Closed
Bug 436560
Opened 16 years ago
Closed 14 years ago
Access violation - code c0000005 || js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: codecalamity, Unassigned)
References
()
Details
(Whiteboard: [CLOSEME 2010-10-01])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0
I took a user dump of Firefox and ran it through windbg to get the following:
(69c.7bc): Access violation - code c0000005 (first/second chance not available)
eax=00000001 ebx=0012fb74 ecx=00000000 edx=036b0002 esi=0170b5c0 edi=031316b0
eip=6014692b esp=0012fb00 ebp=00000001 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210202
js3250!JS_SetPrivate+0xb:
6014692b 894110 mov dword ptr [ecx+10h],eax ds:0023:00000010=????????
0:000> k
ChildEBP RetAddr
0012fafc 6079e72a js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
0012fb18 604f024d xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805]
0012fb48 60a6d121 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724]
0012fbb8 60ab0bf9 xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846]
0012fc04 60a7340a xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960]
0012fc30 60a87dd0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828]
0012fc64 604d5e48 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890]
0012fc88 604b8a3a xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511]
0012fca0 606433fd xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169]
0012fcac 60584d88 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182]
0012fcb4 003200a8 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174]
I downloaded the source for that file (jsapi.c) and the method in question is:
JS_PUBLIC_API(JSBool)
JS_SetPrivate(JSContext *cx, JSObject *obj, void *data)
{
JS_ASSERT(OBJ_GET_CLASS(cx, obj)->flags & JSCLASS_HAS_PRIVATE);
obj->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(data);
return JS_TRUE;
}
Reproducible: Always
Steps to Reproduce:
1.Simply load the URL
2.Will get redirected (302)
3.Will get OK (200); will begin processing Javascript and crash (no Mozilla Bug Reporter; too severe?)
Actual Results:
Firefox crashes with an access violation
Expected Results:
Displayed either the silverlight video or the typical silverlight tag that says download me.
Did as much dumping/debugging as possible...still getting comfortable in that area. Below is the results of !analyze -v in windbg (I don't know if there is machine specific details in there...hopefully not)
0:000> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for NPSWF32.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
6014692b 894110 mov dword ptr [ecx+10h],eax
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 6014692b (js3250!JS_SetPrivate+0x0000000b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000010
Attempt to write to address 00000010
DEFAULT_BUCKET_ID: NULL_POINTER_READ
PROCESS_NAME: firefox.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
WRITE_ADDRESS: 00000010
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
LAST_CONTROL_TRANSFER: from 6079e72a to 6014692b
STACK_TEXT:
0012fafc 6079e72a 0036eb40 00000000 00000000 js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
0012fb18 604f024d 60d63db8 031316b0 00000001 xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805]
0012fb48 60a6d121 60d63db8 6079e6dc 0012fb74 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724]
0012fbb8 60ab0bf9 049eaa98 15c153f6 3c44dc9e xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846]
0012fc04 60a7340a 049eaa80 0031c3a0 049cf3e0 xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960]
0012fc30 60a87dd0 049eaa80 00000000 0031c3a0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828]
0012fc64 604d5e48 00000000 003156c0 0031d290 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890]
0012fc88 604b8a3a 00000001 00000001 0012fca8 xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511]
0012fca0 606433fd 00000001 80000000 60584d88 xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169]
0012fcac 60584d88 00f4d1f0 003200a8 00000000 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182]
0012fcb4 003200a8 00000000 003200a0 00000001 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012fcb8 00000000 003200a0 00000001 0033a260 0x3200a8
STACK_COMMAND: ~0s; .ecxr ; kb
FAULTING_THREAD: 000007bc
PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ
FOLLOWUP_IP:
js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
6014692b 894110 mov dword ptr [ecx+10h],eax
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: js3250!JS_SetPrivate+b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: js3250
IMAGE_NAME: js3250.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4828540d
FAILURE_BUCKET_ID: js3250.dll!JS_SetPrivate_c0000005_NULL_POINTER_READ
BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_js3250!JS_SetPrivate+b
Followup: MachineOwner
---------
|
||
Comment 1•16 years ago
|
||
WFM (no crash) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052901 Minefield/3.0pre ID:2008052901
|
||
Comment 2•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.9 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2010-10-01]
Version: unspecified → 3.0 Branch
|
|
||
Comment 3•14 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.10 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•