1884469 - Crash in [@ __delayLoadHelper2 | <unknown in firefox.pdb>]

Status: NEW

(Core :: Security: Process Sandboxing, defect, P2)

Description

[BugBot [:suhaib / :marco/ :calixte]]

Crash report: https://crash-stats.mozilla.org/report/index/5c0a8ebb-9e61-423a-8000-c04510240308

Reason: FACILITY_VISUALCPP / ERROR_MOD_NOT_FOUND

Top 10 frames of crashing thread:

0  KERNELBASE.dll  RaiseException  
1  firefox.exe  __delayLoadHelper2  /builds/worker/workspace/obj-build/browser/app/D:/a/_work/1/s/src/vctools/delayimp/delayhlp.cpp:301
2  firefox.exe  <unknown in firefox.pdb>  
3  firefox.exe  sandbox::CreateAltWindowStation  security/sandbox/chromium/sandbox/win/src/window.cc:42
4  firefox.exe  sandbox::PolicyBase::CreateAlternateDesktop  security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc:221
5  firefox.exe  mozilla::sandboxing::InitializeBrokerServices  security/sandbox/win/SandboxInitialization.cpp:178
6  firefox.exe  mozilla::sandboxing::GetInitializedBrokerServices  security/sandbox/win/SandboxInitialization.cpp:187
7  firefox.exe  do_main  browser/app/nsBrowserApp.cpp:211
7  firefox.exe  NS_internal_main  browser/app/nsBrowserApp.cpp:445
7  firefox.exe  wmain  toolkit/xre/nsWindowsWMain.cpp:174

By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:

• First crash report: 2023-12-30
• Process type: Parent
• Is startup crash: No
• Has user comments: No
• Is null crash: Yes - 6 out of 15 crashes happened on null or near null memory address

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Security: Process Sandboxing' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 2

[Bob Owen (:bobowen)]

These all actually appear to be a failure to delay load user32.dll in the parent process.

Comment 3

[Gian-Carlo Pascutto [:gcp]]

So to clarify: sandboxing gets "blamed" here because it's one of the first things in the startup path.