Closed Bug 1043775 Opened 7 years ago Closed 3 years ago

crash in CCliModalLoop::CCliModalLoop with G Data AVKProxy


(External Software Affecting Firefox :: Other, defect)

Windows 7
Not set


(firefox48 wontfix, firefox49 wontfix, firefox-esr45 wontfix, firefox50 wontfix, firefox51 wontfix, firefox-esr52 wontfix, firefox58 wontfix, firefox59 fixed, firefox60 fixed)

Tracking Status
firefox48 --- wontfix
firefox49 --- wontfix
firefox-esr45 --- wontfix
firefox50 --- wontfix
firefox51 --- wontfix
firefox-esr52 --- wontfix
firefox58 --- wontfix
firefox59 --- fixed
firefox60 --- fixed


(Reporter: dmajor, Assigned: philipp)


(Keywords: crash)

Crash Data


(1 file)

This bug was filed from the Socorro interface and is 
report bp-578b75ec-6ea5-4b74-95ac-559502140723.

The crash is in COM plumbing, so it's unclear what's the issue, but it is 100% correlated with Banksafe64.dll from G Data AntiVirus Proxy (AVKProxy).

It's Win64 only (so nightly channel only). We first started seeing the crash on 4 April 2013 with this DLL version:
    Image name: Banksafe64.dll
    Timestamp:        Wed Feb 05 15:46:29 2014 (52F1A605)
    File version:     1.2.14036.226
    Product version:

This is one of the top crashes on 34 so far, but rankings may not be reliable this early. If it persists, let's try to find a contact at G Data.
> We first started seeing the crash on 4 April 2013 
That should say 2014.
This is now the #10 topcrasher on Nightly 34.0a1 with 94/15568 crashes in the last 7 days.
Keywords: topcrash
Crash Signature: [@ CCliModalLoop::CCliModalLoop(unsigned long, unsigned long, unsigned long, int)] → [@ CCliModalLoop::CCliModalLoop(unsigned long, unsigned long, unsigned long, int)] [@ CCliModalLoop::CCliModalLoop]
Crash volume for signature 'CCliModalLoop::CCliModalLoop':
 - nightly (version 51): 2 crashes from 2016-08-01.
 - aurora  (version 50): 39 crashes from 2016-08-01.
 - beta    (version 49): 75 crashes from 2016-08-02.
 - release (version 48): 40 crashes from 2016-07-25.
 - esr     (version 45): 29 crashes from 2016-05-02.

Crash volume on the last weeks (Week N is from 08-22 to 08-28):
            W. N-1  W. N-2  W. N-3
 - nightly       1       0       0
 - aurora       12      12       2
 - beta         28      22      12
 - release       8       8      11
 - esr           2       4       3

Affected platform: Windows

Crash rank on the last 7 days:
           Browser   Content     Plugin
 - nightly #446
 - aurora  #51
 - beta    #650
 - release #1331     #224
 - esr     #1283
we still see these crash reports from gdata users on windows 7 like bp-6e7b3edb-2671-41fb-ae18-798871180209 which seems to be related to the windows jumplist functionality. thomas, do you think this is something you could help with?
Component: General → Other
Flags: needinfo?(thomas.siebert)
Keywords: topcrash
OS: Windows NT → Windows 7
Product: Core → External Software Affecting Firefox
We had a bug that caused this behavior, which we fixed 3.5 years ago. So crashes might be related to outdated installations of our software. Please note that it's quite possible that not all of the crashes with this signature are related to our product though. As far as I can see, only a small fraction of crash reports show evidence of our software being present.

We have released our bugfix several years ago, so there's not much we can do anymore. The only possible solution I see to get rid of crashes caused by outdated version of our software might be to block GDKBFltDll64.dll 1.0.14141.240 and older on your side.
Flags: needinfo?(thomas.siebert)
ah right, the crash i've stumbled upon recently (bp-6e7b3edb-2671-41fb-ae18-798871180209) has exactly that v1.0.14141.240 of the module - thanks for the heads-up.
would there be a way for us to somehow obtain an old unfixed version to check that blocklisting has no unintended consequences in this case?
Flags: needinfo?(thomas.siebert)
The affected version can be found here:

Using the trial version should be sufficient. If you need a full license though, just contact me via mail.
Flags: needinfo?(thomas.siebert)
Attached patch bug1043775.patchSplinter Review
this would be a prospective blocklisting patch.

when i downloaded the program via the link in the last comment, i've ended up with a newer version (1.0.16122.355) of the dll already, so i can't really test how the blocklisting is behaving...
Sorry, I swapped two digits. This should work now:
Comment on attachment 8950998 [details] [diff] [review]

with the gdata setup from comment #10 i could test that the patch is successful in getting the blocked dll out of the firefox process.
i didn't notice any negative byproducts from browsing a couple of minutes in this state.
Attachment #8950998 - Flags: review?(mcastelluccio)
Attachment #8950998 - Flags: review?(mcastelluccio) → review+
Keywords: checkin-needed
Pushed by
Put old versions of GDATA GDKBFltDll64.dll on Dll blocklist. r=marco
Keywords: checkin-needed
Closed: 3 years ago
Resolution: --- → FIXED
I think we should uplift this, can you request it?
Flags: needinfo?(madperson)
Comment on attachment 8950998 [details] [diff] [review]

Approval Request Comment
[Feature/Bug causing the regression]: third-party software hooking into the process
[User impact if declined]: occasional crashes
[Is this code covered by automated tests?]: n/a
[Has the fix been verified in Nightly?]: verified locally that the blocklist entry is successful in getting the offending module out of our process
[Needs manual test from QE? If yes, steps to reproduce]: n/a
[List of other uplifts needed for the feature/fix]: n/a
[Is the change risky?]: no
[Why is the change risky/not risky?]: it's making use of the purpose-built dll blocklist. the block is in relation to a 3 year old module that has been superseded with a fixed version by the vendor.
[String changes made/needed]: n/a
Flags: needinfo?(madperson)
Attachment #8950998 - Flags: approval-mozilla-beta?
Comment on attachment 8950998 [details] [diff] [review]

Let's get this into 59b12.
Attachment #8950998 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.