oxide:
status: New → Fix Released
status: Fix Released → Fix Committed
Chris Coulson (chrisccoulson)
Changed in oxide:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.