Access violation - code c0000005 || js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]

RESOLVED INCOMPLETE

Status

()

Firefox
General
--
critical
RESOLVED INCOMPLETE
10 years ago
7 years ago

People

(Reporter: Code Calamity, Unassigned)

Tracking

3.0 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CLOSEME 2010-10-01], URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0

I took a user dump of Firefox and ran it through windbg to get the following:
(69c.7bc): Access violation - code c0000005 (first/second chance not available)
eax=00000001 ebx=0012fb74 ecx=00000000 edx=036b0002 esi=0170b5c0 edi=031316b0
eip=6014692b esp=0012fb00 ebp=00000001 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210202
js3250!JS_SetPrivate+0xb:
6014692b 894110          mov     dword ptr [ecx+10h],eax ds:0023:00000010=????????
0:000> k
ChildEBP RetAddr  
0012fafc 6079e72a js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
0012fb18 604f024d xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805]
0012fb48 60a6d121 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724]
0012fbb8 60ab0bf9 xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846]
0012fc04 60a7340a xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960]
0012fc30 60a87dd0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828]
0012fc64 604d5e48 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890]
0012fc88 604b8a3a xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511]
0012fca0 606433fd xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169]
0012fcac 60584d88 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182]
0012fcb4 003200a8 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174]

I downloaded the source for that file (jsapi.c) and the method in question is:
JS_PUBLIC_API(JSBool)
JS_SetPrivate(JSContext *cx, JSObject *obj, void *data)
{
    JS_ASSERT(OBJ_GET_CLASS(cx, obj)->flags & JSCLASS_HAS_PRIVATE);
    obj->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(data);
    return JS_TRUE;
}

Reproducible: Always

Steps to Reproduce:
1.Simply load the URL
2.Will get redirected (302)
3.Will get OK (200); will begin processing Javascript and crash (no Mozilla Bug Reporter; too severe?)
Actual Results:  
Firefox crashes with an access violation

Expected Results:  
Displayed either the silverlight video or the typical silverlight tag that says download me.

Did as much dumping/debugging as possible...still getting comfortable in that area. Below is the results of !analyze -v in windbg (I don't know if there is machine specific details in there...hopefully not)

0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for NPSWF32.dll - 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
6014692b 894110          mov     dword ptr [ecx+10h],eax

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 6014692b (js3250!JS_SetPrivate+0x0000000b)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000001
   Parameter[1]: 00000010
Attempt to write to address 00000010

DEFAULT_BUCKET_ID:  NULL_POINTER_READ

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

WRITE_ADDRESS:  00000010 

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

LAST_CONTROL_TRANSFER:  from 6079e72a to 6014692b

STACK_TEXT:  
0012fafc 6079e72a 0036eb40 00000000 00000000 js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
0012fb18 604f024d 60d63db8 031316b0 00000001 xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805]
0012fb48 60a6d121 60d63db8 6079e6dc 0012fb74 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724]
0012fbb8 60ab0bf9 049eaa98 15c153f6 3c44dc9e xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846]
0012fc04 60a7340a 049eaa80 0031c3a0 049cf3e0 xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960]
0012fc30 60a87dd0 049eaa80 00000000 0031c3a0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828]
0012fc64 604d5e48 00000000 003156c0 0031d290 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890]
0012fc88 604b8a3a 00000001 00000001 0012fca8 xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511]
0012fca0 606433fd 00000001 80000000 60584d88 xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169]
0012fcac 60584d88 00f4d1f0 003200a8 00000000 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182]
0012fcb4 003200a8 00000000 003200a0 00000001 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fcb8 00000000 003200a0 00000001 0033a260 0x3200a8


STACK_COMMAND:  ~0s; .ecxr ; kb

FAULTING_THREAD:  000007bc

PRIMARY_PROBLEM_CLASS:  NULL_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_READ

FOLLOWUP_IP: 
js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
6014692b 894110          mov     dword ptr [ecx+10h],eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  js3250!JS_SetPrivate+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: js3250

IMAGE_NAME:  js3250.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4828540d

FAILURE_BUCKET_ID:  js3250.dll!JS_SetPrivate_c0000005_NULL_POINTER_READ

BUCKET_ID:  APPLICATION_FAULT_NULL_POINTER_READ_js3250!JS_SetPrivate+b

Followup: MachineOwner
---------

Comment 1

10 years ago
WFM (no crash) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052901 Minefield/3.0pre ID:2008052901
Reporter, are you still seeing this issue with Firefox 3.6.9 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2010-10-01]
Version: unspecified → 3.0 Branch
No reply, INCOMPLETE. Please retest with Firefox 3.6.10 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.