Zero'd stack after call to memzero

RESOLVED WORKSFORME

Status

()

--
critical
RESOLVED WORKSFORME
11 years ago
9 years ago

People

(Reporter: david_dillard, Unassigned)

Tracking

({crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052206 Minefield/3.0pre
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052206 Minefield/3.0pre

Occasionally, while using Digg (digging things up or down and posting comments, not just viewing) I get the crash below with a zero'd stack after a call to memzero().  Bug 433289 is MUCH more common than this one in that usage scenario.

(469c.3318): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00730020 ebx=00000000 ecx=01320f90 edx=00000006 esi=00000004 edi=601a48e0
eip=00730028 esp=bc8a2be0 ebp=06673230 iopl=0         nv up ei ng nz na po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010283
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]
ds:0023:00000004=?? es:0023:601a48e0=54
0:000> analyze
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for C:\WINDOWS\system32\bmnet.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
C:\WINDOWS\system32\bmnet.dll - 
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINDOWS\system32\xpsp2res.dll
*** WARNING: Unable to verify checksum for firefox.exe
Cannot find frame 0x211, previous scope unchanged
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
+730028
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00730028
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000004
Attempt to read from address 00000004

FAULTING_THREAD:  00003318

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced
memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000004 

FAILED_INSTRUCTION_ADDRESS: 
+730028
00730028 a6              cmps    byte ptr [esi],byte ptr es:[edi]

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

IP_ON_HEAP:  00730028

ADDITIONAL_DEBUG_TEXT:  Followup set via attribute from Frame 0 on thread
ffffffff

LAST_CONTROL_TRANSFER:  from 00000000 to 00730028

DEFAULT_BUCKET_ID:  ZEROED_STACK

PRIMARY_PROBLEM_CLASS:  ZEROED_STACK

BUGCHECK_STR: 
APPLICATION_FAULT_ZEROED_STACK_NULL_INSTRUCTION_PTR_STACK_CORRUPTION_STACK_CORRUPTION

STACK_TEXT:  
6001335b MOZCRT19!_VEC_memzero
607ce9d1 xul!AffixMgr::encodeit
60c53aa4 xul!`string'
607ced0a xul!AffixMgr::encodeit
60006934 MOZCRT19!arena_malloc_small
60006962 MOZCRT19!arena_malloc
60008135 MOZCRT19!malloc
60800da0 xul!HashMgr::decode_flags
60800f06 xul!HashMgr::decode_flags
7c94a1f5 ntdll!RtlAllocateHeapSlowly
7c91b5f4 ntdll!RtlAllocateHeapSlowly
7c91b686 ntdll!RtlAllocateHeapSlowly
7c90ee18 ntdll!_except_handler3
7c91b690 ntdll!CheckHeapFillPattern
7c96d8a2 ntdll!RtlDebugAllocateHeap
7c96d886 ntdll!RtlDebugAllocateHeap
7c96d8a8 ntdll!`string'
7c949d18 ntdll!RtlAllocateHeapSlowly
7c91b298 ntdll!RtlAllocateHeap
7c9106eb ntdll!RtlAllocateHeap
7c910945 ntdll!RtlAcquirePebLock
7c91094e ntdll!RtlAcquirePebLock
7c914190 ntdll!RtlpValidateCurrentDirectory
7c901005 ntdll!RtlEnterCriticalSection
7c910970 ntdll!RtlReleasePebLock
7c97e4c0 ntdll!FastPebLock
7c913e6f ntdll!RtlGetFullPathName_Ustr
7c913e62 ntdll!RtlGetFullPathName_Ustr
7c949b34 ntdll!RtlpCoalesceFreeBlocks
7c926a44 ntdll!RtlFreeHeapSlowly
7c926abe ntdll!RtlFreeHeapSlowly
7c91402e ntdll!RtlDosPathNameToNtPathName_Ustr
7c9140ef ntdll!RtlDosPathNameToNtPathName_Ustr
7c9140bb ntdll!RtlDosPathNameToNtPathName_Ustr
7c96cde9 ntdll!RtlpValidateHeap
6051a60f xul!AppendUTF16toUTF8
604f3390 xul!PL_DHashMatchStringKey
604fc0ac xul!SearchTable
604f3370 xul!PL_DHashMatchStringKey
604fbf9c xul!PL_DHashTableOperate
604edc90 xul!nsAString_internal::ReplacePrep
6054475e xul!nsPersistentProperties::GetStringProperty
60616b7a xul!nsGREResProperties::Get
60616b87 xul!nsGREResProperties::Get
6051a0fc xul!nsACString_internal::SetCapacity
6051a10f xul!nsACString_internal::SetCapacity
6051f800 xul!nsACString_internal::EnsureMutable
60566578 xul!LossyAppendUTF16toASCII
604a89eb xul!nsCharsetAlias2::GetPreferred
604a8848 xul!nsCharsetAlias2::GetPreferred
7c926ac8 ntdll!CheckHeapFillPattern
7c9268ad ntdll!RtlFreeHeap
7c91056d ntdll!RtlFreeHeap
7c91043d ntdll!RtlFreeHeap
60c693c0 xul!`string'
60638e68 xul!StabilizedQueryInterface<nsOneByteDecoderSupport>
600cdf92 nspr4!_MD_CURRENT_THREAD
60508963 xul!nsComponentManagerImpl::GetServiceByContractID
60c69e24 xul!nsIUnicodeEncoder::COMTypeInfo<int>::kIID
6050c6f5 xul!CallGetService
60c6a1f4 xul!nsICharsetAlias::COMTypeInfo<int>::kIID
6063212b xul!nsCharPtrHashKey::KeyEquals
6063211e
xul!nsTHashtable<nsBaseHashtableET<nsCharPtrHashKey,nsCOMPtr<nsIUnicodeDecoder>
> >::s_MatchEntry
60632111
xul!nsTHashtable<nsBaseHashtableET<nsCharPtrHashKey,nsCOMPtr<nsIUnicodeDecoder>
> >::s_MatchEntry
60652dfa xul!uMapCode
60bb05b0 xul!nsPrincipal::sInvalid
60bb05c0 xul!nsPrincipal::sInvalid
6079252d xul!nsUnicodeEncodeHelper::ConvertByTable
607925f7 xul!nsTableEncoderSupport::ConvertNoBuffNoErr
607926e1 xul!nsEncoderSupport::ConvertNoBuff
60006c76 MOZCRT19!arena_dalloc_small
60006d3e MOZCRT19!arena_dalloc
60006d48 MOZCRT19!arena_dalloc
60007d90 MOZCRT19!free
60007d70 MOZCRT19!free
606400dd xul!nsTableEncoderSupport::`scalar deleting destructor'
606321ed xul!nsBasicEncoder::Release
6052d6ee xul!nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener>
609c8ac6 xul!get_current_cs
609c97fe xul!AffixMgr::parse_file
609c9854 xul!AffixMgr::parse_file
20000000 xpsp2res
600a3b48 MOZCRT19!_iob
606dd929 xul!ContextState::UseConservativeBreaking
606dd92f xul!ContextState::UseConservativeBreaking
60626111 xul!ContextualAnalysis
60625f1b xul!nsJISx4051LineBreaker::GetJISx4051Breaks
60633d72 xul!BuildTextRunsScanner::BreakSink::SetBreaks
604ef200 xul!nsTArray_base::ShiftData
60d68dcc xul!nsTArray_base::sEmptyHdr
605ac8da xul!nsLineBreaker::FlushCurrentWord
605ac8e7 xul!nsLineBreaker::FlushCurrentWord
605ac901 xul!nsLineBreaker::FlushCurrentWord
6052d3f4 xul!CSSStyleRuleImpl::MapRuleInfoInto
605212fe xul!nsRuleNode::WalkRuleTree
605a69ba xul!nsRuleNode::GetSVGData
605a6c7f xul!nsCSSSVG::~nsCSSSVG
605a69cd xul!nsRuleNode::GetSVGData
60523eac xul!nsRuleNode::GetStyleData
60521744 xul!nsRuleNode::WalkRuleTree
77f2c4fc GDI32!NtGdiGetTextExtentExW
77f3dd19 GDI32!GetTextExtentExPointI
6058ce8f xul!nsTArray<gfxTextRun::GlyphRun>::AppendElements
60626de8 xul!SetupTextRunFromGlyphs
60626df3 xul!SetupTextRunFromGlyphs
60626e01 xul!SetupTextRunFromGlyphs
607d2634 xul!nsTArray<KeyPair>::AssignRange<KeyPair>
606210a4
xul!nsTArray<nsLineBreaker::TextItem>::AppendElements<nsLineBreaker::TextItem>
608b3f71
xul!nsTArray<nsLineBreaker::TextItem>::AppendElement<nsLineBreaker::TextItem>
608e2bf2 xul!nsLineBreaker::AppendText
608e2c0c xul!nsLineBreaker::AppendText
605a0000 xul!CNavDTD::CloseContainer
60040001 MOZCRT19!_vcprintf_l
605f3589 xul!nsRuleNode::SetFontSize
605f2aea xul!nsRuleNode::SetFont
605f2a28 xul!nsRuleNode::SetFont
605e3414 xul!nsRuleNode::ComputeFontData
60674c38 xul!_moz_cairo_surface_reference
605ede58 xul!gfxASurface::AddRef
60675bc8 xul!_moz_cairo_surface_destroy
6061ca38 xul!gfxWindowsFontGroup::InitTextRunGDI
6061ca52 xul!gfxWindowsFontGroup::InitTextRunGDI
6061ca63 xul!gfxWindowsFontGroup::InitTextRunGDI
605e342d xul!nsRuleNode::ComputeFontData
605e343b xul!nsRuleNode::ComputeFontData
605d3611 xul!nsLineBreaker::AppendText
6058cd76 xul!gfxTextRun::CopyGlyphDataFrom
6058cd59 xul!gfxTextRun::CopyGlyphDataFrom
6058cbe4 xul!TextRunWordCache::FinishTextRun
60d2023c xul!gfxWindowsFontGroup::`vftable'
60563c9c xul!TextRunWordCache::MakeTextRun
60563ccf xul!TextRunWordCache::MakeTextRun
00410020 firefox!__dyn_tls_init_callback <PERF> (firefox+0x10020)
2011c544 xpsp2res
60005cea MOZCRT19!arena_run_tree_s_RB_INSERT
60006cee MOZCRT19!arena_dalloc_small
6061a341 xul!HasCompressedLeadingWhitespace
6070f7e3 xul!BuildTextRunsScanner::SetupBreakSinksForTextRun
606cbea6 xul!nsTArray<Expr *>::RemoveElementsAt
605aa194 xul!BuildTextRunsScanner::BuildTextRunForFrames
605aa1a7 xul!BuildTextRunsScanner::BuildTextRunForFrames
605aa1be xul!BuildTextRunsScanner::BuildTextRunForFrames
606dd951 xul!ContextState::UseConservativeBreaking
605d362c xul!nsLineBreaker::AppendText
605d3647 xul!nsLineBreaker::AppendText
60633df6 xul!gfxTextRun::SetPotentialLineBreaks
606dd957 xul!ContextState::UseConservativeBreaking
60626126 xul!ContextualAnalysis
606f8bec xul!gfxTextRun::AddGlyphRun
605ac801 xul!nsLineBreaker::FlushCurrentWord
60632576 xul!AddFontNameToArray
605ba960 xul!gfxTextRun::gfxTextRun
604c6609 xul!AppendASCIItoUTF16
604c661d xul!AppendASCIItoUTF16
60585121 xul!nsTHashtable<TextRunWordCache::CacheHashEntry>::s_MatchEntry
604fbe91 xul!PL_DHashTableOperate
604fbe05 xul!PL_DHashTableOperate
6056d617 xul!TextRunWordCache::LookupWord
6063879c xul!nsTArray<TextRunWordCache::DeferredWord>::RemoveElementsAt
6056d544 xul!TextRunWordCache::MakeTextRun
6056d556 xul!TextRunWordCache::MakeTextRun
6056d569 xul!TextRunWordCache::MakeTextRun
604ee02d xul!nsAString_internal::Assign
605f354a xul!nsRuleNode::SetFontSize
77f1f7bd GDI32!GetOutlineTextMetricsInternalA
6052d0a5 xul!nsCSSCompressedDataBlock::MapRuleInfoInto
60498679 xul!gfxFont::Measure
60618399 xul!gfxRect::Union
60618374 xul!gfxFont::RunMetrics::CombineWith
605cf124 xul!gfxTextRun::AccumulateMetricsForRun
605cf159 xul!gfxTextRun::AccumulateMetricsForRun
605bd207 xul!BuildTextRunsScanner::FlushFrames
6002d6dd MOZCRT19!operator new
605d33ba xul!nsLineBreaker::AppendText
605c4503 xul!BuildTextRunsScanner::SetupBreakSinksForTextRun
607e17e8 xul!nsTArray<unsigned short>::AssignRange<unsigned char>
6056d3d0 xul!TextRunWordCache::MakeTextRun
60574bad xul!nsRuleNode::GetStyleFont
60006674 MOZCRT19!arena_bin_nonfull_run_get
606f84b0 xul!nsLineBreaker::AppendText
6056e4b2 xul!nsRuleNode::GetFontData
60497248 xul!gfxTextRun::BreakAndMeasureText
7e4268ae USER32!StaticWndProcWorker
605a55cf xul!BuildTextRunsScanner::~BuildTextRunsScanner
60657e20 xul!CheckFontCallback
60523e86 xul!nsRuleNode::GetStyleData
60587fc9 xul!nsRuleNode::GetVisibilityData
60587f39 xul!nsCSSDisplay::~nsCSSDisplay
60587fdc xul!nsRuleNode::GetVisibilityData
605c6318 xul!nsBlockFrame::InvalidateInternal
605c62a8 xul!nsBlockFrame::InvalidateInternal
606c1e01 xul!nsPropertyTable::GetProperty
606e50a2 xul!nsPropertyTable::GetPropertyInternal
604ab6ec xul!nsIFrame::InvalidateInternal
607268cc xul!ViewportFrame::InvalidateInternal
6059f596 xul!nsHTMLScrollFrame::InvalidateInternal
60593f59 xul!nsLineLayout::ReflowFrame
60571c19 xul!nsViewManager::GetAbsoluteRect
604c4614 xul!nsViewManager::GetRectVisibility
604c47c4 xul!nsViewManager::UpdateView
604ab7cf xul!ViewportFrame::InvalidateInternal
60499aef xul!nsGfxScrollFrameInner::InvalidateInternal
604ab6d7 xul!nsIFrame::InvalidateInternal
605bd220 xul!BuildTextRunsScanner::FlushFrames
604c37be xul!nsRegion::Or
60620000 xul!nsDiskCacheBinding::`scalar deleting destructor'
6062606b xul!nsJISx4051LineBreaker::GetJISx4051Breaks
60d20258 xul!space
605e0000 xul!nsProtocolProxyService::Resolve
6058cc2f xul!TextRunWordCache::FinishTextRun
605d3600 xul!nsLineBreaker::AppendText
605ac800 xul!nsLineBreaker::FlushCurrentWord
60670000 xul!SECOID_FindOIDTag_Util
606b4430 xul!pixmanFetchSourcePict
606ab9b0 xul!fbFetch
606a42e0 xul!mmxCombineAddU
606ac034 xul!pixman_composite_rect_general
606a00a2 xul!pixman_image_composite_rect
6056d3c7 xul!TextRunWordCache::MakeTextRun
6056d3e3 xul!TextRunWordCache::MakeTextRun
606b3cdf xul!fbFetchTransformed
606b9633 xul!fbFetchFromNoRegion
606b327e xul!fbFetchTransformed_Bilinear_Pad
606b0c80 xul!fbFetchPixel_x8r8g8b8
606b9620 xul!fbFetchFromNoRegion
606b3ac0 xul!fbFetchTransformed
606ac9e0 xul!fbCombineSrcU
606b3259 xul!fbFetchTransformed_Bilinear_Pad
606abedd xul!pixman_composite_rect_general_no_accessors
606abfba xul!pixman_composite_rect_general_no_accessors
604c3cd8 xul!nsRegion::SubRect
604c3775 xul!nsRegion::Or
604c1b12 xul!nsRegion::SubRegion
605c7721 xul!gfxTextRun::MeasureText
604c48ee xul!nsViewManager::UpdateWidgetArea
605c76ad xul!gfxTextRun::MeasureText
606585e0 xul!MatchWeightEntry
607e39cb xul!IsMarginZero
608da6bb xul!nsInlineFrame::IsSelfEmpty
604a91ea xul!nsRuleNode::GetStylePosition
604a91c6 xul!nsStyleContext::GetStylePosition
606c4649 xul!nsIFrame::GetStylePosition
60754f86 xul!nsAbsoluteContainingBlock::Reflow
60754fcd xul!nsAbsoluteContainingBlock::Reflow
6056a9f5 xul!nsBlockFrame::Reflow
6056aa36 xul!nsBlockFrame::Reflow
6052c694 xul!nsRect::UnionRect
604b7fff xul!nsFontCache::GetMetricsFor
6057afae xul!nsIFrame::GetOverflowAreaProperty
605312be xul!nsIFrame::FinishAndStoreOverflow
604b52f0 xul!nsBlockFrame::IsFrameOfType
6053128d xul!nsIFrame::FinishAndStoreOverflow
6053108f xul!nsIFrame::FinishAndStoreOverflow
606b0c60 xul!fbFetchPixel_a8r8g8b8
606ab9d2 xul!fbFetch
606a3e10 xul!mmxCombineInU
606abf2d xul!pixman_composite_rect_general_no_accessors
606a3ca0 xul!mmxCombineOverU
606002f7 xul!nsBlockFrame::IsSelfEmpty
6095297b xul!nsBlockFrame::IsEmpty
6049de73 xul!nsFrame::ComputeSize
604fc08d xul!SearchTable
6056017b xul!nsContainerFrame::FinishReflowChild
6055ff82 xul!nsHTMLScrollFrame::ReflowScrolledFrame
60557276 xul!nsGfxScrollFrameInner::IsLTR
605571df xul!nsGfxScrollFrameInner::GetScrolledRect
605d0419 xul!ComputeInsideBorderSize
605a61b5 xul!nsHTMLScrollFrame::TryLayout
604a68fb xul!FindElementBackground
60499528 xul!nsGfxScrollFrameInner::PostOverflowEvent
60557178 xul!nsView::ResetWidgetBounds
60554a2d xul!nsView::SetPosition
604a69a9 xul!FindElementBackground
604a69c4 xul!FindElementBackground
604a67e6 xul!SyncFrameViewGeometryDependentProperties
604a6789 xul!nsContainerFrame::SyncFrameViewAfterReflow
609b3c92 xul!nsAbsoluteContainingBlock::ReflowAbsoluteFrame
609b3cc5 xul!nsAbsoluteContainingBlock::ReflowAbsoluteFrame
6059e54b xul!nsBlockFrame::ReflowLine
60754ff2 xul!nsAbsoluteContainingBlock::Reflow
60754ffc xul!nsAbsoluteContainingBlock::Reflow
606e0723 xul!nsBlockFrame::ComputeCombinedArea
605d2c40 xul!nsBlockReflowContext::PlaceBlock
605c2b56 xul!nsLineBox::SetCombinedArea
6059eabb xul!nsBlockFrame::ReflowBlockFrame
6053eb9b xul!nsIFrame::Invalidate
606c06d5 xul!nsPresContext::UseDocumentColors
606c1e5d xul!nsCSSValue::Reset
605f2269 xul!nsCSSColor::~nsCSSColor
608b6258 xul!nsRuleNode::HasAuthorSpecifiedRules
60916ff1 xul!nsHTMLScrol

STACK_COMMAND:  dds 11473c ; kb

FOLLOWUP_IP: 
xpsp2res+11c544
2011c544 fd              std

SYMBOL_STACK_INDEX:  85

SYMBOL_NAME:  xpsp2res+11c544

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  ZEROED_STACK

FAILURE_BUCKET_ID:  ZEROED_STACK_c0000005_Unknown_Image!Unloaded

Followup: MachineOwner
---------


Reproducible: Sometimes

Steps to Reproduce:
1.Go to Digg
2.Digg comments up or down
3.Post comments
Actual Results:  
Crash

Expected Results:  
No crash

This doesn't happen very often, but I've seen it at least three times.

This was originally filed under bug 433609 (as I thought it was similar to the crash that resulted in that bug being filed), however someone commented that this was likely a different bug and therefore should be filed separately.

Updated

11 years ago
Assignee: nobody → mscott
Component: General → Spelling checker
Product: Firefox → Core
QA Contact: general → spelling-checker
Version: unspecified → Trunk
Assignee: mscott → nobody
Mine is a bit different. Minefield crashed a couple of minutes ago while I wanted to apply the downloaded update. On shutdown Minefield crashed with a probably not helpful stack:

0  	mozcrt19.dll  	_VEC_memzero  	
1 	nssutil3.dll 	nssutil3.dll@0x71af

Crash report: d33eba34-4058-4e24-9207-47bb62090517

Josh, shall I file mine as a separate bug?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
David, are you still seeing this?  I wouldn't be surprised if the fix for bug 433289 fixed crash with multiple signatures, given type of bug it was.

Henrik, yes, you should be in another bug.
(Reporter)

Comment 4

9 years ago
I haven't seen this since 3.5 came out.
Alright, let's call this worksforme then.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.