Closed Bug 233765 Opened 17 years ago Closed 12 years ago

Crashes on startup with XP SP2 and a processor that supports NX aka Data Execution Prevention (AMD64) (Opteron Athlon 64 FX x86-64)

Categories

(Core Graveyard :: Talkback Client, defect)

x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: tmh, Assigned: namachi)

References

Details

(Keywords: crash, relnote, Whiteboard: [sg:want P2])

User-Agent:       
Build Identifier: Mozilla 1.6 - http://ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.6/mozilla-win32-1.6-installer.exe

I installed the XP SP2 beta to test compatibility with my own software because 
it's a major change (basically it looks like they've backported the win2003 
security model, and then added some other incompatibilities for good measure).

Mozilla won't startup at all in this configuration (I've already filled in a 
talkback but not sure whether these really get looked at).


Reproducible: Always
Steps to Reproduce:
1. Install XP SP2 beta
2. Start mozilla
3. 

Actual Results:  
General protection fault

Expected Results:  
Mozilla starting

Marking critical as there isn't a 'will be critical as soons as this service 
pack goes gold', anyway it's best to fix it before then :)
Reporter, what build of the beta are you using?  Is it publically available so
that I can attempt to reproduce the issue?
Try http://www.geeknewz.com/modules.php?modid=5&action=show&id=4 

The only major problem I found was that the Matrox perhelion drivers don't work 
with it... the nvidia ones are fine though.  Luckily if you have problems the 
uninstall routine works perfectly :)

They seem to have backported the win2003 security into it (eg. impersonation 
privilege is there, and it wasn't before) and apparently DCOM is locked down by 
default.  The firewall is on by default but seems unintrusive - for my tests I 
disabled it.

I don't rule out bugs in the SP of course - it is a beta... it's best to be 
sure, though.


I have one report of WFM for a user who installed moz after installing SP2 beta,
and I personally saw it WFM (I had moz installed, then installed SP2 beta).  Are
you sure you didn't change anything else?

Reporter, if you wouldn't mind, could you try uninstalling SP2, reinstalling
moz, reinstalling SP2 or otherwise seeing if you can reliably reproduce the problem?
The problem is 100% repeatable (on two separate machines now).

Uninstalling and reinstalling mozilla makes no difference.

Note: both of these machines were AMD64 which suppports the non-executable bit
which is utilised by SP2.  In particular it won't let you execute code in the
stack or heap.  Is mozilla trying to do something like this?  It's the only
thing I can think off that would cause different behaviour in other machines.

See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
under "Memory protection in SP2".
The Mozilla Suite works for me using SP2 2082

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040219

Also tested with:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8

And:

Mozilla Thunderbird 0.5+ (20040221)

I did not try to make a reinstall of any of the software.
Flags: blocking1.7b?
I can confirm comment #5.

Mozilla 1.7a works fine for me on WinXP-SP2beta. The SP2 beta was installed
after Mozilla.
Summary: Won't start up after XP SP2 installed → Won't start up after XP SP2 installed (AMD64)
Are those that are getting it to work using AMD64?

If yes please say so.  I'm pretty certain this bug is related to the stack
protection in SP2.  Apparently the Linux mozilla doesn't work with stack
protection either.

I must admit I didn't read comment #4 carefully enough, and I thank whoever
added the text to the summary.

I can get Mozilla to work on WinXP SP2beta on an AMD 32-bit processor.
Blocks: 237202
this would be a good one to get for 1.7 final\ if possible
Flags: blocking1.7b?
Flags: blocking1.7b-
Flags: blocking1.7?
anyone know what is involved in getting this working?
This is due to Mozilla trying to execute code on a no-execute (NX) page.  User
workaround is available in
MyComputer->Properties->Advanced->Settings->ExecutionProtection.  But that
leaves mozilla open to security holes that Explorer will not have on NX capable
CPUs(like in shared plugins).

Look for memory protection documentation on the web.  All comments are relative
to latest version of Mozilla 1.6 and the latest version of SP2 beta.
(In reply to comment #11)
> This is due to Mozilla trying to execute code on a no-execute (NX) page.  User
> workaround is available in
> MyComputer->Properties->Advanced->Settings->ExecutionProtection.  But that
> leaves mozilla open to security holes that Explorer will not have on NX capable
> CPUs(like in shared plugins).
> 
> Look for memory protection documentation on the web.  All comments are relative
> to latest version of Mozilla 1.6 and the latest version of SP2 beta.

BTW. This was confirmed using an ICE, so I'm absolutely certain.
Does this still happen with SP2 RC1 which has just been released (restricted) by
Microsoft?
If anyone want to test You can download the SP2 RC1 from Microsoft
http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Still happens with SP2, but explicitly removing mozilla.exe from the protection
as mentioned in an earlier reply does allow it to work.

(Edit)
I meant 'Still happens with SP2 RC1 ...'
I am running Windows XP and I have installed Mozilla 1.6 but it won't run after 
it installs.  Any thougts?
  Email graizk@socal.rr.com
I am running Windows XP and I have installed Mozilla 1.6 but it won't run after 
it installs.  Any thougts?
  Email graizk@socal.rr.com
Just to add what I can, Mozilla Firefox works without modifying the
DataExecutionPrevention settings. This is using WinXP sp2-rc1 on AMD 64
platform. Also, other programs that needed modifications prompted for changes,
not mozilla though. M$ Conspiracy ??? Heheh
So this bug only impacts users of AMD 64-bit processors running WinXP SP 2
pre-releases? 
That is correct.  AMD64 processors added NX and SP2 is the first OS to start
using it.
I think jst has an opteron system (though I don't know if he has or is willing
to install XP SP2) so adding him to this bug.
Is Mozilla _crashing_? If so, can someone who is experiencing this submit a
talkback ID to this bug for that crash? A stack trace, if any of you are able to
submit that, would probably be very helpful. 
See incident #TB32511933X.  It crashes at startup.

The instruction before the fault is at eip 0x77c30295.  A call to 0x77c578f3. 
Virtual page 0x77c57___ is NX protected by SP2.

Someone in the core development community really needs to get a cheap AMD64
system and install XP-SP2.  There are a lot of application incompatabilities
introduced in SP2 and you'll see all of them using AMD64 processor.  You will be
suffering relative to internet explorer this fall.


Could you try a newer release?  That release is pointed at the old Netscape
talkback servers rather than the new mozilla.org ones.  (The talkback report
number should have fewer digits.)
Here's a talkback incident from a amd64 user on sp2 crashing on startup:

 msvcrt.dll + 0x478f3 (0x77c278f3)
msvcrt.dll + 0x221a8 (0x77c021a8)
msvcrt.dll + 0x26c86 (0x77c06c86)
msvcrt.dll + 0x39ed9 (0x77c19ed9)
msvcrt.dll + 0x3a4bd (0x77c1a4bd)
msvcrt.dll + 0x3ae2b (0x77c1ae2b)
PRMJ_LocalGMTDifference
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/src/prmjtime.c,
line 268]
js_InitDateClass
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/src/jsdate.c, line
1986]
JS_InitStandardClasses
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c, line
1163]
_newJSDContext
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/jsd/jsd_high.c,
line 145]
jsd_DebuggerOnForUser
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/jsd/jsd_high.c,
line 197]
jsdService::OnForRuntime
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/jsd/jsd_xpc.cpp,
line 2452]
jsdASObserver::Observe
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/js/jsd/jsd_xpc.cpp,
line 3274]
nsAppStartupNotifier::Observe
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/embedding/components/appstartup/src/nsAppStartupNotifier.cpp,
line 116]
main1
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1140]
main
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1712]
WinMain
[c:/builds/tinderbox/Mozilla1.7b/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp,
line 1734]
WinMainCRTStartup()
kernel32.dll + 0x256da (0x77d756da)
that looks like mktime. could you try running xpcshell.exe? i expect it crashes too.

also, could you try removing jsd*.dll from your binary dir?

unfortunately i don't have a build env nor do i have the symbols for msvcrt (we
need them, and we should probably configure the talkback or build boxes to have
them). jay?
Assignee: general → general
Component: Browser-General → JavaScript Engine
QA Contact: general → pschwartau
timeless: Unfortunately we have not figured out a way to get Talkback working
with system libraries like msvcrt.dll.  There are too many versions out there
for us to support and with no one around to hack Talkback these days, it's
probably not going to happen anytime soon.  Sorry.  You can log a separate bug
though and I will have Shiva update it if he thinks it might be possible.
This bug is FULLSOFT.DLL.  This DLL calls VirtualAllocEx() without PAGE_EXECUTE
/ PAGE_EXECUTE_READ / PAGE_EXECUTE_READWRITE flags.  Since Page isn't marked,
"/NX" throws access vaiolation when any code into this area runs

So when you rename FULLSOFT.DLL to FULLSOFT.ORG, this doesn't occur.

Can anyone contact FULLSOFT??
let's test out on the new amd64 machine at mofo..

shiva, do you know if the is a fix around for this?  

guess we should figure out how to not install tb on amd64 sp2 systems at a
minimum...
We've got the patch installed on the 64bit system, and we'll smoketest first
thing monday.
Component: JavaScript Engine → Talkback
benc, sounds like you're all over this.

/be
Assignee: general → benc
-> defaults. I'm going to be out of touch for a while...
Assignee: benc → namachi
QA Contact: pschwartau → chofmann
shiva has a set of client binaries with a fix for this coming.  hoping to get
this in the next few days.
We're probably not going to make 1.7 with this. I'll add a release note for
those early adopters who are seeing this. The workaround will be to not install
talkback in a custom install.
Flags: blocking1.7? → blocking1.7-
Keywords: relnote
In newer XP Service pack build (I am currently using 2142) there is a
workaround. I am using the German XP version, so I can only guess the names of
the tabs and menu points, but you should be able to figure it out:

Control Panel -> System -> Advanced -> System performance Settings -> Data
Execution Protection -> Add mozilla.exe to the DEP exception list -> Ok

After that, Mozilla runs again. 
http://forums.mozillazine.org/viewtopic.php?t=86205
not sure if completely relevant, no amd64 mentioned. xp sp2 rc2.
*** Bug 248112 has been marked as a duplicate of this bug. ***
*** Bug 249031 has been marked as a duplicate of this bug. ***
*** Bug 249031 has been marked as a duplicate of this bug. ***
*** Bug 250724 has been marked as a duplicate of this bug. ***
increasing bug visibility...
Summary: Won't start up after XP SP2 installed (AMD64) → Won't start up (crash) after XP SP2 installed (AMD64) (Opteron Athlon 64 FX x86-64)
Clearing the blocking1.8a2 flag because it's no longer requestable, and the fact
that it's already requested is preventing people from being able to add comments
to this bug.
Flags: blocking1.8a2?
Flags: blocking-aviary1.0?
Just a quick note: Microsoft confirmed SP2 will be RTM in August.
This bug is still present, but not visible in Windows XP Service Pack 2 Build
2162 (available only to SP2 beta testers) anymore, because DEP only protects
windows' own applications and services in this release by default. However,
activating DEP for all applications causes this problem again. I suggest to
lower the severity of this bug.
I disagree.  It's important that Mozilla works on machines belonging to
security-concious users... after all, we're gaining a lot of market share just
because IE is so "holey".  Requiring that security be reduced to use Mozilla is
not a good solution.  We need to fix this before Service Pack 2 becomes widely
available.
I don't see any reason the component was changed to "Talkback".
Assignee: namachi → general
Component: Talkback → JavaScript Engine
QA Contact: chofmann → pschwartau
Oh, never mind me.  Now I see comment 29 (which mentioned "Fullsoft" but not
"talkback").

So did anyone confirm that things work fine when you install without talkback? 
Is talkback the only problem, or are there multiple problems.
Assignee: general → namachi
Component: JavaScript Engine → Talkback
QA Contact: pschwartau → chofmann
*** Bug 251672 has been marked as a duplicate of this bug. ***
*** Bug 252914 has been marked as a duplicate of this bug. ***
Shiva:  Any update on the binaries Chris mentioned in comment #34?  

Also, as dbaron asked earlier in comment #48, are we sure this is a Talkback
only related crash or are others seeing this without Talkback?
Keywords: crash
I'm pretty sure it's just Talkback that's crashing. I can't reproduce without
talkback deselected in the installer. 
Flags: blocking1.8a3? → blocking1.8a3-
*** Bug 256169 has been marked as a duplicate of this bug. ***
In english :
Same probleme that above,
on AMD 2000 XP
XP PRO SP2
I make the mozilla setup... and that all, i see GRE etc...
and after 5 secondes, i try to click on mozilla in the "starting menu"
and nothing...no more dragon on my desktop, just an "E"/

But anyway i have made the same installation on my girlfriend computer...
but i can use mozilla on her computer !!!! 

That's quite strange, but i had a lot of ntfs security problems with sp2....
The SP2 implemente the same security sheme that u can find on xp 2003....

fed up of that ....is microsoft aware of mozilla ?....lol.

I translate it on french here down,
Thank you mozilla developpers.



Voilà en français ce que celà donne :
 Impossible d'installer Mozilla 1.7 sur une installation XP SP2

J'utilise une distribution française XP LSD 1.0....

Sur un poste je peux intaller mozilla
sur l'autre pas...
Mais l'autre ordi biensur j'ai trafiqué le réseau....
Works for me.
Mozilla 1.7.3 , Win XP Home SP2, AMD Athlon64 3200+ .
I activated DEP for all applications. There are other applications that don't
work with DEP on my system, but Mozilla works. Talkback is installed. I can run
talkback.exe without a problem.
WFM using Firefox 1.0PR.  A64 3000+, XP SP2, DEP on.
the work around may have to be the way we solve this until we can get a new drop
of the talkback client which is open ended...
Flags: blocking-aviary1.0? → blocking-aviary1.0-
(In reply to comment #57)
> the work around may have to be the way we solve this until we can get a new drop
> of the talkback client which is open ended...
As I said, I don't need any workaround (See comment #55) and talkback works for
me with DEP. So perhaps something else is the reason for the problems others
have? Maybe an installed erroneous plugin?
*** Bug 271265 has been marked as a duplicate of this bug. ***
I just saw this today on my friend's brand new XP64bit beta box. The first thing
he did was instal Firefox 1.0 on the box after WinXP 64bit.

From what I can tell, XP64 (at least the beta at this point) turns on DEP for
all applications without asking.

On a good note, after it crashes Firefox, it tells you why... it brings up a box
declaring that the application violated DEP and then offers you a dialog box
where you can add this program to the exception list.

I'm going to go tomorrow and see if I can narrow it down to whether this is
talkback specifically by having him install the suite in both talkback and
non-talkback versions. 
I had turned off DEP for everything a while ago. I turned it back on today and
Firefox starts up but crashes when I try to use Java. It asks me if I want to
debug it using Whidbey. I'm going back to turning DEP off for everything.
Whiteboard: [sg:want P2]
*** Bug 310040 has been marked as a duplicate of this bug. ***
Summary: Won't start up (crash) after XP SP2 installed (AMD64) (Opteron Athlon 64 FX x86-64) → Crashes on startup with XP SP2 and a processor that supports NX aka Data Execution Protection (AMD64) (Opteron Athlon 64 FX x86-64)
chofmann, what happened with the new Talkback client binaries you mentioned you mentioned in 2004-05-25?  Are we shipping them now, making this FIXED?
Seems to be re-ocurring with Firefox 2.0.0.2 and TalkBack 2.0.0.2 - XP home SP2 + all patches as of 2007-02-25, amd64 system.  If DEP is turned on, Firefox exits silently with no error message, unless I start in safe mode and disable all add-ons.  Re-enabling all but TalkBack still works, TalkBack makes it exit silently when run.
Starts up OK if you manually run talkback.exe and choose settings -> Turn Agent Off.  Couldn't find any more appropriate looking bug.
Summary: Crashes on startup with XP SP2 and a processor that supports NX aka Data Execution Protection (AMD64) (Opteron Athlon 64 FX x86-64) → Crashes on startup with XP SP2 and a processor that supports NX aka Data Execution Prevention (AMD64) (Opteron Athlon 64 FX x86-64)
This was talkback issue.  On breakpad, this issue doesn't occurs.  fix by wont'fix.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Duplicate of this bug: 256169
Duplicate of this bug: 369927
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.