Closed pudquick closed 9 years ago
pudquick
commented
9 years ago Additional: I do use Safari extensions regularly. On my "non-test" / normal user account, I've got 4 extensions installed that work as expected without crashing (if that helps to verify my system is healthy).
Don't have another machine here, otherwise I'd test on it. I'll test on a different one when I get back to work on Tuesday.
gorhill
commented
9 years ago Does this extension show its preferences page on first run/load/install?
No.
pudquick
commented
9 years ago Very interesting, wasn't aware of such a limitation. If that's the case, the prior statement about "which is no longer maintained" isn't exactly applicable to 10.9 / Safari 7, as they still receive updates and security patches from Apple.
Doing some investigating now.
gorhill
commented
9 years ago "which is no longer maintained" isn't exactly applicable to 10.9 / Safari 7
Yes, I realized this a bit after, that's why I removed my comment.
pudquick
commented
9 years ago Hrm. Along the CFHash() lines, I would assume that's for hashing unique keys for a dictionary / associative array. With it complaining about NULL, I'd assume it's being told to hash a "NULL" value / invalid value for a key.
gorhill
commented
9 years ago being told to hash a "NULL" value / invalid value for a key
Not sure what's your thought here. Can you expand?
pudquick
commented
9 years ago Sure.
So the project uses associative arrays for one or more things along the lines of:
someObj['someKey'] = someValue;Associative arrays like that only have one instance of any particular key so that every time you reference someObj['specificKey123'] you're accessing the same thing.
It looks like the Javascript JIT for Safari maps associative arrays like this to the CoreFoundation dictionary type. The way that CoreFoundation (and most other associative array / dictionary types in various programming languages) handles "uniqueness" for a key is that it hashes the key object/value into a unique identifier - that way no matter what type of object it is, as long as it's hashable / convertible into a unique identifier it can be used as the key for lookup/changing the value.
Apparently it's trapping an erroneous attempt to hash / uniquely identify the NULL value.
It makes me wonder if there's a blank string somewhere in the input lists ... so that you end up trying to do:
exampleBadKey = '';
someObj[exampleBadKey] = 'Whoops, we are setting a value for a blank key.';Or something along those lines.
gorhill
commented
9 years ago Everything can be hashed with javascript: a blank string, a null value, an undefined value, whatever you want, even when it doesn't make sense (hashing {} will result in [object Object] as hash). It's a scripting language.
If a JS engine has a problem with hashing an empty string, I would say it's a mega-major security issue. That would be disastrous. Obviously I doubt this is the case here. It's just that uBlock does something that makes a particular browser bug in Safari express itself.
Proper thing is to file a bug with Safari.
pudquick
commented
9 years ago Deleting all of the contents of /assets/thirdparties at the base of the extension allowed it to compile and install.
Binary searching to see if it's a particular asset/file.
pudquick
commented
9 years ago @gorhill Binary searching revealed that if either of the two following resources are included, it causes the crash:
Removing those two and re-signing the extension allows to load correctly with no crashing issues. Fully functional as far as I can tell.
Looking at them now to see what's different about them.
pudquick
commented
9 years ago More interesting details:
Leaving just a single file for one of the problem third-party assets:
pudquick
commented
9 years ago If I replace these files with blank zero byte files, it builds and runs just fine:
Additionally, it contacts those particular servers and sees that a new version for each is available ('0 used out of 0', 'new version available') and is able to successfully load them direct from the sites and use them.
Also, changing out the files with lists from elsewhere in /assets/thirdparties and then updating the signature in checksums.txt (for example replacing 'justdomains' with a copy of 'immortal_domains.txt') is not enough. The presence of content inside the assets listed above (as far as I can tell) is enough to trigger the crash.
lilyball
commented
9 years ago FWIW, I just installed μBlock 0.8.5.6 on Safari 8.0.2 (on OS X 10.10.1) and I haven't crashed yet, so I assume that this bug was fixed already.
pudquick
commented
9 years ago Absolutely not the case. This bug is specifically for OS X 10.9 and Safari 7. Please read the details, it is not fixed.
gorhill
commented
9 years ago @pudquick It is a browser bug, you need to report the bug + repro steps to Safari. uBlock is JS: JS is not supposed to crash a browser unless there is a bug in the browser.
pudquick
commented
9 years ago @gorhill Fine by me.
In the meantime, if you want to close this issue, please put documentation to the effect that this project is only supported on Safari 8 / OS X 10.10. I have verified today that as-is, the extension crashes Safari 7 on fully patched 10.9 on multiple unrelated devices. For myself, I've already discovered how to tweak the extension to run fine (unofficially) in 10.9.
lilyball
commented
9 years ago Absolutely not the case. This bug is specifically for OS X 10.9 and Safari 7. Please read the details, it is not fixed.
It's fixed in Safari. But the fix apparently only applies to Safari 8. Safari 7 does not have the fix, and presumably never will (generally only security vulnerability patches are backported to older versions).
If you have a workaround that makes μBlock work with Safari 7, then that's great. I was just commenting on the fact that Safari 8 already fixes the bug, meaning reporting it to Apple is unlikely to have any effect.
ydzhou
commented
9 years ago @pudquick
Hi pud, can you post your patched ublock extension somewhere? That would be awesome. Latest version of ublock crashes safari 7.
alasdaircodes
commented
9 years ago Yes, just to chime in - this also crashes safari 6.2.2 on 10.8.5, which apple is still issuing security updates for and a number of us use because older intel macs do not support the graphics in later versions of osx
asoksevil
commented
9 years ago I wanted to report that it crashes on Safari 5.1 on 10.6.8 as well and probably on Safari 6 running 10.7.4. It seems that this bug has been fixed on Safari 8 for Yosemite but it leaves behind all the majority of the users.
@pudquick Please post that update/fix for the rest of the Safari users. Isn't it a fix compatible with the latest versions?
pudquick
commented
9 years ago @ydzhou @alasdaircodes @asoksevil If you're interested, here's a built and signed copy I put together this morning:
https://www.dropbox.com/s/j4tjro1i2b7jq7v/%C2%B5Block.safariextz?dl=0
It runs cleanly on my OS X 10.9.5 machines. The only difference between this and a standard build is that I have blank (0 byte) files for the following two locations:
/assets/thirdparties/mirror1.malwaredomains.com/justdomains /assets/thirdparties/pgl.yoyo.org/as/serverlist
Other than that, no code changes. Oh, and I blanked out the metadata for the update URL for this copy of the extension, so in theory you can leave Safari auto-update for extensions enabled and it should stay on this copy (vs. the https://chrismatic.io/ublock version when it updates eventually to a newer build).
asoksevil
commented
9 years ago @pudquick Thanks for the extension. It's working on Safari 5.1 with no problems whatsoever. The only thing I noticed here is this box which is not aligned properly:
asoksevil
commented
9 years ago A quick update.
After installing @pudquick uBlock no longer works. It doesn't block any ads even if it's enabled. Filters list do update.
I went back and reinstalled 0.8.5.6 just to attach the log error that I get when it crashes:
Process: Safari [77129] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 5.1.10 (6534.59.10) Build Info: WebBrowser-75345910~1 Code Type: X86-64 (Native) Parent Process: launchd [110]
Date/Time: 2015-01-22 00:20:22.845 +0000 OS Version: Mac OS X 10.6.8 (10K549) Report Version: 6
Interval Since Last Report: 189513 sec Crashes Since Last Report: 16 Per-App Interval Since Last Report: 186003 sec Per-App Crashes Since Last Report: 2 Anonymous UUID: 96766765-CB32-4864-8C7A-61D2FC7BC66E
Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000002, 0x0000000000000000 Crashed Thread: 7
Thread 0: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00007fff85d26245 JSC::MarkedBlock::create(JSC::Heap, unsigned long) + 85 1 com.apple.JavaScriptCore 0x00007fff85d35d0a JSC::AllocationSpace::allocateBlock(unsigned long, JSC::AllocationSpace::AllocationEffort) + 714 2 com.apple.JavaScriptCore 0x00007fff85d36232 JSC::AllocationSpace::allocateSlowCase(JSC::MarkedSpace::SizeClass&) + 1298 3 com.apple.JavaScriptCore 0x00007fff85b76635 JSC::RegExpMatchesArray::fillArrayInstance(JSC::ExecState) + 1845 4 com.apple.JavaScriptCore 0x00007fff85d0e069 JSC::RegExpMatchesArray::getOwnPropertySlotByIndex(JSC::JSCell, JSC::ExecState, unsigned int, JSC::PropertySlot&) + 57 5 com.apple.JavaScriptCore 0x00007fff85b277bb cti_op_get_byval + 731 6 ??? 0x0000206fbf140121 0 + 35664319217953 7 com.apple.JavaScriptCore 0x00007fff85ae0d7a JSC::Interpreter::executeCall(JSC::ExecState, JSC::JSObject_, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 826 8 ??? 0x000000011c2cdd20 0 + 4767669536 9 ??? 0x000000011934bda0 0 + 4717854112 10 com.apple.JavaScriptCore 0x00007fff85c71dd0 JSC::JSFunction::~JSFunction() + 0 11 ??? 0x90c307894810c083 0 + 10431189448121172099
Thread 1: Dispatch queue: com.apple.libdispatch-manager 0 libSystem.B.dylib 0x00007fff84bacc0a kevent + 10 1 libSystem.B.dylib 0x00007fff84baeadd _dispatch_mgr_invoke + 154 2 libSystem.B.dylib 0x00007fff84bae7b4 _dispatch_queue_invoke + 185 3 libSystem.B.dylib 0x00007fff84bae2de _dispatch_worker_thread2 + 252 4 libSystem.B.dylib 0x00007fff84badc08 _pthread_wqthread + 353 5 libSystem.B.dylib 0x00007fff84badaa5 start_wqthread + 13
Thread 2: 0 libSystem.B.dylib 0x00007fff84bada2a __workq_kernreturn + 10 1 libSystem.B.dylib 0x00007fff84bade3c _pthread_wqthread + 917 2 libSystem.B.dylib 0x00007fff84badaa5 start_wqthread + 13
Thread 3: WebCore: IconDatabase 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.WebCore 0x00007fff83b30199 WebCore::IconDatabase::syncThreadMainLoop() + 265 3 com.apple.WebCore 0x00007fff83b2d598 WebCore::IconDatabase::iconDatabaseSyncThread() + 296 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 4: 0 libSystem.B.dylib 0x00007fff84b93d7a mach_msg_trap + 10 1 libSystem.B.dylib 0x00007fff84b943ed mach_msg + 59 2 com.apple.QuartzCore 0x00007fff82a82396 CA::Render::Server::server_thread(void*) + 177 3 com.apple.QuartzCore 0x00007fff82a822d6 thread_fun + 34 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 5: Safari: CertRevocationChecker 0 libSystem.B.dylib 0x00007fff84b93d7a mach_msg_trap + 10 1 libSystem.B.dylib 0x00007fff84b943ed mach_msg + 59 2 com.apple.CoreFoundation 0x00007fff87592902 __CFRunLoopRun + 1698 3 com.apple.CoreFoundation 0x00007fff87591d8f CFRunLoopRunSpecific + 575 4 com.apple.Safari.framework 0x00000001001dc8e5 Safari::MessageRunLoop::threadBody() + 107 5 com.apple.Safari.framework 0x00000001001dc91f Safari::MessageRunLoop::threadCallback(void*) + 9 6 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 7 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 6: WebCore: LocalStorage 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.JavaScriptCore 0x00007fff85ab0650 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64 3 com.apple.WebCore 0x00007fff83b48f81 WebCore::LocalStorageThread::threadEntryPoint() + 177 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 7 Crashed:
0 com.apple.CoreFoundation 0x00007fff875566cb CFHash + 171
1 com.apple.Safari.framework 0x00000001000192f9 std::pair<Safari::SString, Safari::SString>* WTF::HashTable<Safari::SString, std::pair<Safari::SString, Safari::SString>, WTF::PairFirstExtractor<std::pair<Safari::SString, Safari::SString> >, Safari::SCFObjectSubclassHashSafari::SString, WTF::PairHashTraitsWTF::HashTraits<Safari::SString, WTF::HashTraitsSafari::SString >, WTF::HashTraitsSafari::SString >::lookupWTF::IdentityHashTranslator<Safari::SCFObjectSubclassHash
Thread 8: JavaScriptCore::Marking 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.JavaScriptCore 0x00007fff85d272fd JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 493 3 com.apple.JavaScriptCore 0x00007fff85d27550 JSC::MarkStackThreadSharedData::markingThreadMain() + 272 4 com.apple.JavaScriptCore 0x00007fff85d275f9 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) + 9 5 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 6 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 9: JavaScriptCore::BlockFree 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.JavaScriptCore 0x00007fff85ab06a7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 151 3 com.apple.JavaScriptCore 0x00007fff85d2fc3c JSC::Heap::blockFreeingThreadMain() + 300 4 com.apple.JavaScriptCore 0x00007fff85d2fc79 JSC::Heap::blockFreeingThreadStartFunc(void*) + 9 5 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 6 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 10: WebCore: LocalStorage 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.JavaScriptCore 0x00007fff85ab0650 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64 3 com.apple.WebCore 0x00007fff83b48f81 WebCore::LocalStorageThread::threadEntryPoint() + 177 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 11: WebCore: Database 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.JavaScriptCore 0x00007fff85ab0650 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64 3 com.apple.WebCore 0x00007fff841d4ddf WebCore::DatabaseThread::databaseThread() + 319 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 12: Safari: SafeBrowsingManager 0 libSystem.B.dylib 0x00007fff84b93d7a mach_msg_trap + 10 1 libSystem.B.dylib 0x00007fff84b943ed mach_msg + 59 2 com.apple.CoreFoundation 0x00007fff87592902 __CFRunLoopRun + 1698 3 com.apple.CoreFoundation 0x00007fff87591d8f CFRunLoopRunSpecific + 575 4 com.apple.Safari.framework 0x00000001001dc8e5 Safari::MessageRunLoop::threadBody() + 107 5 com.apple.Safari.framework 0x00000001001dc91f Safari::MessageRunLoop::threadCallback(void*) + 9 6 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 7 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 13: QTKit: waitForServerToDie 0 libSystem.B.dylib 0x00007fff84bada2a __workq_kernreturn + 10 1 libSystem.B.dylib 0x00007fff84bade3c _pthread_wqthread + 917 2 libSystem.B.dylib 0x00007fff84badaa5 start_wqthread + 13
Thread 14: Safari: SnapshotStore
0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10
1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286
2 com.apple.JavaScriptCore 0x00007fff85ab0650 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64
3 com.apple.Safari.framework 0x000000010025914b Safari::MessageQueueWaitResult Safari::MessageQueueWTF::RefPtr
Thread 15: 0 libSystem.B.dylib 0x00007fff84bcea6a __semwait_signal + 10 1 libSystem.B.dylib 0x00007fff84bd2881 _pthread_cond_wait + 1286 2 com.apple.CoreVideo 0x00007fff8297b342 CVDisplayLink::runIOThread() + 804 3 com.apple.CoreVideo 0x00007fff8297afe3 startIOThread(void*) + 139 4 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 5 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 16: com.apple.CFSocket.private 0 libSystem.B.dylib 0x00007fff84bd7932 select$DARWIN_EXTSN + 10 1 com.apple.CoreFoundation 0x00007fff875b4468 __CFSocketManager + 824 2 libSystem.B.dylib 0x00007fff84bccfd6 _pthread_start + 331 3 libSystem.B.dylib 0x00007fff84bcce89 thread_start + 13
Thread 17: 0 libSystem.B.dylib 0x00007fff84bada2a __workq_kernreturn + 10 1 libSystem.B.dylib 0x00007fff84bade3c _pthread_wqthread + 917 2 libSystem.B.dylib 0x00007fff84badaa5 start_wqthread + 13
Thread 18: 0 libSystem.B.dylib 0x00007fff84bada2a __workq_kernreturn + 10 1 libSystem.B.dylib 0x00007fff84bade3c _pthread_wqthread + 917 2 libSystem.B.dylib 0x00007fff84badaa5 start_wqthread + 13
Thread 7 crashed with X86 Thread State (64-bit): rax: 0x000000000000003f rbx: 0x0000000000000000 rcx: 0x00007fff708a8650 rdx: 0x0000000113c0ed20 rdi: 0x0000000000000000 rsi: 0x0000000113c0ed20 rbp: 0x0000000113c0ec40 rsp: 0x0000000113c0ec30 r8: 0x0000000000000000 r9: 0x0000000115510060 r10: 0x0000000000000001 r11: 0x0000000000000003 r12: 0x0000000113c0ed20 r13: 0x0000000113c0ee40 r14: 0x0000000113c0ee70 r15: 0x0000000118482c00 rip: 0x00007fff875566cb rfl: 0x0000000000000246 cr2: 0x0000000051453000
Binary Images:
0x100000000 - 0x100000fff com.apple.Safari 5.1.10 (6534.59.10)
ydzhou
commented
9 years ago Thx @pudquick. It's fully working on Safari 7.1.2, OSX 10.9.5 and blocking adds now.
asoksevil
commented
9 years ago @Deathamns @chrisaljoudi will you guys keep updating the version for Sari 5,6 and 7?
Thanks!
pps
commented
9 years ago I don't know if this is proper etiquette, but here's another vote to keep an updated version that runs in Safari 5-7. Thanks.
I'm unable to find minimum supported version of Safari information, so I'm assuming this is a bug for now.
Every build listed at https://chrismatic.io/ublock crashes on install for me (with no other extensions enabled). They all have a similar crash with a NSURLConnectionLoader thread dying.
Additionally, I have a Safari Dev cert, downloaded the current version (as of this build), built it, signed it, installed it - same crashing issue.
Occasionally on repeated crashes, Safari will offer the ability to reopen without the prior loaded pages - at which point Safari does run. However, going into the extensions and clicking the checkbox to show the preferences for µBlock does not work.
Does this extension show its preferences page on first run/load/install? I have a feeling it might be the culprit ...
As the crash notes indicate: Safari 7.1.2, OS X 10.9.5, fully patched.
This particular crash log is right after install, on a newly created user (specifically for this test, never existed prior to it).
I'm noticing the examples of people having success with this extension appear to be on 10.10 / Safari 8. If there is a minimum supported version of Safari, that's fine - but documentation should reflect that (though I can't think why there would be in this particular instance).