Closed Bug 1923008 Opened 9 months ago Closed 5 months ago

Crash in [@ RtlpFreeHeapInternal | RtlFreeHeap | RpcStringFreeW] caused by Sandboxie

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/bf9ee6ed-a25c-4be1-ae05-315190241004

Reason:

STATUS_HEAP_CORRUPTION

Top 10 frames:

0  ntdll.dll  RtlReportFatalFailure
1  ntdll.dll  RtlReportCriticalFailure
2  ntdll.dll  RtlpHeapHandleError
3  ntdll.dll  RtlpHpHeapHandleError
4  ntdll.dll  RtlpLogHeapFailure
5  ntdll.dll  RtlpFreeHeapInternal
6  ntdll.dll  RtlFreeHeap
7  rpcrt4.dll  RpcStringFreeW
8  SbieDll.dll  SbieDll.dll@0x7dd74
9  SbieDll.dll  SbieDll.dll@0xada47

It's hard to tell what's going on in the crashing stack because it gets truncated around when we enter Sandboxie code, however the main thread seems to be starting the sandbox code so maybe the issue is somehow connected to that:

0 ntdll.dll  ZwDeviceIoControlFile
1 ntdll.dll  RtlpWaitOnAddressWithTimeout
2 ntdll.dll  RtlpWaitOnAddress
3 ntdll.dll  RtlpWaitOnCriticalSection
4 ntdll.dll  RtlpEnterCriticalSectionContended
5 ntdll.dll  RtlEnterCriticalSection
6 advapi32.dll  EnterWaitSddlSidLookup
7 advapi32.dll  InitializeSidLookupTable
8 advapi32.dll  LocalConvertStringSDToSD_Rev1
9 advapi32.dll  ConvertStringSecurityDescriptorToSecurityDescriptorW
10 firefox.exe  sandbox::SetObjectIntegrityLabel(void*, _SE_OBJECT_TYPE, wchar_t const*, wchar_t const*) security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc:240
11 firefox.exe  sandbox::SetProcessIntegrityLevel(sandbox::IntegrityLevel) security/sandbox/chromium/sandbox/win/src/restricted_token_utils.cc:315
12 firefox.exe  sandbox::TargetServicesBase::LowerToken() security/sandbox/chromium/sandbox/win/src/target_services.cc:133
13 xul.dll mozilla::SandboxTarget::StartSandbox()  security/sandbox/win/src/sandboxtarget/sandboxTarget.cpp:23

The severity field is not set for this bug.
:gstoll, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(gstoll)

Very low volume, S4 for now.

Severity: -- → S4
Flags: needinfo?(gstoll)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.