Closed Bug 1455252 Opened 3 years ago Closed 3 years ago

Startup crash in CreateProcessAsUserW (mostly zh-CN)

Categories

(Core :: Security: Process Sandboxing, defect, P2)

x86
Windows 7
defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox59 --- affected

People

(Reporter: jcristau, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is
report bp-f82be892-b893-4d67-91ae-5080f0180419.
=============================================================

Top 2 frames of crashing thread:

0 kernelbase.dll RaiseException 
1 kernel32.dll CreateProcessAsUserW 

=============================================================

This seems to have spiked up in the last few days, and correlations for the signature show:
(99.31% in signature vs 02.73% overall) useragent_locale = zh-CN [88.46% vs 05.14% if process_type = null]

Mostly windows 7, with some windows 10 reports as well.
crash reason is listed as "Unhandled C++ Exception"
maybe the stack in a report like bp-6af56a39-8356-483b-9e65-5976f0180419 provides more information on what's going wrong.

SogouPY.ime (https://en.wikipedia.org/wiki/Sogou_Pinyin) is also present in the modules list in a number of reports - not sure if this may be a cause for the crash or just a correlation when chinese locales are affected.
Component: General → Security: Process Sandboxing
Product: Firefox → Core
Priority: -- → P2
Flags: needinfo?(bobowencode)
Trawled through quite a lot of the reports and many of them have SogouPY.ime, although it's not a majority.
There are also many other things that hook (detoured.dll used by NVIDIA for example) or look like they would be hooking things.

This appears to have all but disappeared during the week commencing 23 April.
Given that this has been around for a while, it seems unlikely that everyone experiencing it suddenly stopped using Firefox.
If this is a common pitfall for various hooking DLLs (possibly to do with unicode given the locale) then it also seems unlikely that they all got fixed at the same time.

So, my only guess is that it might have been an OS update.

I'll leave the NI and check back in a week to see if it's reappeared.
Only one in the last week, so for the moment I'm going to assume whatever was causing this was third party and has been fixed.
Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(bobowencode)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.