Closed Bug 1260115 Opened 7 years ago Closed 6 years ago

crash in mozilla::SandboxBroker::AddTargetPeer

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1256992
Tracking Flags:
Tracking Status
firefox46 --- affected
firefox47 blocking fixed

People

(Reporter: calixte, Assigned: bobowen)

References

Details

(Keywords: crash, topcrash-win, Whiteboard: sbwc1)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-b5ae3da7-82e4-486c-833a-42b392160325.
=============================================================

This crash rose the 2016-03-25, it's #1 in topcrash for 47.0a2 and occurs only with this version.
Maybe it's related to this patch:
http://hg.mozilla.org/releases/mozilla-aurora/rev/30de9ac21a78
which has been pushed the 2016-03-24.

Stack:
-----

mozilla::SandboxBroker::AddTargetPeer(void*)
mozilla::ipc::GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, base::ProcessArchitecture)
mozilla::ipc::GeckoChildProcessHost::PerformAsyncLaunch(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, base::ProcessArchitecture)
mozilla::ipc::GeckoChildProcessHost::RunPerformAsyncLaunch(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, base::ProcessArchitecture)
RunnableMethod<mozilla::ipc::GeckoChildProcessHost, bool ( mozilla::ipc::GeckoChildProcessHost::*)(std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, base::ProcessArchitecture), mozilla::Tuple<std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, base::ProcessArchitecture> >::Run()
MessageLoop::DoWork()
UfhpUtilityStoreDeleteAboveQuota(HKEY__*, _UFH_DATA_TYPE)
Blocks: 1256992
Tracked for 47 as a blocker since it's a top crash.
tracking-firefox47: --- → blocking
The crash appeared in beta (only 2 crashes).
The crashes in alpha always occured at address 0x0 but at differents addresses in beta.
status-firefox46: --- → affected
Startup crash
Hi Benjamin, Aaron, this is a top crash on Aurora47. Could you please help investigate or find an owner? Thanks!
Flags: needinfo?(benjamin)
Flags: needinfo?(aklotz)
(In reply to Ritu Kothari (:ritu) from comment #4)
> Hi Benjamin, Aaron, this is a top crash on Aurora47. Could you please help
> investigate or find an owner? Thanks!

Wasn't this caused by bug 1260115 which was backed out?
(In reply to Jim Mathies [:jimm] from comment #5)
> (In reply to Ritu Kothari (:ritu) from comment #4)
> > Hi Benjamin, Aaron, this is a top crash on Aurora47. Could you please help
> > investigate or find an owner? Thanks!
> 
> Wasn't this caused by bug 1260115 which was backed out?

Jim, did you mean to add a different bug #? This is bug 1260115.
The crash-stats don't show any occurrences of this on 47.0a2 after 03-28 build (when it was backed out) so that looks promising.
Flags: needinfo?(benjamin)
This was definitely caused by the patches for bug 1256992.

I'm not quite sure why the sandbox broker appears to be failing to initialize.
It's either that or there is some way that we not actually attempting to initialize in some cases.
Assignee: nobody → bobowen.code
Flags: needinfo?(aklotz)
Whiteboard: sbwc1
This was fixed by the second patch for bug 1256992.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1256992
You need to log in before you can comment on or make changes to this bug.