Closed Bug 1486786 Opened 7 years ago Closed 7 years ago

Crash in CLockedList<T>::ForEachEntry

Categories

(External Software Affecting Firefox Graveyard :: Flash (Adobe), defect, P1)

Product:
External Software Affecting Firefox Graveyard
Component:
Flash (Adobe)
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

(firefox-esr60 unaffected, firefox62 fixed, firefox63 fixed, firefox64 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox62 --- fixed
firefox63 --- fixed
firefox64 --- fixed

People

(Reporter: marcia, Assigned: handyman)

References

Details

(Keywords: crash, regression, sec-high, Whiteboard: [Waiting for Flash update][post-critsmash-triage])

Crash Data

This bug was filed from the Socorro interface and is report bp-622caf15-d3b4-4400-a416-f9fec0180828. ============================================================= Seen while looking at nightly crash stats: https://bit.ly/2PFdQqJ. Although Bug 1449388 was resolved fixed, a set of crashes have continued in 63 in this signature. All of them have either EXCEPTION_ACCESS_VIOLATION_READ or EXCEPTION_ACCESS_VIOLATION_EXEC as the crash reason. I will mark this as security sensitive since the other bug was as well. 62 appears to be affected but there is only one crash. On 63 there is 325 crashes/68 installs in the last 7 days. It looks like from the timestamps that there are users crashing multiple times. Top 8 frames of crashing thread: 0 audioses.dll CLockedList<ATL::CComPtr<IAudioSessionEvents>, 0, 1>::ForEachEntry 1 audioses.dll CAudioSessionControl::OnAudioSessionEvent 2 audioses.dll CAudioSessionControl::CAudioSessionNotificationDelegator::OnMediaNotification 3 mmdevapi.dll CMediaNotifications::OnMediaNotificationWorkerHandler 4 ntdll.dll ntdll.dll@0x766e4 5 ntdll.dll ntdll.dll@0x2134f 6 ntdll.dll ntdll.dll@0x2313f 7 ntdll.dll ntdll.dll@0x1fa47 =============================================================
See Also: → 1449388
Group: core-security → dom-core-security
Crashing in system media code it appears; cc-ing media people just in case
This is the same bug as bug 1449388. That bug was resolved fixed but the actual fix is coming in Adobe's September Flash release (v31). I'd dupe this to it but maybe we should just hold this open until the Adobe fix is released. To be clear, bug 1449388 made the changes to Firefox required to make the Adobe changes work properly. It did not _require_ Adobe's changes to run though -- just to fix some audio device change edge cases.
Assignee: nobody → davidp99
Group: dom-core-security → core-security
Component: Security: Process Sandboxing → Flash (Adobe)
Keywords: sec-high
Product: Core → External Software Affecting Firefox
Version: Trunk → unspecified
Priority: -- → P1
Group: core-security → core-security-release
Whiteboard: Waiting for Flash update
I think we can safely say this is fixed. Adobe released Flash Player 31 on 9/11/2018. Since then, the crashes with this signature have tapered off. I've looked at the results for the last week -- there were 14 -- and they breakdown like this: * A whopping 10 of them were in 32-bit builds, two of which were in Thunderbird (I don't know what thats about as this was a plugin process crash) and the rest were in Firefox, using old versions of Flash. The Flash version can be gleamed from the Modules tab in crash-stats -- all of the Firefox versions show an ancient version of Flash (v11 -- no doubt this is all the same person :). * The other 4 were in Firefox 64 and all were old versions of Flash (pre-v31).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Flags: qe-verify-
Whiteboard: Waiting for Flash update → [Waiting for Flash update][post-critsmash-triage]
Group: core-security-release
Product: External Software Affecting Firefox → External Software Affecting Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.