1714940 - ASUS Web Storage crashing Firefox

Status: RESOLVED FIXED

(External Software Affecting Firefox :: Other, defect)

Description

[Gabriele Svelto [:gsvelto]]

Crash report: https://crash-stats.mozilla.org/report/index/a1265f3d-78b3-41f3-9805-9f52a0210604

Reason: STATUS_HEAP_CORRUPTION

Top 10 frames of crashing thread:

0 ntdll.dll RtlReportFatalFailure 
1 ntdll.dll RtlReportCriticalFailure 
2 ntdll.dll RtlpHeapHandleError 
3 ntdll.dll RtlpHpHeapHandleError 
4 ntdll.dll RtlpLogHeapFailure 
5 ntdll.dll RtlpFreeHeapInternal 
6 ntdll.dll RtlFreeHeap 
7 asuswsshellext64.dll asuswsshellext64.dll@0x177db 
8 asuswsshellext64.dll asuswsshellext64.dll@0x614c 
9 asuswsshellext64.dll asuswsshellext64.dll@0x10c36 

There's a number of different signatures caused by this, I've added only the most common ones. Given the comments I guess this is related to the file picker. The DLL version involved in the crashes is 1.1.0.27 and it appears to be the last version available.

The software can be downloaded here: https://personal.asuswebstorage.com/download/?lang=en

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Comment 2

[Gabriele Svelto [:gsvelto]]

Added more signatures though not all of them because there's a ton. The affected version of the DLL is always 1.1.0.27 and as far as I can tell it's 10+ years old. We should block this and forget about it. Gian-Carlo does anybody in the team have some spare cycles to handle this?

Comment 3

[Gian-Carlo Pascutto [:gcp]]

does anybody in the team have some spare cycles to handle this?

It's already with the right triage owner.

Comment 4

[Haik Aftandilian [:haik]]

@Greg, could you take a look at blocking this old DLL too?

Comment 5

[Greg Stoll :gstoll]

Sure!

Comment 6

[Greg Stoll :gstoll]

Windows DLLBlocklist request form

1. How were we aware of the problem?
   Via crash reports.

2. What is a suspicious product causing the problem?
   ASUS WebStorage

3. Is the product downloadable? If so, do we have a local repro?
   It is downloadable at https://personal.asuswebstorage.com/download/?lang=en (the Sync APP and Remote Drive). I can reproduce loading the module but not the crash.

4. Which OS versions does the problem occur on?
   Seeing this on at least Windows 7 and Windows 10.

5. Which process types does the problem occur on?
   This is a shell extension, so we only see crashes in the browser process.

6. What is the maximum version of the module in the crash reports?
   1.1.0.27

7. Is the issue fixed by a newer version of the product?
   1.1.0.27 is the newest version, so no.

8. Do we have data about the module in the third-party-module ping?
   Yes

9. Do we know how the module is loaded?
   The module is loaded as a shell extension, so it should be safe to block.

10. Describe your conclusion.
    We should block version 1.1.0.27 of this DLL in the browser process.

Comment 7

[Greg Stoll :gstoll]

Attachment: Bug 1714940 - blocklist ASUS Web Storage DLL shell extension to prevent crashes r=haik

Comment 8

[Pulsebot]

Pushed by gstoll@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/879b0989791c
blocklist ASUS Web Storage DLL shell extension to prevent crashes r=haik

Comment 9

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/879b0989791c