Open Bug 1706038 Opened 2 years ago Updated 1 year ago

Crash in [@ npwzwmc64.dll | GetModuleHandleW] (WinZip Courier)

Categories

(External Software Affecting Firefox :: Other, defect, P3)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

(Not tracked)

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/c7ba8ef5-a7dd-4ccf-84b9-522c90210417

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 6 frames of crashing thread:

0 npwzwmc64.dll npwzwmc64.dll@0x7d7f 
1 kernelbase.dll GetModuleHandleW 
2 npwzwmc64.dll npwzwmc64.dll@0x47ff 
3 kernel32.dll BaseThreadInitThunk 
4 ntdll.dll RtlUserThreadStart 
5 kernelbase.dll TerminateProcessOnMemoryExhaustion

This is WinZip Courrier doing something that crashes Firefox. Maybe it's injecting itself in the file picker? It's hard to tell from the stacks.

I downloaded the product from https://www.winzip.com/win/en/downec.html and debugged the behavior. I didn't have a luck to reproduce the crash, though.

WinZip Courier has a Firefox extension. Once I install and enable it, it launches its own process wzwmcffnm.exe and npwzwmc64.exe. The latter one wzwmcffnm64.exe injects npwzwmc64.dll into our browser process via CreateRemoteThread technique to customize the common file dialog.

For the "[ @ npwzwmc64.dll | GetModuleHandleW ]" crash, I think it happens during shutdown. Their code tried to use a pointer in a global variable in npwzwmc64.dll, but it was already set to null. This may be a timing issue that not every WinZip user hits.

According to https://www.winzip.com/win/en/contact.html, I sent an email to WinZip.

Summary: Crash in [@ npwzwmc64.dll | GetModuleHandleW] → Crash in [@ npwzwmc64.dll | GetModuleHandleW] (WinZip Courier)
Severity: -- → S2
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.