Crash with Yahoo State Plugin (from Yahoo Messenger) - using some allocator that isn't NPN_MemAlloc

RESOLVED FIXED

Status

Tech Evangelism Graveyard
English US
--
critical
RESOLVED FIXED
10 years ago
3 years ago

People

(Reporter: Brian Polidoro, Unassigned)

Tracking

({crash, regression})

Details

(URL)

Attachments

(5 obsolete attachments)

(Reporter)

Description

10 years ago
The page given crashes onload.  It does not crash when I disable the Yahoo State Plugin.  

20080204 nightly ok
2008020423       crash

http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-02-04+04%3A00%3A00&maxdate=2008-02-04+23%3A00%3A00&cvsroot=%2Fcvsroot

I have the latest Yahoo Messenger (v 8.1.0.421)

bp-4b2a39de-e0ed-11dc-b440-001a4bd43ef6
bp-af00895c-e0ec-11dc-b276-001a4bd46e84

jemalloc is in the stack of both crash reports so that's the prime suspect.
Flags: blocking1.9?
(Reporter)

Updated

10 years ago
Severity: normal → critical
Keywords: crash

Comment 1

10 years ago
This plugin is using the wrong allocator to pass data across boundaries.  Do we know people at yahoo we can poke to fix this?

Comment 2

10 years ago
Same thing happens with compiled extensions like HTML Validator ( https://addons.mozilla.org/es-ES/firefox/addon/249 )
My bpids are 
bp-79347417-df0d-11dc-9271-001a4bd43ed6
bp-13296d9c-df0e-11dc-b8d8-001a4bd43ef6

Comment 3

10 years ago
I'm hunting for the right person at Yahoo! to help out with this (since that person is definitely not me).  Will post back soon.

Comment 4

10 years ago
Pablo: please file a new bug for that extension.  They'll need to fix their code as well.
--> Tech Evang
Assignee: nobody → english-us
Component: General → English US
Flags: blocking1.9?
Product: Core → Tech Evangelism
QA Contact: general → english-us
Version: Trunk → unspecified

Comment 6

10 years ago
The plugin should be using NPN_MemAlloc (http://developer.mozilla.org/en/docs/NPN_MemAlloc) to allocate this string.

Updated

10 years ago
Summary: Crash with Yahoo State Plugin (from Yahoo Messenger) → Crash with Yahoo State Plugin (from Yahoo Messenger) - using some allocator that isn't NPN_MemAlloc
(Reporter)

Comment 7

10 years ago
Should a bug be filed to blocklist versions of the Yahoo State Plugin that crash? 

Updated

10 years ago
Duplicate of this bug: 421427

Comment 9

10 years ago
forwarded to my contacts at Y!

Comment 10

10 years ago
This has been forwarded to the Product Manager for Y! Messenger, who is now investigating. I'll update the ticket as I receive more info.
(In reply to comment #7)
> Should a bug be filed to blocklist versions of the Yahoo State Plugin that
> crash? 
> 
just for info, filed Bug 421993 for this.

Updated

10 years ago
Duplicate of this bug: 423482

Updated

10 years ago
Duplicate of this bug: 423766
Duplicate of this bug: 423792

Updated

10 years ago
Duplicate of this bug: 423608

Updated

10 years ago
Duplicate of this bug: 425310
Duplicate of this bug: 425674
Duplicate of this bug: 426215
Duplicate of this bug: 426262

Updated

10 years ago
Duplicate of this bug: 426375

Updated

10 years ago
Duplicate of this bug: 424200

Comment 22

10 years ago
what I described on bug 424200 occured also on the website: http://www.cartoonnetwork.com/games/ben10/cannonboltpinball/te:  

Updated

10 years ago
Duplicate of this bug: 426728

Comment 24

10 years ago
here the logs, this BLOCKER :) !! 

I have done of many Quality Assurance before and the definition of BLOCKER is : "you aven't any WORKAROUND , to bypass the pb"

what is your workaround ? 
you give me workaround and I change the severity to "critical"




Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe"
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
ModLoad: 00400000 0044c000   firefox.exe
ModLoad: 7c910000 7c9c7000   ntdll.dll
ModLoad: 7c800000 7c905000   C:\WINDOWS\system32\kernel32.dll
ModLoad: 60490000 60dd7000   C:\Program Files\Mozilla Firefox 3 Beta 5\xul.dll
ModLoad: 60210000 60277000   C:\Program Files\Mozilla Firefox 3 Beta 5\sqlite3.dll
ModLoad: 60000000 600ae000   C:\Program Files\Mozilla Firefox 3 Beta 5\MOZCRT19.dll
ModLoad: 77be0000 77c38000   C:\WINDOWS\system32\msvcrt.dll
ModLoad: 60100000 601ac000   C:\Program Files\Mozilla Firefox 3 Beta 5\js3250.dll
ModLoad: 600b0000 600e0000   C:\Program Files\Mozilla Firefox 3 Beta 5\nspr4.dll
ModLoad: 77da0000 77e4c000   C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee1000   C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 71a10000 71a1a000   C:\WINDOWS\system32\WSOCK32.dll
ModLoad: 719f0000 71a07000   C:\WINDOWS\system32\WS2_32.dll
ModLoad: 719e0000 719e8000   C:\WINDOWS\system32\WS2HELP.dll
ModLoad: 76ae0000 76b0f000   C:\WINDOWS\system32\WINMM.dll
ModLoad: 7e390000 7e420000   C:\WINDOWS\system32\USER32.dll
ModLoad: 77ef0000 77f37000   C:\WINDOWS\system32\GDI32.dll
ModLoad: 60430000 60448000   C:\Program Files\Mozilla Firefox 3 Beta 5\smime3.dll
ModLoad: 60340000 603ea000   C:\Program Files\Mozilla Firefox 3 Beta 5\nss3.dll
ModLoad: 603f0000 60404000   C:\Program Files\Mozilla Firefox 3 Beta 5\nssutil3.dll
ModLoad: 600f0000 600f7000   C:\Program Files\Mozilla Firefox 3 Beta 5\plc4.dll
ModLoad: 600e0000 600e7000   C:\Program Files\Mozilla Firefox 3 Beta 5\plds4.dll
ModLoad: 60410000 60430000   C:\Program Files\Mozilla Firefox 3 Beta 5\ssl3.dll
ModLoad: 7c9d0000 7d1f5000   C:\WINDOWS\system32\SHELL32.dll
ModLoad: 77f60000 77fd6000   C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 774a0000 775dd000   C:\WINDOWS\system32\ole32.dll
ModLoad: 77bd0000 77bd8000   C:\WINDOWS\system32\VERSION.dll
ModLoad: 72f50000 72f76000   C:\WINDOWS\system32\WINSPOOL.DRV
ModLoad: 76340000 7638a000   C:\WINDOWS\system32\COMDLG32.dll
ModLoad: 77390000 77493000   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
ModLoad: 76320000 7633d000   C:\WINDOWS\system32\IMM32.dll
ModLoad: 76310000 76315000   C:\WINDOWS\system32\MSIMG32.dll
ModLoad: 753c0000 7542b000   C:\WINDOWS\system32\USP10.dll
ModLoad: 770e0000 7716b000   C:\WINDOWS\system32\OLEAUT32.dll
ModLoad: 60de0000 60de7000   C:\Program Files\Mozilla Firefox 3 Beta 5\xpcom.dll
(928.136c): Break instruction exception - code 80000003 (first chance)
eax=001a1eb4 ebx=7ffdf000 ecx=00000005 edx=00000020 esi=001a1f48 edi=001a1eb4
eip=7c911230 esp=0013fb20 ebp=0013fc94 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
ntdll!DbgBreakPoint:
7c911230 cc              int     3
0:000> g
ModLoad: 5cea0000 5cec6000   C:\WINDOWS\system32\ShimEng.dll
ModLoad: 62dc0000 62dc9000   C:\WINDOWS\system32\LPK.DLL
ModLoad: 10000000 10016000   C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
ModLoad: 5d3f0000 5d491000   C:\WINDOWS\system32\dbghelp.dll
ModLoad: 5b090000 5b0c8000   C:\WINDOWS\system32\uxtheme.dll
ModLoad: 74690000 746db000   C:\WINDOWS\system32\MSCTF.dll
ModLoad: 778e0000 779d8000   C:\WINDOWS\system32\SETUPAPI.dll
ModLoad: 77b50000 77b72000   C:\WINDOWS\system32\apphelp.dll
ModLoad: 75140000 7516e000   C:\WINDOWS\system32\msctfime.ime
ModLoad: 76f80000 76fff000   C:\WINDOWS\system32\CLBCATQ.DLL
ModLoad: 77000000 770d4000   C:\WINDOWS\system32\COMRes.dll
ModLoad: 601b0000 601b8000   C:\Program Files\Mozilla Firefox 3 Beta 5\components\browserdirprovider.dll
ModLoad: 71990000 719d0000   C:\WINDOWS\system32\mswsock.dll
ModLoad: 62e40000 62e99000   C:\WINDOWS\system32\hnetcfg.dll
ModLoad: 719d0000 719d8000   C:\WINDOWS\System32\wshtcpip.dll
ModLoad: 76d10000 76d29000   C:\WINDOWS\system32\iphlpapi.dll
ModLoad: 76ed0000 76ef7000   C:\WINDOWS\system32\DNSAPI.dll
ModLoad: 76f60000 76f68000   C:\WINDOWS\System32\winrnr.dll
ModLoad: 76f10000 76f3d000   C:\WINDOWS\system32\WLDAP32.dll
ModLoad: 5a900000 5a912000   C:\WINDOWS\system32\pnrpnsp.dll
ModLoad: 20000000 202da000   C:\WINDOWS\system32\xpsp2res.dll
ModLoad: 602f0000 60315000   C:\Program Files\Mozilla Firefox 3 Beta 5\softokn3.dll
ModLoad: 60320000 60338000   C:\Program Files\Mozilla Firefox 3 Beta 5\nssdbm3.dll
ModLoad: 60450000 60489000   C:\Program Files\Mozilla Firefox 3 Beta 5\freebl3.dll
ModLoad: 602a0000 602e4000   C:\Program Files\Mozilla Firefox 3 Beta 5\nssckbi.dll
ModLoad: 601c0000 601e3000   C:\Program Files\Mozilla Firefox 3 Beta 5\components\brwsrcmp.dll
ModLoad: 58ff0000 58ff7000   C:\WINDOWS\System32\wship6.dll
ModLoad: 76f70000 76f76000   C:\WINDOWS\system32\rasadhlp.dll
ModLoad: 30000000 30395000   C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
ModLoad: 44080000 4414f000   C:\WINDOWS\system32\WININET.dll
ModLoad: 02620000 02629000   C:\WINDOWS\system32\Normaliz.dll
ModLoad: 43e00000 43e45000   C:\WINDOWS\system32\iertutil.dll
ModLoad: 779e0000 77a76000   C:\WINDOWS\system32\CRYPT32.dll
ModLoad: 77a80000 77a92000   C:\WINDOWS\system32\MSASN1.dll
ModLoad: 75d30000 75dc1000   C:\WINDOWS\system32\mlang.dll
ModLoad: 72c70000 72c79000   C:\WINDOWS\system32\wdmaud.drv
ModLoad: 76be0000 76c0e000   C:\WINDOWS\system32\WINTRUST.dll
ModLoad: 76c40000 76c68000   C:\WINDOWS\system32\IMAGEHLP.dll
ModLoad: 72c60000 72c68000   C:\WINDOWS\system32\msacm32.drv
ModLoad: 77bb0000 77bc5000   C:\WINDOWS\system32\MSACM32.dll
ModLoad: 77ba0000 77ba7000   C:\WINDOWS\system32\midimap.dll
ModLoad: 02690000 026a1000   C:\WINDOWS\system32\Secur32.dll
ModLoad: 76790000 767b7000   C:\WINDOWS\system32\schannel.dll
ModLoad: 6fee0000 6ff34000   C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 76960000 76a15000   C:\WINDOWS\system32\USERENV.dll
ModLoad: 04530000 04537000   C:\Program Files\Yahoo!\Messenger\idle.dll
ModLoad: 7c340000 7c396000   C:\Program Files\Yahoo!\Messenger\MSVCR71.dll
ModLoad: 04680000 0468f000   C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
ModLoad: 77760000 778d0000   C:\WINDOWS\system32\shdocvw.dll
ModLoad: 76610000 76694000   C:\WINDOWS\system32\CRYPTUI.dll
ModLoad: 74da0000 74e0c000   C:\WINDOWS\system32\RichEd20.dll
ModLoad: 029b0000 029c2000   C:\Program Files\Yahoo!\Shared\npYState.dll
(928.136c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=029d2068 ebx=02900000 ecx=7ffde000 edx=00000000 esi=000000d2 edi=00000000
eip=7c911010 esp=0013f5e4 ebp=029d2068 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
ntdll!RtlEnterCriticalSection+0xb:
7c911010 837a1400        cmp     dword ptr [edx+14h],0 ds:0023:00000014=????????
Duplicate of this bug: 426798

Updated

10 years ago
Duplicate of this bug: 424568
Mark: I asked shaver how we could make sure that there's someone on our side at the ready to help Kev with this, and he said "copy mfinkle on the bug and tell him I said so." :)

Comment 28

10 years ago
I have been in touch with Yahoo! (exchanged email yesterday) and they are working on the fix still. No firm ETA until they have it in place in their dev environment, but they have replicated the issue. I have offered our assistance from the get go, and am supposed to have an update tomorrow.

Updated

10 years ago
Duplicate of this bug: 427328

Updated

10 years ago
Duplicate of this bug: 427363

Updated

10 years ago
Blocks: 421993

Updated

10 years ago
Duplicate of this bug: 427709

Updated

10 years ago
Duplicate of this bug: 427737
Duplicate of this bug: 427897
This seems to be causing enough of a crashing issue so that in my opinion (which does not count for much) this plug-in should be block listed.

Comment 35

10 years ago
yes, we are in the process of blocklisting the bad version, while yahoo messenger team is working on a fix for this.

Updated

10 years ago
Duplicate of this bug: 422024

Comment 37

10 years ago
Here r the crash reports that went out. You guys seem to have located the problem, so you probably dont need them anymore. Just in case, you still do.. here they are.
 
    
de568499-0289-11dd-b3ba-001cc45a2ce4	04.04.2008	22:58
5280f805-027a-11dd-930a-001cc4e2bf68	04.04.2008	21:07
986678f3-f047-11dc-845a-001a4bd43ed6	12.03.2008	16:18
75df9997-f047-11dc-92dc-001a4bd43e5c	12.03.2008	16:17
61cb4066-f047-11dc-a652-001a4bd43ef6	12.03.2008	16:17

Updated

10 years ago
Duplicate of this bug: 428743

Comment 39

10 years ago
Yahoo! has confirmed that they have identified and corrected this issue. They will be releasing an update to the Application State Plugin that corrects the bug on May 12, 2008.

Name: Yahoo Application State Plugin
Desc: Yahoo Application State Plugin version 1.0.0.6
File name: npYState.dll

Kev - so all pre-1.0.0.6 versions are just "Yahoo Application State Plugin" and after the update they will include "version 1.0.0.6" in the plugin description?  Please verify.

Comment 41

10 years ago
Mogramic - correct. Will send you email as well.

Comment 42

10 years ago
they promise never to release a 1.0.0.7? :)

Comment 43

10 years ago
Fixed by blocklisting plugin from bug 421993.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Comment 44

10 years ago
What happen to Yahoo tool bar?I can't enable it.Is this part of the crashing problem?I use this tool all the time so I'm assuming alot of others here do to.At a loss.    =v(

Comment 45

10 years ago
Created attachment 335009 [details]
haha
The content of attachment 335009 [details] has been deleted by
    Dave Miller [:justdave] <justdave@mozilla.com>
who provided the following reason:

probably malicious code, no indication that it has anything to do with the bug

The token used to delete this attachment was generated at 2008-08-22 08:14:28 PDT.

Comment 47

10 years ago
Created attachment 343732 [details]
firefox.exe

it wont work

Updated

10 years ago
Attachment #343732 - Attachment description: yahoo state pulgin → firefox.exe
Attachment #343732 - Attachment is obsolete: true
Attachment #343732 - Attachment is patch: false
Attachment #343732 - Attachment mime type: text/plain → application/octet-stream
Comment on attachment 343732 [details]
firefox.exe

Why you are attaching firefox.exe to this bug report I don't know. Please open a new bug if you are still seeing some kind of problem this bug is resolved.

Comment 49

9 years ago
i cant  resolves this problem

Comment 50

9 years ago
Created attachment 375529 [details]

Updated

9 years ago
Attachment #375529 - Attachment description: Crash with Yahoo State Plugin (from Yahoo Messenger) - using some allocator that isn't NPN_MemAlloc →
Attachment #375529 - Attachment filename: wgasetup.exe → spam
Attachment #375529 - Attachment is obsolete: true
Attachment #375529 - Attachment mime type: application/x-msdos-program → application/x-unknown

Comment 51

9 years ago
Created attachment 375535 [details]
The page given crashes onload.  It does not crash when I disable the Yahoo State Plugin.

Comment 52

9 years ago
Created attachment 375536 [details]
375535: The page given crashes onload. It does not crash when I disable the Yahoo State Plugin.
The content of attachment 375535 [details] has been deleted by
    Dave Miller [:justdave] <justdave@mozilla.com>
who provided the following reason:

Windows EXE file, unrelated to bug

The token used to delete this attachment was generated at 2009-05-03 14:38:01 PDT.
The content of attachment 375536 [details] has been deleted by
    Dave Miller [:justdave] <justdave@mozilla.com>
who provided the following reason:

Windows EXE file, unrelated to bug

The token used to delete this attachment was generated at 2009-05-03 14:39:13 PDT.
The content of attachment 375529 [details] has been deleted by
    Dave Miller [:justdave] <justdave@mozilla.com>
who provided the following reason:

Windows EXE file, unrelated to bug

The token used to delete this attachment was generated at 2009-05-03 14:42:51 PDT.
The content of attachment 343732 [details] has been deleted by
    Dave Miller [:justdave] <justdave@mozilla.com>
who provided the following reason:

Windows EXE file, unrelated to bug

The token used to delete this attachment was generated at 2009-05-03 14:43:41 PDT.

Comment 57

7 years ago
Is this why I'm getting kicked off Yahoo Messenger and being told I've signed in from another computer or device when I indeed haven't? '
Thank you,'
Lee
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.