Closed Bug 1407736 Opened 7 years ago Closed 9 months ago

Crash in combase!OXIDEntry::PostCall while drag and drop


(Core :: Widget: Win32, defect, P3)

Windows 10



Tracking Status
firefox-esr52 --- affected
firefox56 --- wontfix
firefox57 - affected
firefox58 --- ?


(Reporter: philipp, Unassigned)



(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-d097bb5d-22d7-4677-8824-990e40171002.
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	combase.dll 	OXIDEntry::PostCall(ServerCall*, unsigned long*) 	onecore\com\combase\dcomrem\ipidtbl.cxx:1781
1 	combase.dll 	CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE*, unsigned long*) 	onecore\com\combase\dcomrem\channelb.cxx:5764
2 	combase.dll 	CSyncClientCall::SendReceive(tagRPCOLEMESSAGE*, unsigned long*) 	onecore\com\combase\dcomrem\ctxchnl.cxx:823
3 	combase.dll 	NdrExtpProxySendReceive(void*, _MIDL_STUB_MESSAGE*) 	onecore\com\combase\ndr\ndrole\proxy.cxx:1965
4 	rpcrt4.dll 	NdrpClientCall3 	
5 	combase.dll 	ObjectStublessClient 	onecore\com\combase\ndr\ndrole\amd64\stblsclt.cxx:294
6 	combase.dll 	ObjectStubless 	d:\rs2\onecore\com\combase\ndr\ndrole\amd64\stubless.asm:175
7 	combase.dll 	CStdMarshal::RemoteAddRef(tagIPIDEntry*, OXIDEntry*, unsigned long, unsigned long, int) 	onecore\com\combase\dcomrem\marshal.cxx:7925
8 	combase.dll 	CStdMarshal::MakeCliIPIDEntry(_GUID const&, tagSTDOBJREF*, OXIDEntry*, tagIPIDEntry**) 	onecore\com\combase\dcomrem\marshal.cxx:2812
9 	combase.dll 	CStdMarshal::UnmarshalIPID(_GUID const&, tagSTDOBJREF*, OXIDEntry*, void**) 	onecore\com\combase\dcomrem\marshal.cxx:2340
10 	combase.dll 	CStdMarshal::UnmarshalObjRef(tagOBJREF&, void**) 	onecore\com\combase\dcomrem\marshal.cxx:2208
11 	combase.dll 	UnmarshalSwitch(void*) 	onecore\com\combase\dcomrem\marshal.cxx:1842
12 	combase.dll 	UnmarshalObjRef(tagOBJREF&, EffectiveUnmarshalingPolicy, void**, int, CStdMarshal**) 	onecore\com\combase\dcomrem\marshal.cxx:1985
13 	combase.dll 	InternalUnmarshalObjRef 	onecore\com\combase\privateapi\privateapi.cxx:287
14 	ole32.dll 	UnmarshalFromEndpointProperty(HWND__*, int, int, IUnknown**, int*) 	com\ole32\com\rot\getif.cxx:458
15 	ole32.dll 	SDDInfo::SDDInfo(HWND__*, long&) 	com\ole32\com\rot\getif.cxx:232
16 	ole32.dll 	PrivDragDrop(HWND__*, IDropTarget*, tagDRAGOP, tagInterfaceData*, IDataObject*, unsigned long, _POINTL, unsigned long*, HWND__*, void**) 	com\ole32\com\rot\getif.cxx:914
17 	ole32.dll 	CDragOperation::GetDropTarget(HWND__*, HWND__*, IDropTarget*) 	com\ole32\ole232\drag\drag.cpp:1155
18 	ole32.dll 	CDragOperation::UpdateTarget() 	com\ole32\ole232\drag\drag.cpp:2035
19 	ole32.dll 	DoDragDrop 	com\ole32\ole232\drag\drag.cpp:3046
20 	xul.dll 	nsDragService::StartInvokingDragSession(IDataObject*, unsigned int) 	widget/windows/nsDragService.cpp:326
21 	xul.dll 	nsDragService::InvokeDragSessionImpl(nsIArray*, nsIScriptableRegion*, unsigned int) 	widget/windows/nsDragService.cpp:247
22 	xul.dll 	nsBaseDragService::InvokeDragSession(nsIDOMNode*, nsIArray*, nsIScriptableRegion*, unsigned int, unsigned int) 	widget/nsBaseDragService.cpp:231
23 	xul.dll 	nsBaseDragService::InvokeDragSessionWithImage(nsIDOMNode*, nsIArray*, nsIScriptableRegion*, unsigned int, nsIDOMNode*, int, int, nsIDOMDragEvent*, nsIDOMDataTransfer*) 	widget/nsBaseDragService.cpp:267
24 	xul.dll 	mozilla::EventStateManager::DoDefaultDragStart(nsPresContext*, mozilla::WidgetDragEvent*, mozilla::dom::DataTransfer*, nsIContent*, nsISelection*) 	dom/events/EventStateManager.cpp:1998
25 	xul.dll 	mozilla::EventStateManager::GenerateDragGesture(nsPresContext*, mozilla::WidgetInputEvent*) 	dom/events/EventStateManager.cpp:1803
26 	xul.dll 	mozilla::EventStateManager::PreHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*) 	dom/events/EventStateManager.cpp:744
27 	xul.dll 	mozilla::PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) 	layout/base/PresShell.cpp:8124
28 	xul.dll 	mozilla::PresShell::HandlePositionedEvent(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*) 	layout/base/PresShell.cpp:7923
29 	xul.dll 	mozilla::PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) 	layout/base/PresShell.cpp:7711
30 	xul.dll 	nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) 	view/nsViewManager.cpp:804
31 	xul.dll 	nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) 	view/nsView.cpp:1133
32 	xul.dll 	nsWindow::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) 	widget/windows/nsWindow.cpp:4147
33 	xul.dll 	nsBaseWidget::ProcessUntransformedAPZEvent(mozilla::WidgetInputEvent*, mozilla::layers::ScrollableLayerGuid const&, unsigned __int64, nsEventStatus) 	widget/nsBaseWidget.cpp:1034
34 	xul.dll 	nsBaseWidget::DispatchInputEvent(mozilla::WidgetInputEvent*) 	widget/nsBaseWidget.cpp:1175
35 	xul.dll 	nsWindow::DispatchMouseEvent(mozilla::EventMessage, unsigned __int64, __int64, bool, short, unsigned short, WinPointerInfo*) 	widget/windows/nsWindow.cpp:4581
36 	xul.dll 	nsWindow::ProcessMessage(unsigned int, unsigned __int64&, __int64&, __int64*) 	widget/windows/nsWindow.cpp:5509
37 	xul.dll 	nsWindow::WindowProcInternal(HWND__*, unsigned int, unsigned __int64, __int64) 	widget/windows/nsWindow.cpp:4933
38 	xul.dll 	CallWindowProcCrashProtected 	xpcom/base/nsCrashOnException.cpp:35
39 	xul.dll 	nsWindow::WindowProc(HWND__*, unsigned int, unsigned __int64, __int64) 	widget/windows/nsWindow.cpp:4885
40 	user32.dll 	UserCallWinProcCheckWow 	
41 	user32.dll 	DispatchMessageWorker 	
42 	xul.dll 	nsAppShell::ProcessNextNativeEvent(bool) 	widget/windows/nsAppShell.cpp:393
43 	xul.dll 	nsBaseAppShell::DoProcessNextNativeEvent(bool) 	widget/nsBaseAppShell.cpp:138
44 	xul.dll 	nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) 	widget/nsBaseAppShell.cpp:289
45 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1356
46 	xul.dll 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/threads/nsThreadUtils.cpp:475
47 	xul.dll 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp:124
48 	xul.dll 	MessageLoop::RunHandler() 	ipc/chromium/src/base/
49 	xul.dll 	MessageLoop::Run() 	ipc/chromium/src/base/
50 	xul.dll 	nsBaseAppShell::Run() 	widget/nsBaseAppShell.cpp:156
51 	xul.dll 	nsAppShell::Run() 	widget/windows/nsAppShell.cpp:271
52 	xul.dll 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp:283
53 	xul.dll 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp:4567
54 	xul.dll 	XREMain::XRE_main(int, char** const, mozilla::BootstrapConfig const&) 	toolkit/xre/nsAppRunner.cpp:4747
55 	xul.dll 	XRE_main(int, char** const, mozilla::BootstrapConfig const&) 	toolkit/xre/nsAppRunner.cpp:4842
56 	firefox.exe 	NS_internal_main(int, char**, char**) 	browser/app/nsBrowserApp.cpp:309
57 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:115
58 	firefox.exe 	__scrt_common_main_seh 	f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253
59 	kernel32.dll 	BaseThreadInitThunk 	
60 	ntdll.dll 	RtlUserThreadStart

crash reports with this signature show up on 64bit installations of firefox on windows 10 (& 8.1 to a lesser extent). many reports have modules like GDKBFltDll64.dll and Banksafe64.dll hooking into the process, which relate to GDATA security products. correlations show that two-thirds of affected users are on a german language build, so that would further point towards involvement of this german AV software.

thomas, would you be able to take a look into this?
Flags: needinfo?(thomas.siebert)
[Tracking Requested - why for this release]:

We might want to block these DLLs if we see more of these 64-bit GDATA crashes as we migrate more 56.0 users to 64-bit 56.0.1.
Summary: Crash in OXIDEntry::PostCall → Crash in OXIDEntry::PostCall (GDATA security software)
(In reply to [:philipp] from comment #0)
> thomas, would you be able to take a look into this?

This problem is quite odd, as according to crash telemetry it isn't triggered on browser startup, but typically after between 30 minutes and several hours. Whenever our modules are included, these are pretty ancient versions from 2014, which is consistent with the low number of affected users. We have an idea that the crashes are likely related to a bug in these old versions, and will send out a signature update that should mitigate these problems, even if the users don't do a software update (which they seemingly didn't do one for several years). If they at least do signature updates, they should be fine. Release of the signature update will likely be tomorrow.

As for blocking the DLLs, this might even have an adverse effect, as this would lead to more or less undefined behavior.
Flags: needinfo?(thomas.siebert)
As this is a fairly low crash volume I don't think that we have to track this for 57. 
Let's check back to make sure the GDATA update fixes the issue.
Priority: -- → P3
Whiteboard: [AV:GDATA security software]

There is no GData module in the crash dumps, so seems this is not a compat issue but a general drag-n-drop failure. Transferring this to the widget component.

Component: Other → Widget: Win32
Product: External Software Affecting Firefox → Core
Summary: Crash in OXIDEntry::PostCall (GDATA security software) → Crash in combase!OXIDEntry::PostCall while drag and drop
Whiteboard: [AV:GDATA security software]

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3

Closing because no crashes reported for 12 weeks.

Closed: 9 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.