Closed
Bug 1442328
Opened 6 years ago
Closed 6 years ago
Crash in MessageBuilder::WriteCacheResponse
Categories
(Core :: Disability Access APIs, defect, P1)
Tracking
()
People
(Reporter: marcia, Assigned: bugzilla)
Details
(Keywords: crash, sec-high, testcase-wanted)
Crash Data
This bug was filed from the Socorro interface and is report bp-b252b361-1f88-497e-bd95-0615a0180228. ============================================================= Seen while looking at beta crash data - crash signature which has been rising since 59b11: http://bit.ly/2oMeJ4f. Marking as security sensitive since some of the crash addresses look possibly security sensitive (some reports say medium). Crash reason for all is EXCEPTION_ACCESS_VIOLATION_EXEC. Not sure where to bucket this, so dropping in General for the moment. Crashes are primarily Windows 7. Strong correlation: (93.85% in signature vs 07.09% overall) Module "uiautomationcore.dll" = true Top 10 frames of crashing thread: 0 @0x68084f8d 1 uiautomationcore.dll MessageBuilder::WriteCacheResponse 2 uiautomationcore.dll RemoteUiaNodeStub::Incoming_DrillForPointOrFocus 3 uiautomationcore.dll RemoteUiaNodeStub::OnMessage 4 uiautomationcore.dll InvokeOnCorrectContext2_Callback 5 uiautomationcore.dll NullInvoker::CallTarget 6 uiautomationcore.dll InvokeOnCorrectContext 7 uiautomationcore.dll ProcessIncomingRequest 8 uiautomationcore.dll HookBasedServerConnectionManager::HookCallback 9 uiautomationcore.dll HandleHookMessage =============================================================
Assignee | ||
Comment 2•6 years ago
|
||
This looks a lot like the stack that jimm just ni? me on...
Flags: needinfo?(aklotz) → needinfo?(jmathies)
Comment 3•6 years ago
|
||
(In reply to [:philipp] from comment #1) > looking a bit similar to bug 1412635... That bug was "fixed" but the crashes continued, so yeah could be.
Assignee: nobody → aklotz
Component: General → Disability Access APIs
Keywords: sec-high,
testcase-wanted
Priority: -- → P1
Assignee | ||
Comment 4•6 years ago
|
||
Oh, this is interesting. 100% of those crashes are on Windows 7 32-bit. Could this be the 32-bit equivalent to bug 1424505?
Comment 5•6 years ago
|
||
(In reply to Aaron Klotz [:aklotz] from comment #4) > Oh, this is interesting. 100% of those crashes are on Windows 7 32-bit. > Could this be the 32-bit equivalent to bug 1424505? Yep, sure looks like it. https://crash-stats.mozilla.com/search/?signature=%3DMessageBuilder%3A%3AWriteCacheResponse&product=Firefox&date=%3E%3D2018-02-28T09%3A18%3A40.000Z&date=%3C2018-03-07T09%3A18%3A40.000Z&_sort=-date&_facets=signature&_facets=accessibility&_facets=accessibility_in_proc_client&_facets=accessibility_client&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-accessibility_client
Flags: needinfo?(jmathies)
Comment 6•6 years ago
|
||
Keeping an eye on this for 59 even after the release.
tracking-firefox59:
--- → +
tracking-firefox60:
--- → +
Updated•6 years ago
|
status-firefox61:
--- → affected
status-firefox-esr52:
--- → affected
tracking-firefox61:
--- → +
tracking-firefox-esr52:
--- → ?
Updated•6 years ago
|
Group: core-security → layout-core-security
Comment 7•6 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #5) > (In reply to Aaron Klotz [:aklotz] from comment #4) > > Oh, this is interesting. 100% of those crashes are on Windows 7 32-bit. > > Could this be the 32-bit equivalent to bug 1424505? > > Yep, sure looks like it. The results from 59.0.2 would certainly seem to agree with that too. Can we open this bug up and/or dupe it over to bug 1424505?
Comment 8•6 years ago
|
||
It sure looks to me like the patches in bug 1424505 have helped with this bug too, but I still see reports from 60.0b16 which look like the stack in #c0, so I guess we're not completely out of the woods here?
Comment 9•6 years ago
|
||
No reports from Beta61 yet either. That said, there are some reports from Release 60 starting to come in too. I still think this is closely tied to bug 1424505, which still hits with very low frequency. Jamie, what are your thoughts about duping this bug over?
Flags: needinfo?(jteh)
Comment 10•6 years ago
|
||
My concern about duping this bug is that despite how similar the circumstances look, this crash occurs in the main thread, whereas the bug 1424505 crash occurs on a background thread. That suggests a very different code path. Still, that could just be timing related; perhaps the RPC thread succeeds in 32 bit builds but then things fall apart when we return to the main thread. In the absence of further useful data, I guess duping this makes sense; we can always reopen it if that proves to be wrong.
Flags: needinfo?(jteh)
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Comment 12•6 years ago
|
||
I closed this as a duplicate as per comment 9 and comment 10. However, I'm unsure as to whether I can put this crash signature in bug 1424505, given that this one is marked as a security bug. Ryan, do you know?
Flags: needinfo?(ryanvm)
Comment 13•6 years ago
|
||
I think I'd be inclined to just leave this signature on this bug. Al, WDYT?
Flags: needinfo?(ryanvm) → needinfo?(abillings)
Updated•6 years ago
|
Updated•6 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•