Closed Bug 471274 Opened 16 years ago Closed 16 years ago

null pointer access violations : register dump

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.9.0 Branch
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: thomas.pollet, Unassigned)

Details

(Keywords: crash, Whiteboard: [sg:nse])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 AV handler (1887197643L, 'pop esi') (1887197644L, 'mov [ecx+0x4],eax') (1887197647L, 'mov eax,ecx') (1887197649L, 'retn 0x8') (1887197652L, 'push esi') (1887197653L, 'push edi') (1887197654L, 'mov esi,ecx') (1887197656L, 'mov eax,[esi+0x4]') (1887197659L, 'mov ecx,[esi]') (1887197661L, 'add [esi+0x18],eax') (1887197664L, 'xor edi,edi') (1887197666L, 'push edi') (1887197667L, 'push byte 0x1') (1887197669L, 'push byte 0x1') (1887197671L, 'call 0x707c3902') (1887197676L, 'xor ecx,ecx') (1887197678L, 'mov [eax+0x10],cx') (1887197682L, 'mov cx,[esi+0x8]') (1887197686L, 'mov [eax+0x12],cx') (1887197690L, 'lea ecx,[eax+0x20]') (1887197693L, 'mov [eax],edi') (1887197695L, 'mov [eax+0x4],ecx') (1887197698L, 'mov [eax+0x1c],esi') (1887197701L, 'mov ecx,[esi+0x10]') (1887197704L, 'mov [eax+0xc],ecx') (1887197707L, 'mov [eax+0x8],edi') (1887197710L, 'mov ecx,[esi+0x10]') (1887197713L, 'cmp ecx,edi') (1887197715L, 'jz 0x707c5a18') (1887197717L, 'mov [ecx+0x8],eax') (1887197720L, 'cmp [esi+0xc],edi') (1887197723L, 'jnz 0x707c5a20') (1887197725L, 'mov [esi+0xc],eax') CONTEXT DUMP EIP: 707c59ee mov [eax+0x10],cx EAX: 00000000 ( 0) -> N/A EBX: 0000000a ( 10) -> N/A ECX: 00000000 ( 0) -> N/A EDX: 00000000 ( 0) -> N/A EDI: 00000000 ( 0) -> N/A ESI: 0392d808 ( 59955208) -> .............p*..p.|............................... .y..h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........................0................... (heap) EBP: 002bf0a0 ( 2879648) -> .8Xm.8Xml.......`.g...............g...g......7Xm.t.....`.t..@....t..@.+...l..t.........`x.+....`.=M...l.....G.h...+.f0ippe.-........./.F.....................................@.........?.........?...H.....?.....o...?..$.'. .'.......l.X..yH.+...\p$.'.H.+.Jmop (stack) ESP: 002bf020 ( 2879520) -> .x.|....#.\p$.......C.\pP.........l.|.\pP....Z|pM....:ipM.....l.he.-.......`x.+.\..`.t........+...+....`......+.@.+.x.+...Xm.....8Xm.8Xml.......`.g...............g...g......7Xm.t.....`.t..@....t..@.+...l..t.........`x.+....`.=M...l.....G.h...+.f0ippe.-.... (stack) +00: 7cc67810 (2093381648) -> ......N>O....3.............)..........N>O....3.....7.......).z.............B..........U........I...D......................&=.....G.......N.........&=G............R....................R>O....3........O....3.....~........O....3.............)..src.L.......I.. (heap) +04: 0392d808 ( 59955208) -> .............p*..p.|............................... .y..h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........................0................... (heap) +08: 705ce723 (1885136675) -> N/A +0c: 0392d824 ( 59955236) -> ....................... .y..h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........................0............................................... (heap) +10: 0392d808 ( 59955208) -> .............p*..p.|............................... .y..h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........................0................... (heap) +14: 705ce743 (1885136707) -> N/A call stack : 0x6d583816 from xul.dll, base at 0x6d500000 ------------------------------------------------------------- AV handler (1887197643L, 'pop esi') (1887197644L, 'mov [ecx+0x4],eax') (1887197647L, 'mov eax,ecx') (1887197649L, 'retn 0x8') (1887197652L, 'push esi') (1887197653L, 'push edi') (1887197654L, 'mov esi,ecx') (1887197656L, 'mov eax,[esi+0x4]') (1887197659L, 'mov ecx,[esi]') (1887197661L, 'add [esi+0x18],eax') (1887197664L, 'xor edi,edi') (1887197666L, 'push edi') (1887197667L, 'push byte 0x1') (1887197669L, 'push byte 0x1') (1887197671L, 'call 0x707c3902') (1887197676L, 'xor ecx,ecx') (1887197678L, 'mov [eax+0x10],cx') (1887197682L, 'mov cx,[esi+0x8]') (1887197686L, 'mov [eax+0x12],cx') (1887197690L, 'lea ecx,[eax+0x20]') (1887197693L, 'mov [eax],edi') (1887197695L, 'mov [eax+0x4],ecx') (1887197698L, 'mov [eax+0x1c],esi') (1887197701L, 'mov ecx,[esi+0x10]') (1887197704L, 'mov [eax+0xc],ecx') (1887197707L, 'mov [eax+0x8],edi') (1887197710L, 'mov ecx,[esi+0x10]') (1887197713L, 'cmp ecx,edi') (1887197715L, 'jz 0x707c5a18') (1887197717L, 'mov [ecx+0x8],eax') (1887197720L, 'cmp [esi+0xc],edi') (1887197723L, 'jnz 0x707c5a20') (1887197725L, 'mov [esi+0xc],eax') CONTEXT DUMP EIP: 707c59ee mov [eax+0x10],cx EAX: 00000000 ( 0) -> N/A EBX: 0000000a ( 10) -> N/A ECX: 00000000 ( 0) -> N/A EDX: 00000000 ( 0) -> N/A EDI: 00000000 ( 0) -> N/A ESI: 038df7b0 ( 59635632) -> .\...........pJ....|..............................wx....h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........8................................... (heap) EBP: 0031edc0 ( 3272128) -> -T (stack) ESP: 0031ed40 ( 3272000) -> ...|....#.\p........C.\pP...........|.\pP....Z|pM....:ipM.......h..-........$.1.`.1...1....p......1...1....l......1...1..u.p....-T.l.u.p.:e.0.,..t.....`.t..@....t..`.1....`.t.........`..1....`P.x.$.1.....`.g.<.1..4...u.pP.1.-T.l........G.h...1.f0ipp..-.... (stack) +00: 7cff8810 (2097121296) -> .O..........I....................O..........I....................O..........I....................O...ContextMenu....)..cb.L..........O.)..........................................CO..................@O...Error....)..m........D.....I................O...AsSet (heap) +04: 038df7b0 ( 59635632) -> .\...........pJ....|..............................wx....h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........8................................... (heap) +08: 705ce723 (1885136675) -> N/A +0c: 038df7cc ( 59635660) -> ......................wx....h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........8............................................................... (heap) +10: 038df7b0 ( 59635632) -> .\...........pJ....|..............................wx....h..v.t.v,v.v.v.v0..v.........#\'G7.......?.F........................C.L.S.I.D.\.{.2.7.5.C.2.3.E.2.-.3.7.4.7.-.1.1.D.0.-.9.F.E.A.-.0.0.A.A.0.0.3.F.8.6.4.6.}.........8................................... (heap) +14: 705ce743 (1885136707) -> N/A call stack : 0x70c075a0 from js3250.dll, base at 0x70bc0000 Reproducible: Sometimes Steps to Reproduce: 1.start heavy loaded html with flash , css, iframe etc. 2. 3.
reporter: i have no idea what "debugger" you've used, but what you've provided is absolutely useless. https://developer.mozilla.org/En/How_to_get_a_stacktrace_for_a_bug_report
Assignee: nobody → general
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Resolution: --- → INVALID
Whiteboard: [sg:nse]
Version: unspecified → 1.9.0 Branch
Well, you
You can see the address where firefox failed (eip is the address of the instruction causing an access violation) And the calling function return address. You know what build I used, so it wouldn't be that hard to look at the source code and see what code may have caused the crash. I don't care if you don't mind fixing this, the bug is there.
Given other known bugs that need fixing, the level of effort required here makes it far more likely to be ignored than addressed. If you wish to see this fixed, it would be far better to provide a link to the crash report for this that provides a stack trace. Type "about:crashes" in the location bar, find the report for the appropriate crash, and provide the URL in a comment here; debugging from assembly isn't exactly trivial, nor is it a good way to spend time when it's a reasonable bet this crash is already filed under a different bug.
If you would be interested to reproduce, I came across these bugs while testing the link below, most of the time it's NPSWF32.dll that crashes, sometimes the crashes trace back to firefox dlls (xul,js3250) http://www.bintest.com/m/malloc.html
You need to log in before you can comment on or make changes to this bug.