Zero'd stack after call to memzero

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
11 years ago
9 years ago

People

(Reporter: david_dillard, Unassigned)

Tracking

({crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052206 Minefield/3.0pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052206 Minefield/3.0pre

Occasionally, while using Digg (digging things up or down and posting comments, not just viewing) I get the crash below with a zero'd stack after a call to memzero().  Bug 433289 is MUCH more common than this one in that usage scenario.

(469c.3318): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00730020 ebx=00000000 ecx=01320f90 edx=00000006 esi=00000004 edi=601a48e0
eip=00730028 esp=bc8a2be0 ebp=06673230 iopl=0         nv up ei ng nz na po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010283
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]
ds:0023:00000004=?? es:0023:601a48e0=54
0:000> analyze
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\bmnet.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
C:\WINDOWS\system32\bmnet.dll - 
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\system32\xpsp2res.dll
*** WARNING: Unable to verify checksum for firefox.exe
Cannot find frame 0x211, previous scope unchanged
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
+730028
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00730028
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

FAULTING_THREAD:  00003318

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000004 

FAILED_INSTRUCTION_ADDRESS: 
+730028
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

IP_ON_HEAP:  00730028

ADDITIONAL_DEBUG_TEXT:  Followup set via attribute from Frame 0 on thread
ffffffff

LAST_CONTROL_TRANSFER:  from 00000000 to 00730028

DEFAULT_BUCKET_ID:  ZEROED_STACK

PRIMARY_PROBLEM_CLASS:  ZEROED_STACK

BUGCHECK_STR: 
APPLICATION_FAULT_ZEROED_STACK_NULL_INSTRUCTION_PTR_STACK_CORRUPTION_STACK_CORRUPTION

STACK_TEXT:  
6001335b MOZCRT19!_VEC_memzero
607ce9d1 xul!AffixMgr::encodeit
60c53aa4 xul!`string'
607ced0a xul!AffixMgr::encodeit
60006934 MOZCRT19!arena_malloc_small
60006962 MOZCRT19!arena_malloc
60008135 MOZCRT19!malloc
60800da0 xul!HashMgr::decode_flags
60800f06 xul!HashMgr::decode_flags
7c94a1f5 ntdll!RtlAllocateHeapSlowly
7c91b5f4 ntdll!RtlAllocateHeapSlowly
7c91b686 ntdll!RtlAllocateHeapSlowly
7c90ee18 ntdll!_except_handler3
7c91b690 ntdll!CheckHeapFillPattern
7c96d8a2 ntdll!RtlDebugAllocateHeap
7c96d886 ntdll!RtlDebugAllocateHeap
7c96d8a8 ntdll!`string'
7c949d18 ntdll!RtlAllocateHeapSlowly
7c91b298 ntdll!RtlAllocateHeap
7c9106eb ntdll!RtlAllocateHeap
7c910945 ntdll!RtlAcquirePebLock
7c91094e ntdll!RtlAcquirePebLock
7c914190 ntdll!RtlpValidateCurrentDirectory
7c901005 ntdll!RtlEnterCriticalSection
7c910970 ntdll!RtlReleasePebLock
7c97e4c0 ntdll!FastPebLock
7c913e6f ntdll!RtlGetFullPathName_Ustr
7c913e62 ntdll!RtlGetFullPathName_Ustr
7c949b34 ntdll!RtlpCoalesceFreeBlocks
7c926a44 ntdll!RtlFreeHeapSlowly
7c926abe ntdll!RtlFreeHeapSlowly
7c91402e ntdll!RtlDosPathNameToNtPathName_Ustr
7c9140ef ntdll!RtlDosPathNameToNtPathName_Ustr
7c9140bb ntdll!RtlDosPathNameToNtPathName_Ustr
7c96cde9 ntdll!RtlpValidateHeap
6051a60f xul!AppendUTF16toUTF8
604f3390 xul!PL_DHashMatchStringKey
604fc0ac xul!SearchTable
604f3370 xul!PL_DHashMatchStringKey
604fbf9c xul!PL_DHashTableOperate
604edc90 xul!nsAString_internal::ReplacePrep
6054475e xul!nsPersistentProperties::GetStringProperty
60616b7a xul!nsGREResProperties::Get
60616b87 xul!nsGREResProperties::Get
6051a0fc xul!nsACString_internal::SetCapacity
6051a10f xul!nsACString_internal::SetCapacity
6051f800 xul!nsACString_internal::EnsureMutable
60566578 xul!LossyAppendUTF16toASCII
604a89eb xul!nsCharsetAlias2::GetPreferred
604a8848 xul!nsCharsetAlias2::GetPreferred
7c926ac8 ntdll!CheckHeapFillPattern
7c9268ad ntdll!RtlFreeHeap
7c91056d ntdll!RtlFreeHeap
7c91043d ntdll!RtlFreeHeap
60c693c0 xul!`string'
60638e68 xul!StabilizedQueryInterface<nsOneByteDecoderSupport>
600cdf92 nspr4!_MD_CURRENT_THREAD
60508963 xul!nsComponentManagerImpl::GetServiceByContractID
60c69e24 xul!nsIUnicodeEncoder::COMTypeInfo<int>::kIID
6050c6f5 xul!CallGetService
60c6a1f4 xul!nsICharsetAlias::COMTypeInfo<int>::kIID
6063212b xul!nsCharPtrHashKey::KeyEquals
6063211e
xul!nsTHashtable<nsBaseHashtableET<nsCharPtrHashKey,nsCOMPtr<nsIUnicodeDecoder>
> >::s_MatchEntry
60632111
xul!nsTHashtable<nsBaseHashtableET<nsCharPtrHashKey,nsCOMPtr<nsIUnicodeDecoder>
> >::s_MatchEntry
60652dfa xul!uMapCode
60bb05b0 xul!nsPrincipal::sInvalid
60bb05c0 xul!nsPrincipal::sInvalid
6079252d xul!nsUnicodeEncodeHelper::ConvertByTable
607925f7 xul!nsTableEncoderSupport::ConvertNoBuffNoErr
607926e1 xul!nsEncoderSupport::ConvertNoBuff
60006c76 MOZCRT19!arena_dalloc_small
60006d3e MOZCRT19!arena_dalloc
60006d48 MOZCRT19!arena_dalloc
60007d90 MOZCRT19!free
60007d70 MOZCRT19!free
606400dd xul!nsTableEncoderSupport::`scalar deleting destructor'
606321ed xul!nsBasicEncoder::Release
6052d6ee xul!nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener>
609c8ac6 xul!get_current_cs
609c97fe xul!AffixMgr::parse_file
609c9854 xul!AffixMgr::parse_file
20000000 xpsp2res
600a3b48 MOZCRT19!_iob
606dd929 xul!ContextState::UseConservativeBreaking
606dd92f xul!ContextState::UseConservativeBreaking
60626111 xul!ContextualAnalysis
60625f1b xul!nsJISx4051LineBreaker::GetJISx4051Breaks
60633d72 xul!BuildTextRunsScanner::BreakSink::SetBreaks
604ef200 xul!nsTArray_base::ShiftData
60d68dcc xul!nsTArray_base::sEmptyHdr
605ac8da xul!nsLineBreaker::FlushCurrentWord
605ac8e7 xul!nsLineBreaker::FlushCurrentWord
605ac901 xul!nsLineBreaker::FlushCurrentWord
6052d3f4 xul!CSSStyleRuleImpl::MapRuleInfoInto
605212fe xul!nsRuleNode::WalkRuleTree
605a69ba xul!nsRuleNode::GetSVGData
605a6c7f xul!nsCSSSVG::~nsCSSSVG
605a69cd xul!nsRuleNode::GetSVGData
60523eac xul!nsRuleNode::GetStyleData
60521744 xul!nsRuleNode::WalkRuleTree
77f2c4fc GDI32!NtGdiGetTextExtentExW
77f3dd19 GDI32!GetTextExtentExPointI
6058ce8f xul!nsTArray<gfxTextRun::GlyphRun>::AppendElements
60626de8 xul!SetupTextRunFromGlyphs
60626df3 xul!SetupTextRunFromGlyphs
60626e01 xul!SetupTextRunFromGlyphs
607d2634 xul!nsTArray<KeyPair>::AssignRange<KeyPair>
606210a4
xul!nsTArray<nsLineBreaker::TextItem>::AppendElements<nsLineBreaker::TextItem>
608b3f71
xul!nsTArray<nsLineBreaker::TextItem>::AppendElement<nsLineBreaker::TextItem>
608e2bf2 xul!nsLineBreaker::AppendText
608e2c0c xul!nsLineBreaker::AppendText
605a0000 xul!CNavDTD::CloseContainer
60040001 MOZCRT19!_vcprintf_l
605f3589 xul!nsRuleNode::SetFontSize
605f2aea xul!nsRuleNode::SetFont
605f2a28 xul!nsRuleNode::SetFont
605e3414 xul!nsRuleNode::ComputeFontData
60674c38 xul!_moz_cairo_surface_reference
605ede58 xul!gfxASurface::AddRef
60675bc8 xul!_moz_cairo_surface_destroy
6061ca38 xul!gfxWindowsFontGroup::InitTextRunGDI
6061ca52 xul!gfxWindowsFontGroup::InitTextRunGDI
6061ca63 xul!gfxWindowsFontGroup::InitTextRunGDI
605e342d xul!nsRuleNode::ComputeFontData
605e343b xul!nsRuleNode::ComputeFontData
605d3611 xul!nsLineBreaker::AppendText
6058cd76 xul!gfxTextRun::CopyGlyphDataFrom
6058cd59 xul!gfxTextRun::CopyGlyphDataFrom
6058cbe4 xul!TextRunWordCache::FinishTextRun
60d2023c xul!gfxWindowsFontGroup::`vftable'
60563c9c xul!TextRunWordCache::MakeTextRun
60563ccf xul!TextRunWordCache::MakeTextRun
00410020 firefox!__dyn_tls_init_callback <PERF> (firefox+0x10020)
2011c544 xpsp2res
60005cea MOZCRT19!arena_run_tree_s_RB_INSERT
60006cee MOZCRT19!arena_dalloc_small
6061a341 xul!HasCompressedLeadingWhitespace
6070f7e3 xul!BuildTextRunsScanner::SetupBreakSinksForTextRun
606cbea6 xul!nsTArray<Expr *>::RemoveElementsAt
605aa194 xul!BuildTextRunsScanner::BuildTextRunForFrames
605aa1a7 xul!BuildTextRunsScanner::BuildTextRunForFrames
605aa1be xul!BuildTextRunsScanner::BuildTextRunForFrames
606dd951 xul!ContextState::UseConservativeBreaking
605d362c xul!nsLineBreaker::AppendText
605d3647 xul!nsLineBreaker::AppendText
60633df6 xul!gfxTextRun::SetPotentialLineBreaks
606dd957 xul!ContextState::UseConservativeBreaking
60626126 xul!ContextualAnalysis
606f8bec xul!gfxTextRun::AddGlyphRun
605ac801 xul!nsLineBreaker::FlushCurrentWord
60632576 xul!AddFontNameToArray
605ba960 xul!gfxTextRun::gfxTextRun
604c6609 xul!AppendASCIItoUTF16
604c661d xul!AppendASCIItoUTF16
60585121 xul!nsTHashtable<TextRunWordCache::CacheHashEntry>::s_MatchEntry
604fbe91 xul!PL_DHashTableOperate
604fbe05 xul!PL_DHashTableOperate
6056d617 xul!TextRunWordCache::LookupWord
6063879c xul!nsTArray<TextRunWordCache::DeferredWord>::RemoveElementsAt
6056d544 xul!TextRunWordCache::MakeTextRun
6056d556 xul!TextRunWordCache::MakeTextRun
6056d569 xul!TextRunWordCache::MakeTextRun
604ee02d xul!nsAString_internal::Assign
605f354a xul!nsRuleNode::SetFontSize
77f1f7bd GDI32!GetOutlineTextMetricsInternalA
6052d0a5 xul!nsCSSCompressedDataBlock::MapRuleInfoInto
60498679 xul!gfxFont::Measure
60618399 xul!gfxRect::Union
60618374 xul!gfxFont::RunMetrics::CombineWith
605cf124 xul!gfxTextRun::AccumulateMetricsForRun
605cf159 xul!gfxTextRun::AccumulateMetricsForRun
605bd207 xul!BuildTextRunsScanner::FlushFrames
6002d6dd MOZCRT19!operator new
605d33ba xul!nsLineBreaker::AppendText
605c4503 xul!BuildTextRunsScanner::SetupBreakSinksForTextRun
607e17e8 xul!nsTArray<unsigned short>::AssignRange<unsigned char>
6056d3d0 xul!TextRunWordCache::MakeTextRun
60574bad xul!nsRuleNode::GetStyleFont
60006674 MOZCRT19!arena_bin_nonfull_run_get
606f84b0 xul!nsLineBreaker::AppendText
6056e4b2 xul!nsRuleNode::GetFontData
60497248 xul!gfxTextRun::BreakAndMeasureText
7e4268ae USER32!StaticWndProcWorker
605a55cf xul!BuildTextRunsScanner::~BuildTextRunsScanner
60657e20 xul!CheckFontCallback
60523e86 xul!nsRuleNode::GetStyleData
60587fc9 xul!nsRuleNode::GetVisibilityData
60587f39 xul!nsCSSDisplay::~nsCSSDisplay
60587fdc xul!nsRuleNode::GetVisibilityData
605c6318 xul!nsBlockFrame::InvalidateInternal
605c62a8 xul!nsBlockFrame::InvalidateInternal
606c1e01 xul!nsPropertyTable::GetProperty
606e50a2 xul!nsPropertyTable::GetPropertyInternal
604ab6ec xul!nsIFrame::InvalidateInternal
607268cc xul!ViewportFrame::InvalidateInternal
6059f596 xul!nsHTMLScrollFrame::InvalidateInternal
60593f59 xul!nsLineLayout::ReflowFrame
60571c19 xul!nsViewManager::GetAbsoluteRect
604c4614 xul!nsViewManager::GetRectVisibility
604c47c4 xul!nsViewManager::UpdateView
604ab7cf xul!ViewportFrame::InvalidateInternal
60499aef xul!nsGfxScrollFrameInner::InvalidateInternal
604ab6d7 xul!nsIFrame::InvalidateInternal
605bd220 xul!BuildTextRunsScanner::FlushFrames
604c37be xul!nsRegion::Or
60620000 xul!nsDiskCacheBinding::`scalar deleting destructor'
6062606b xul!nsJISx4051LineBreaker::GetJISx4051Breaks
60d20258 xul!space
605e0000 xul!nsProtocolProxyService::Resolve
6058cc2f xul!TextRunWordCache::FinishTextRun
605d3600 xul!nsLineBreaker::AppendText
605ac800 xul!nsLineBreaker::FlushCurrentWord
60670000 xul!SECOID_FindOIDTag_Util
606b4430 xul!pixmanFetchSourcePict
606ab9b0 xul!fbFetch
606a42e0 xul!mmxCombineAddU
606ac034 xul!pixman_composite_rect_general
606a00a2 xul!pixman_image_composite_rect
6056d3c7 xul!TextRunWordCache::MakeTextRun
6056d3e3 xul!TextRunWordCache::MakeTextRun
606b3cdf xul!fbFetchTransformed
606b9633 xul!fbFetchFromNoRegion
606b327e xul!fbFetchTransformed_Bilinear_Pad
606b0c80 xul!fbFetchPixel_x8r8g8b8
606b9620 xul!fbFetchFromNoRegion
606b3ac0 xul!fbFetchTransformed
606ac9e0 xul!fbCombineSrcU
606b3259 xul!fbFetchTransformed_Bilinear_Pad
606abedd xul!pixman_composite_rect_general_no_accessors
606abfba xul!pixman_composite_rect_general_no_accessors
604c3cd8 xul!nsRegion::SubRect
604c3775 xul!nsRegion::Or
604c1b12 xul!nsRegion::SubRegion
605c7721 xul!gfxTextRun::MeasureText
604c48ee xul!nsViewManager::UpdateWidgetArea
605c76ad xul!gfxTextRun::MeasureText
606585e0 xul!MatchWeightEntry
607e39cb xul!IsMarginZero
608da6bb xul!nsInlineFrame::IsSelfEmpty
604a91ea xul!nsRuleNode::GetStylePosition
604a91c6 xul!nsStyleContext::GetStylePosition
606c4649 xul!nsIFrame::GetStylePosition
60754f86 xul!nsAbsoluteContainingBlock::Reflow
60754fcd xul!nsAbsoluteContainingBlock::Reflow
6056a9f5 xul!nsBlockFrame::Reflow
6056aa36 xul!nsBlockFrame::Reflow
6052c694 xul!nsRect::UnionRect
604b7fff xul!nsFontCache::GetMetricsFor
6057afae xul!nsIFrame::GetOverflowAreaProperty
605312be xul!nsIFrame::FinishAndStoreOverflow
604b52f0 xul!nsBlockFrame::IsFrameOfType
6053128d xul!nsIFrame::FinishAndStoreOverflow
6053108f xul!nsIFrame::FinishAndStoreOverflow
606b0c60 xul!fbFetchPixel_a8r8g8b8
606ab9d2 xul!fbFetch
606a3e10 xul!mmxCombineInU
606abf2d xul!pixman_composite_rect_general_no_accessors
606a3ca0 xul!mmxCombineOverU
606002f7 xul!nsBlockFrame::IsSelfEmpty
6095297b xul!nsBlockFrame::IsEmpty
6049de73 xul!nsFrame::ComputeSize
604fc08d xul!SearchTable
6056017b xul!nsContainerFrame::FinishReflowChild
6055ff82 xul!nsHTMLScrollFrame::ReflowScrolledFrame
60557276 xul!nsGfxScrollFrameInner::IsLTR
605571df xul!nsGfxScrollFrameInner::GetScrolledRect
605d0419 xul!ComputeInsideBorderSize
605a61b5 xul!nsHTMLScrollFrame::TryLayout
604a68fb xul!FindElementBackground
60499528 xul!nsGfxScrollFrameInner::PostOverflowEvent
60557178 xul!nsView::ResetWidgetBounds
60554a2d xul!nsView::SetPosition
604a69a9 xul!FindElementBackground
604a69c4 xul!FindElementBackground
604a67e6 xul!SyncFrameViewGeometryDependentProperties
604a6789 xul!nsContainerFrame::SyncFrameViewAfterReflow
609b3c92 xul!nsAbsoluteContainingBlock::ReflowAbsoluteFrame
609b3cc5 xul!nsAbsoluteContainingBlock::ReflowAbsoluteFrame
6059e54b xul!nsBlockFrame::ReflowLine
60754ff2 xul!nsAbsoluteContainingBlock::Reflow
60754ffc xul!nsAbsoluteContainingBlock::Reflow
606e0723 xul!nsBlockFrame::ComputeCombinedArea
605d2c40 xul!nsBlockReflowContext::PlaceBlock
605c2b56 xul!nsLineBox::SetCombinedArea
6059eabb xul!nsBlockFrame::ReflowBlockFrame
6053eb9b xul!nsIFrame::Invalidate
606c06d5 xul!nsPresContext::UseDocumentColors
606c1e5d xul!nsCSSValue::Reset
605f2269 xul!nsCSSColor::~nsCSSColor
608b6258 xul!nsRuleNode::HasAuthorSpecifiedRules
60916ff1 xul!nsHTMLScrol

STACK_COMMAND:  dds 11473c ; kb

FOLLOWUP_IP: 
xpsp2res+11c544
2011c544 fd              std

SYMBOL_STACK_INDEX:  85

SYMBOL_NAME:  xpsp2res+11c544

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  ZEROED_STACK

FAILURE_BUCKET_ID:  ZEROED_STACK_c0000005_Unknown_Image!Unloaded

Followup: MachineOwner
---------


Reproducible: Sometimes

Steps to Reproduce:
1.Go to Digg
2.Digg comments up or down
3.Post comments
Actual Results:  
Crash

Expected Results:  
No crash

This doesn't happen very often, but I've seen it at least three times.

This was originally filed under bug 433609 (as I thought it was similar to the crash that resulted in that bug being filed), however someone commented that this was likely a different bug and therefore should be filed separately.

Updated

11 years ago
Assignee: nobody → mscott
Component: General → Spelling checker
Product: Firefox → Core
QA Contact: general → spelling-checker
Version: unspecified → Trunk
Assignee: mscott → nobody
Mine is a bit different. Minefield crashed a couple of minutes ago while I wanted to apply the downloaded update. On shutdown Minefield crashed with a probably not helpful stack:

0  	mozcrt19.dll  	_VEC_memzero  	
1 	nssutil3.dll 	nssutil3.dll@0x71af

Crash report: d33eba34-4058-4e24-9207-47bb62090517

Josh, shall I file mine as a separate bug?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
David, are you still seeing this?  I wouldn't be surprised if the fix for bug 433289 fixed crash with multiple signatures, given type of bug it was.

Henrik, yes, you should be in another bug.
Filed as bug 517841.
(Reporter)

Comment 4

9 years ago
I haven't seen this since 3.5 came out.
Alright, let's call this worksforme then.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.