Closed Bug 1846512 Opened 2 years ago Closed 2 years ago

Crash in [@ TF_Notify] - ESET

Categories

(External Software Affecting Firefox :: Other, defect, P2)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
Desktop
Windows 11
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: yannis, Unassigned)

References

Details

(Keywords: crash)

Crash Data

+++ This bug was initially created as a clone of Bug #1777960 +++

Because the attached crash signature had evolved, I started a new discussion in bug 1777960 comment 1. I should have created a different bug back then, but now the result is that bug 1777960 is about ZoneAlarm. So I'm creating this bug to report about the initial crashes observed.

(Gabriele Svelto [:gsvelto] (PTO) from comment #0)

Crash report: https://crash-stats.mozilla.org/report/index/5a1cb5e2-adb7-480c-b31b-e59890220703

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 msctf.dll TF_Notify 
1 user32.dll int64_t CtfHookProcWorker 
2 user32.dll uint64_t CallHookWithSEH 
3 user32.dll _fnHkINLPCHARHOOKSTRUCT 
4 ntdll.dll KiUserCallbackDispatch 
5 win32u.dll NtUserPeekMessage 
6 eoppbrowser.dll eoppbrowser.dll@0x000000000000c0f1 
7 xul.dll profiler_thread_wake tools/profiler/core/platform.cpp:6573
8 xul.dll static mozilla::widget::WinUtils::WaitForMessage widget/windows/WinUtils.cpp:860
9 xul.dll nsAppShell::ProcessNextNativeEvent widget/windows/nsAppShell.cpp:707

This is happening with eOppBrowser.dll version 1.0.67.0 or 1.0.68.0 on the stack.

The original bug was created one year ago. In the past six months, we have only 62 crashes listed on this signature with eoppbrowser.dll in stack. The crashes from the past six months were mostly with versions 1.0.67.0, 1.0.72.0, and 1.0.74.0. We have received a few crashes with versions 1.0.86.0 and 1.0.88.0 (current version is 1.0.91.0). The volume seems very low though.

Severity: -- → S3
Priority: -- → P5

Adjusting severity now that we understand that this could make people crash as soon as they they type - so very impacting for the relatively few users who experiment this.

There has been a lot of progress in bug 1777960, leading to the following conclusions:

  • Starting with Windows 11 22H2 (10.0.22621.*), TF_Notify from msctf.dll (also known as CtfImmNotify from imm32.dll) uses a new convention for its third argument. It takes a pointer to a structure where a scalar value was used before.
  • ESET is responsible for ~1% of the volume on this crash signature.
  • ESET may have an optional feature (perhaps an anti-keylogger feature here too?) that calls into this function but would still use the old convention, or maybe they have already fixed this issue?
Severity: S3 → S2
Priority: P5 → P2
OS: Windows → Windows 11
See Also: → 1855957
See Also: → 1777960

ESET volume is still really low, they likely fixed this issue on their own.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.