Closed Bug 562382 Opened 14 years ago Closed 8 years ago

Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeComponents@0xc9bd6c][@ QuickTimeComponents@0xc9ce44 ][@ QuickTimeMusic.qtx@0x5a36][@ CloseGH ]

Categories

(Plugins Graveyard :: QuickTime (Apple), defect)

Product:
Plugins Graveyard
Component:
QuickTime (Apple)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: bc, Unassigned)

References

(
URL
)

Details

(Keywords: crash, sec-vector, Whiteboard: [sg:vector-critical QuickTime])

Crash Data

crash at http://icking-music-archive.org/scores/nehls/Wie_soll/Wie_soll.mid

1.9.1, 1.9.2, 1.9.3 Mac OS X 10.5 ppc quicktime 7.6.6

Operating system: Mac OS X
                  10.5.8 9L34
CPU: ppc
     2 CPUs

Crash reason:  EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE
Crash address: 0x9c

Thread 0 (crashed)
 0  QuickTimeComponents + 0x91212c
   srr0 = 0x9335b12c    r1 = 0xbfff89e0
 1  QuickTimeComponents + 0x91ab60
   srr0 = 0x93363b64    r1 = 0xbfff8a30
 2  QuickTimeComponents + 0x91b1cc
   srr0 = 0x933641d0    r1 = 0xbfff8ac0
 3  CarbonCore + 0x329e4
   srr0 = 0x964bb9e8    r1 = 0xbfff8c80
 4  QuickTime + 0x25717c
   srr0 = 0x96020180    r1 = 0xbfff8d60
 5  QuickTime Plugin + 0x12898
   srr0 = 0x0cf6889c    r1 = 0xbfff8de0
 6  QuickTime Plugin + 0x18974
   srr0 = 0x0cf6e978    r1 = 0xbfff8e90
 7  QuickTime Plugin + 0x1ab54
   srr0 = 0x0cf70b58    r1 = 0xbfff8f60
 8  QuickTime Plugin + 0x10b84
   srr0 = 0x0cf66b88    r1 = 0xbfff9000
 9  XUL!nsNPAPIPluginStreamListener::OnDataAvailable(nsIPluginStreamInfo*, nsIInputStream*, unsigned int) [nsNPAPIPluginInstance.cpp : 671 + 0x44]
   srr0 = 0x04fb38d0    r1 = 0xbfff9060
10  XUL!nsPluginStreamListenerPeer::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) [nsPluginHost.cpp : 1192 + 0x54]
   srr0 = 0x04fcdf1c    r1 = 0xbfff9150
11  XUL!nsMediaDocumentStreamListener::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) [nsMediaDocument.cpp : 115 + 0x44]
   srr0 = 0x046021a0    r1 = 0xbfff9230
12  XUL!nsDocumentOpenInfo::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) [nsURILoader.cpp : 306 + 0x44]
   srr0 = 0x04d9beb0    r1 = 0xbfff9280
13  XUL!nsStreamListenerTee::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) [nsStreamListenerTee.cpp : 111 + 0x54]
   srr0 = 0x03c2f0c0    r1 = 0xbfff92e0
14  XUL!nsHttpChannel::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned int, unsigned int) [nsHttpChannel.cpp : 5382 + 0x70]
   srr0 = 0x03d11f54    r1 = 0xbfff9350
15  XUL!nsInputStreamPump::OnStateTransfer() [nsInputStreamPump.cpp : 510 + 0x74]
   srr0 = 0x03be236c    r1 = 0xbfff93e0
16  XUL!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) [nsInputStreamPump.cpp : 400 + 0x4]
   srr0 = 0x03be2b08    r1 = 0xbfff94a0
17  XUL!nsInputStreamReadyEvent::Run() [nsStreamUtils.cpp : 112 + 0x48]
   srr0 = 0x0545f4b4    r1 = 0xbfff9500

dveditz: care to contact them and ask if this should be public or not?
ditto windows x86

Operating system: Windows NT
                  6.0.6002 Service Pack 2
CPU: x86
     AuthenticAMD family 15 model 33 stepping 2
     1 CPU

Crash reason:  EXCEPTION_ACCESS_VIOLATION
Crash address: 0x9c
Assertion: Unknown assertion type 0x00000000

Thread 1 (crashed)
 0  QuickTimeMusic.qtx + 0x5a36
    eip = 0x6a725a36   esp = 0x02e8f460   ebp = 0x00000258   ebx = 0x00000000
    esi = 0x063133a8   edi = 0x0000009c   eax = 0x0000009c   ecx = 0x00000000
    edx = 0x00000000   efl = 0x00010202
    Found by: given as instruction pointer in context
 1  QuickTimeMusic.qtx + 0x49db2
    eip = 0x6a769db3   esp = 0x02e8f46c   ebp = 0x00000258
    Found by: stack scanning
 2  QuickTime.qts + 0xe0e1f
    eip = 0x69320e20   esp = 0x02e8f498   ebp = 0x00000258
    Found by: stack scanning
 3  QuickTimeMusic.qtx + 0x49f38
    eip = 0x6a769f39   esp = 0x02e8f49c   ebp = 0x00000258
    Found by: stack scanning
OS: Mac OS X → All
Hardware: PowerPC → All
Summary: Crash [@ QuickTimeComponents@0x91212c] → Crash [@ QuickTimeComponents@0x91212c | QuickTimeMusic.qtx@0x5a36]
Whiteboard: [sg:vector-critical QuickTime]
Summary: Crash [@ QuickTimeComponents@0x91212c | QuickTimeMusic.qtx@0x5a36] → Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeMusic.qtx@0x5a36]
5 occurrences in last 4 weeks. <http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=QuickTimeMusic.qtx%400x5a36&date=08%2F10%2F2010%2008%3A40%3A24&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=1&signature=QuickTimeMusic.qtx%400x5a36>

also on same url.

Operating system: Mac OS X
                  10.5.8 9L34
CPU: x86
     GenuineIntel family 6 model 26 stepping 5
     1 CPU

Crash reason:  EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE
Crash address: 0x9c

Thread 0 (crashed)
 0  QuickTimeComponents + 0xc9bd6c
    eip = 0x9589fd6c   esp = 0xbfff97c0   ebp = 0xbfff97d8   ebx = 0x958a880a
    esi = 0x0000009c   edi = 0x00000000   eax = 0x0000009c   ecx = 0x00000000
    edx = 0x00000073   efl = 0x00010286
    Found by: given as instruction pointer in context
 1  QuickTimeComponents + 0xca4567
    eip = 0x958a8568   esp = 0xbfff97e0   ebp = 0xbfff9828
    Found by: previous frame's frame pointer
 2  QuickTimeComponents + 0xca4c3a
    eip = 0x958a8c3b   esp = 0xbfff9830   ebp = 0xbfff99d8
    Found by: previous frame's frame pointer
 3  CarbonCore + 0x32f8d
    eip = 0x93ee2f8e   esp = 0xbfff99e0   ebp = 0xbfff9a98
    Found by: previous frame's frame pointer
 4  QuickTimeComponents + 0xca01d3
    eip = 0x958a41d4   esp = 0xbfff9aa0   ebp = 0xbfff9ab8
    Found by: previous frame's frame pointer
 5  CarbonCore + 0x32898
    eip = 0x93ee2899   esp = 0xbfff9ac0   ebp = 0xbfff9ad8
    Found by: previous frame's frame pointer
 6  QuickTime + 0x2730d
    eip = 0x914a430e   esp = 0xbfff9ae0   ebp = 0xbfff9b28
    Found by: previous frame's frame pointer
 7  QuickTime Plugin + 0x10142
    eip = 0x13222143   esp = 0xbfff9b30   ebp = 0xbfff9bc8
    Found by: previous frame's frame pointer
 8  QuickTime Plugin + 0x16a24
    eip = 0x13228a25   esp = 0xbfff9bd0   ebp = 0xbfff9c88
    Found by: previous frame's frame pointer
 9  QuickTime Plugin + 0x18c91
    eip = 0x1322ac92   esp = 0xbfff9c90   ebp = 0xbfff9d08
    Found by: previous frame's frame pointer
10  QuickTime Plugin + 0xea66
    eip = 0x13220a67   esp = 0xbfff9d10   ebp = 0xbfff9d48
    Found by: previous frame's frame pointer

no reason to keep ss that i know of.
Group: core-security
Summary: Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeMusic.qtx@0x5a36] → Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeComponents@0xc9bd6c][@ QuickTimeMusic.qtx@0x5a36]
update crash bugs to critical per guidelines.
Severity: normal → critical
Crash Signature: [@ QuickTimeComponents@0x91212c] [@ QuickTimeComponents@0xc9bd6c] [@ QuickTimeMusic.qtx@0x5a36]
Still exists in Quicktime 7.7. Christian, can we get someone at Apple to look
at this?

Note the stack in today's nightly with scribble is:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000009c
0x26dd8e44 in CloseGH ()
(gdb) bt
#0  0x26dd8e44 in CloseGH ()
#1  0x26de1640 in ConvertStandardMIDIHandleToQuickTime ()
#2  0x26de1d13 in EatStdMIDIDataRef ()
#3  0x90dc2f8e in CallComponentFunctionCommon ()
#4  0x26ddd2ac in EatStdMIDIComponentDispatch ()
#5  0x90dc2899 in CallComponentDispatch ()
#6  0x010270ba in MovieImportDataRef ()
#7  0x256a310f in importMovieFromDataRef ()
#8  0x256a9a25 in instantiateMovie ()
#9  0x256abc92 in NPP_Write ()
#10 0x256a1a33 in WebHelper_Private_Write ()
#11 0x06054152 in nsNPAPIPluginStreamListener::OnDataAvailable (this=0x2466b6e0, pluginInfo=0x24680ee4, input=0x2466d780, length=0) at /work/mozilla/builds/nightly/mozilla/dom/plugins/base/nsNPAPIPluginStreamListener.cpp:627
#12 0x0605c0b3 in nsPluginStreamListenerPeer::OnDataAvailable (this=0x24680ed0, request=0xca8234, aContext=0x0, aIStream=0x2466d780, sourceOffset=0, aLength=27820) at /work/mozilla/builds/nightly/mozilla/dom/plugins/base/nsPluginStreamListenerPeer.cpp:986
#13 0x056c49f6 in mozilla::dom::MediaDocumentStreamListener::OnDataAvailable (this=0x246371f0, request=0xca8234, ctxt=0x0, inStr=0x2466d780, sourceOffset=0, count=27820) at /work/mozilla/builds/nightly/mozilla/content/html/document/src/MediaDocument.cpp:117
#14 0x05e95559 in nsDocumentOpenInfo::OnDataAvailable (this=0x240516f0, request=0xca8234, aCtxt=0x0, inStr=0x2466d780, sourceOffset=0, count=27820) at /work/mozilla/builds/nightly/mozilla/uriloader/base/nsURILoader.cpp:322
#15 0x04e53896 in nsStreamListenerTee::OnDataAvailable (this=0x2466ce10, request=0xca8234, context=0x0, input=0x2408767c, offset=0, count=27820) at /work/mozilla/builds/nightly/mozilla/netwerk/base/src/nsStreamListenerTee.cpp:111
#16 0x04f0f785 in nsHttpChannel::OnDataAvailable (this=0xca8200, request=0x240792b0, ctxt=0x0, input=0x2408767c, offset=0, count=27820) at /work/mozilla/builds/nightly/mozilla/netwerk/protocol/http/nsHttpChannel.cpp:4294
#17 0x04e18ecf in nsInputStreamPump::OnStateTransfer (this=0x240792b0) at /work/mozilla/builds/nightly/mozilla/netwerk/base/src/nsInputStreamPump.cpp:510
#18 0x04e193e6 in nsInputStreamPump::OnInputStreamReady (this=0x240792b0, stream=0x2408767c) at /work/mozilla/builds/nightly/mozilla/netwerk/base/src/nsInputStreamPump.cpp:400
#19 0x0657c7aa in nsInputStreamReadyEvent::Run (this=0x23f91e30) at /work/mozilla/builds/nightly/mozilla/xpcom/io/nsStreamUtils.cpp:114
#20 0x065a0d6e in nsThread::ProcessNextEvent (this=0x11b3a0, mayWait=0, result=0xbfffd154) at /work/mozilla/builds/nightly/mozilla/xpcom/threads/nsThread.cpp:631
#21 0x0652f7b8 in NS_ProcessPendingEvents_P (thread=0x11b3a0, timeout=20) at /work/mozilla/builds/nightly/mozilla/firefox-debug/xpcom/build/nsThreadUtils.cpp:195
#22 0x062647f4 in nsBaseAppShell::NativeEventCallback (this=0x12db30) at /work/mozilla/builds/nightly/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:130
#23 0x0620bf55 in nsAppShell::ProcessGeckoEvents (aInfo=0x12db30) at /work/mozilla/builds/nightly/mozilla/widget/src/cocoa/nsAppShell.mm:424
#24 0x9399d3c5 in CFRunLoopRunSpecific ()
#25 0x9399daa8 in CFRunLoopRunInMode ()
#26 0x969412ac in RunCurrentEventLoopInMode ()
#27 0x969410c5 in ReceiveNextEventCommon ()
#28 0x96940f39 in BlockUntilNextEventMatchingListInMode ()
#29 0x94a826d5 in _DPSNextEvent ()
#30 0x94a81f88 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#31 0x94a7af9f in -[NSApplication run] ()
#32 0x0620acbb in nsAppShell::Run (this=0x12db30) at /work/mozilla/builds/nightly/mozilla/widget/src/cocoa/nsAppShell.mm:771
#33 0x05f4c2a2 in nsAppStartup::Run (this=0x1614c0) at /work/mozilla/builds/nightly/mozilla/toolkit/components/startup/nsAppStartup.cpp:224
#34 0x04dbe21e in XRE_main (argc=4, argv=0xbffff058, aAppData=0x1106b0) at /work/mozilla/builds/nightly/mozilla/toolkit/xre/nsAppRunner.cpp:3577
#35 0x00001e62 in do_main (exePath=0xbfffeb8c "/work/mozilla/builds/nightly/mozilla/firefox-debug/dist/FirefoxDebug.app/Contents/MacOS/libxpcom.dylib", argc=4, argv=0xbffff058) at /work/mozilla/builds/nightly/mozilla/browser/app/nsBrowserApp.cpp:198
#36 0x0000206d in main (argc=4, argv=0xbffff058) at /work/mozilla/builds/nightly/mozilla/browser/app/nsBrowserApp.cpp:281
(gdb)
Crash Signature: [@ QuickTimeComponents@0x91212c] [@ QuickTimeComponents@0xc9bd6c] [@ QuickTimeMusic.qtx@0x5a36] → [@ QuickTimeComponents@0x91212c] [@ QuickTimeComponents@0xc9bd6c] [@ QuickTimeMusic.qtx@0x5a36] [@ QuickTimeComponents@0xc9ce44 ] [@ CloseGH ]
Summary: Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeComponents@0xc9bd6c][@ QuickTimeMusic.qtx@0x5a36] → Crash [@ QuickTimeComponents@0x91212c][@ QuickTimeComponents@0xc9bd6c][@ QuickTimeComponents@0xc9ce44 ][@ QuickTimeMusic.qtx@0x5a36][@ CloseGH ]
Reproducible on Mac OS X 10.5 QuickTime 7.7 Beta/11, Aurora/12, Nightly/13
Windows 7 [@ QuickTimeMusic!NoteAllocatorEntry+0x276]

Not reproducible on Mac OS X 10.6 QuickTime 10.0.
Keywords: sec-vector
Keywords: sec-other
closing as wfm now
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.