Closed
Bug 436560
Opened 16 years ago
Closed 14 years ago
Access violation - code c0000005 || js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888]
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: codecalamity, Unassigned)
References
()
Details
(Whiteboard: [CLOSEME 2010-10-01])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0 I took a user dump of Firefox and ran it through windbg to get the following: (69c.7bc): Access violation - code c0000005 (first/second chance not available) eax=00000001 ebx=0012fb74 ecx=00000000 edx=036b0002 esi=0170b5c0 edi=031316b0 eip=6014692b esp=0012fb00 ebp=00000001 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210202 js3250!JS_SetPrivate+0xb: 6014692b 894110 mov dword ptr [ecx+10h],eax ds:0023:00000010=???????? 0:000> k ChildEBP RetAddr 0012fafc 6079e72a js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888] 0012fb18 604f024d xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805] 0012fb48 60a6d121 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724] 0012fbb8 60ab0bf9 xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846] 0012fc04 60a7340a xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960] 0012fc30 60a87dd0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828] 0012fc64 604d5e48 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890] 0012fc88 604b8a3a xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511] 0012fca0 606433fd xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169] 0012fcac 60584d88 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182] 0012fcb4 003200a8 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174] I downloaded the source for that file (jsapi.c) and the method in question is: JS_PUBLIC_API(JSBool) JS_SetPrivate(JSContext *cx, JSObject *obj, void *data) { JS_ASSERT(OBJ_GET_CLASS(cx, obj)->flags & JSCLASS_HAS_PRIVATE); obj->fslots[JSSLOT_PRIVATE] = PRIVATE_TO_JSVAL(data); return JS_TRUE; } Reproducible: Always Steps to Reproduce: 1.Simply load the URL 2.Will get redirected (302) 3.Will get OK (200); will begin processing Javascript and crash (no Mozilla Bug Reporter; too severe?) Actual Results: Firefox crashes with an access violation Expected Results: Displayed either the silverlight video or the typical silverlight tag that says download me. Did as much dumping/debugging as possible...still getting comfortable in that area. Below is the results of !analyze -v in windbg (I don't know if there is machine specific details in there...hopefully not) 0:000> !analyze -v ERROR: FindPlugIns 8007007b ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** ERROR: Symbol file could not be found. Defaulted to export symbols for NPSWF32.dll - ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Your debugger is not using the correct symbols *** *** *** *** In order for this command to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: kernel32!pNlsUserInfo *** *** *** ************************************************************************* FAULTING_IP: js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888] 6014692b 894110 mov dword ptr [ecx+10h],eax EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 6014692b (js3250!JS_SetPrivate+0x0000000b) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00000010 Attempt to write to address 00000010 DEFAULT_BUCKET_ID: NULL_POINTER_READ PROCESS_NAME: firefox.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s". WRITE_ADDRESS: 00000010 NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 LAST_CONTROL_TRANSFER: from 6079e72a to 6014692b STACK_TEXT: 0012fafc 6079e72a 0036eb40 00000000 00000000 js3250!JS_SetPrivate+0xb [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888] 0012fb18 604f024d 60d63db8 031316b0 00000001 xul!NPObjWrapperPluginDestroyedCallback+0x4e [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1805] 0012fb48 60a6d121 60d63db8 6079e6dc 0012fb74 xul!PL_DHashTableEnumerate+0x7d [e:\fx19rel\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\pldhash.c @ 724] 0012fbb8 60ab0bf9 049eaa98 15c153f6 3c44dc9e xul!nsJSNPRuntime::OnPluginDestroy+0x8d [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\nsjsnpruntime.cpp @ 1846] 0012fc04 60a7340a 049eaa80 0031c3a0 049cf3e0 xul!ns4xPluginInstance::Stop+0x187 [e:\fx19rel\winnt_5.2_depend\mozilla\modules\plugin\base\src\ns4xplugininstance.cpp @ 960] 0012fc30 60a87dd0 049eaa80 00000000 0031c3a0 xul!DoStopPlugin+0xed [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1828] 0012fc64 604d5e48 00000000 003156c0 0031d290 xul!nsStopPluginRunnable::Run+0x2a [e:\fx19rel\winnt_5.2_depend\mozilla\layout\generic\nsobjectframe.cpp @ 1890] 0012fc88 604b8a3a 00000001 00000001 0012fca8 xul!nsThread::ProcessNextEvent+0x218 [e:\fx19rel\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp @ 511] 0012fca0 606433fd 00000001 80000000 60584d88 xul!nsBaseAppShell::Run+0x4a [e:\fx19rel\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp @ 169] 0012fcac 60584d88 00f4d1f0 003200a8 00000000 xul!nsAppStartup::Run+0x1e [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp @ 182] 0012fcb4 003200a8 00000000 003200a0 00000001 xul!XRE_main+0xdba [e:\fx19rel\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp @ 3174] WARNING: Frame IP not in any known module. Following frames may be wrong. 0012fcb8 00000000 003200a0 00000001 0033a260 0x3200a8 STACK_COMMAND: ~0s; .ecxr ; kb FAULTING_THREAD: 000007bc PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ FOLLOWUP_IP: js3250!JS_SetPrivate+b [e:\fx19rel\winnt_5.2_depend\mozilla\js\src\jsapi.c @ 2888] 6014692b 894110 mov dword ptr [ecx+10h],eax SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: js3250!JS_SetPrivate+b FOLLOWUP_NAME: MachineOwner MODULE_NAME: js3250 IMAGE_NAME: js3250.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4828540d FAILURE_BUCKET_ID: js3250.dll!JS_SetPrivate_c0000005_NULL_POINTER_READ BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_js3250!JS_SetPrivate+b Followup: MachineOwner ---------
Comment 1•16 years ago
|
||
WFM (no crash) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008052901 Minefield/3.0pre ID:2008052901
Comment 2•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.9 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2010-10-01]
Version: unspecified → 3.0 Branch
Comment 3•14 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.10 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•