330765 - NPSWF32.dll + [@ 0x] crash tracking bug... (Flash player)

Status: RESOLVED INCOMPLETE

(External Software Affecting Firefox Graveyard :: Flash (Adobe), defect)

Description

[chris hofmann]

multi-line talkback search shows 66k firefox 1.5 crashes with NPSWF32.dll in the top five frames of the stack...   we need some more work to diagnose what is going on and isolate problems in plugin api/plugin code...

don't everyone run this since it brings the talkback reporting server to it knees spitting out results...

http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stack&match=contains&searchfor=NPSWF32.dll&vendor=MozillaOrg&product=Firefox15&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=stack

jay will try and get us an improved tool to break things down into reasonable/usefull chunks that we can digest..


here are some place to start looking...


http://jsnb.shutterbook.com

0x00000000
npswf32.dll + 0x77fd1 (0x30077fd1)
npswf32.dll + 0xab02 (0x3000ab02)
npswf32.dll + 0x95df1 (0x30095df1)
npswf32.dll + 0x96b42 (0x30096b42)

-------------------------------------------------
shutterbook.com
User Comments	opening photo in new window in order to save to file.

0x00000000
NPSWF32.dll + 0x77fd1 (0x30077fd1)
NPSWF32.dll + 0xab02 (0x3000ab02)
NPSWF32.dll + 0x95df1 (0x30095df1)
MSCTF.dll + 0x10455 (0x74730455)
-------------------------------------------------

http://www.in.gr

Stack Trace  	
0x00000000
npswf32.dll + 0x675ee (0x300675ee)
npswf32.dll + 0x15920 (0x30015920)
npswf32.dll + 0x7e20d (0x3007e20d)
npswf32.dll + 0x5726e (0x3005726e)
0x03b9e200
0x1c408b04

-------------------------------------------------

http://www.money.net/phpscripts/screamer - Exiting the site

0x00000000
npswf32.dll + 0x25163 (0x07c75163)

Comment 1

[Jesse Ruderman]

Peter, you or others at Macromedia might be interested in these stacks.  Since they have non-function addresses at the top of the stack, they're likely to represent bugs that can lead to arbitrary code execution.

Comment 2

[Michelle Sintov]

My opinion on this: Previously, I have tried to reproduce bugs solely based on the information in Talkback. Unfortunately, I find that this is not a good use of our time. The bugs are most often not reproducible with the url provided. While it is possible we could trace each bug down using the plug-in version number, OS and crash address, unfortunately we rarely have time for this. It would be most ideal for us if only actual reproducible bugs were sent to us. Or, if there is one stack you see many many times that is of concern, we could consider investigating that. Thanks for your help.

Comment 3

[Jesse Ruderman]

Are you able to get function names from the "npswf32.dll + offset" that Talkback gives you?

Comment 4

[Michelle Sintov]

My apologies for my hasty reply. I didn't consider the full implications on this. We are reviewing this issue.

Comment 5

[chris hofmann]

Hi Michelle, any updates?

Comment 6

[Emmy]

Is there a proposal for how we can best make use of this crash information? Seems like we've tried to analyze and repro in the past based on the logs and it didn't yield any actionable results. Michelle's suggestion on bubbling up the top URLS might be a good start? The urls listed below are a bit problematic, for example:

http://www.money.net/phpscripts/screamer - requires a login
http://www.in.gr - only flash I could find was an ad, which probably rotates

Comment 7

[Josh Aas]

This looks like a very old NULL-deref crash, I don't see any reason this needs to remain hidden.

Comment 8

[Benjamin Smedberg]

No longer using this bug to track anything important, especially with crash-stats and Flash symbols being a real thing.