Closed Bug 514612 Opened 16 years ago Closed 12 years ago

[LSP] Crash [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ] in SpeedBit Video Accelerator

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: timeless, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [#2 Firefox 3.6b5 topcrash][#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block][3.6.x])

Crash Data

Attachments

(1 file)

Screenshot of SpeedBit's "DAP" caught by SuperAntiSpyware.
66.15 KB, image/png
Details
So, speedbit claims to be a real product from a real company, and claim to want feedback when their product breaks. http://www.videoaccelerator.com/help/ http://www.videoaccelerator.com/support/ Would someone please collect some of their crashes here and then send this bug report to them? Signature RtlpCoalesceFreeBlocks UUID 95501794-ed63-47d3-b9f8-ca0a12090903 Time 2009-09-03 20:52:22.935810 Uptime 6411 Last Crash 676298 seconds before submission Product Firefox Version 3.1b3 Build ID 20090305152042 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 6 model 23 stepping 10 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x102 User Comments Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 ntdll.dll RtlpCoalesceFreeBlocks 1 ntdll.dll RtlpCoalesceFreeBlocks 2 mswsock.dll SockCheckAndInitAsyncConnectHelper 3 sblsp.dll sblsp.dll@0x7228 Filename Version Debug Identifier Debug Filename CommPipe.dll 3.0.9.2 4A5DD0F61 CommPipe.pdb Collector.dll 3.0.9.2 4A5DCFC71 Collector.pdb Accelerator.dll 3.0.9.2 4A5DCFFF1 Accelerator.pdb sblsp.dll 3.0.9.2 4A5DD00F1 SBLSP.pdb ConfigDB.dll 3.0.9.2 4A5DD0E81 ConfigDB.pdb Signature RtlpCoalesceFreeBlocks UUID 54801ed3-257e-401b-9c2f-1fc572090903 Time 2009-09-03 21:20:35.774230 Uptime 9759 Last Crash 9776 seconds before submission Product Firefox Version 3.5.2 Build ID 20090729225027 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info AuthenticAMD family 15 model 72 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 User Comments Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 ntdll.dll RtlpCoalesceFreeBlocks 1 ntdll.dll RtlpCoalesceFreeBlocks 2 mswsock.dll WSPStringToAddress 3 sblsp.dll sblsp.dll@0x1bb58 Filename Version Debug Identifier Debug Filename Collector.dll 2.3.4.4 4959DA641 Collector.pdb ConfigDB.dll 2.3.4.2 4959DB8B1 ConfigDB.pdb Accelerator.dll 2.3.4.4 4959DAA11 Accelerator.pdb CommPipe.dll 2.3.4.2 4959DB9D1 CommPipe.pdb sblsp.dll 2.3.3.9 4959DAB61 SBLSP.pdb
I sent them a message through their support form.
Blocks: 513329
Another instance with a different stack: http://crash-stats.mozilla.com/report/index/d5f43233-d2e2-45e1-a8b8-43bf12091012 0 ntdll.dll RtlpCoalesceFreeBlocks 1 ntdll.dll RtlpCoalesceFreeBlocks 2 mswsock.dll WSPStringToAddress 3 sblsp.dll sblsp.dll@0x7228
Summary: [LSP][@ RtlpCoalesceFreeBlocks ... sblsp ] SpeedBit Video Accelerator → [LSP] Crash [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ] in SpeedBit Video Accelerator
For LSPs, we should consider blocking some of them -- we have the ability to specify what kind of application we are as described in http://blogs.msdn.com/wndp/archive/2006/02/09/529031.aspx ; in this way we can restrict which LSPs get loaded.
vlad: sounds great. i probably should have written that code when i did the research. but...
sblsp.dll accounts for just under 90% of the RtlpCoalesceFreeBlocks crashes in Firefox 3.6b4, that is, just under 90% of the #4 topcrash (which *maybe* bumps it to #5 if we're counting).
Keywords: crash, topcrash
Whiteboard: [#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty]
It accounts for about 75% of the crashes at that signature on Firefox 3.5.5. And these crashes are almost entirely on multicore machines (less so on 3.5.5, where the signature has a bigger portion of other things), so the underlying bug is probably a threadsafety bug.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty] → [#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block]
The version distribution of the sblsp.dll's that are causing crashes at RtlpCoalesceFreeBlocks looks like this: 53% (571/1069) vs. 1% (1226/101951) sblsp.dll 5% (54/1069) vs. 0% (108/101951) 2.3.3.9 0% (0/1069) vs. 0% (2/101951) 3.0.5.5 1% (7/1069) vs. 0% (27/101951) 3.0.9.0 9% (91/1069) vs. 0% (235/101951) 3.0.9.2 39% (419/1069) vs. 1% (846/101951) 3.0.9.9 0% (0/1069) vs. 0% (5/101951) 3.1.0.3 0% (0/1069) vs. 0% (2/101951) 3.1.1.0 0% (0/1069) vs. 0% (1/101951) 3.1.1.8 In other words, crashes at RtlpCoalesceFreeBlocks, RtlpAdjustHeapLookasideDepth, RtlInitializeCriticalSection, LdrpUnloadShimEngine, and RtlpDeCommitFreeBlock | RtlpCoalesceFreeBlocks (and perhaps other signatures) appear to be caused by 2.3.* and 3.0.* versions of sblsp.dll, but not by 3.1.* versions.
Moving this to the blocklisting component. It's an LSP, so it would be DLL blocklisting, not plugin or addon blocklisting.
Component: Networking → Blocklisting
Product: Core → addons.mozilla.org
QA Contact: networking → blocklisting
Version: Trunk → unspecified
Actually, though, the current version on their Web page is 3.0.9.9, so the 3.1.* are probably beta/testing versions that we're not likely to see enough of in our user population to know if they still crash us.
I sent the following note through the form in http://www.videoaccelerator.com/support/ As described in https://bugzilla.mozilla.org/show_bug.cgi?id=514612 , the SpeedBit Video Accelerator (sblsp.dll) appears to be among the common causes of crashes in Firefox. As part of our (Mozilla's) effort to reduce the number of crashes our users are seeing, we're trying to get third-party software that is causing Firefox to crash to fix the problems causing those crashes, or, if that's not possible, block such software from loading in Firefox's process. We'd be interested in knowing (1) whether you're aware of these problems, (2) whether you're working on a fix, and (3) how quickly such a fix would reach your users. To let us know, feel free to (preferably) add comments to the bug report above or (alternatively) reply to me by email.
SpeedBit also seems to produce the extension https://addons.mozilla.org/en-US/firefox/addon/11720 , which is present in a significant number of these crashes, but only about half the number that have the sblsp.dll module loaded. (I'm looking at 3.6b5 data right now.) Given that sblsp.dll is in the stack, it still seems much more likely that sblsp.dll is the cause.
Whiteboard: [#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block] → [#2 Firefox 3.6b5 topcrash][#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block]
Nominating the #1 and #2 topcrashes so they're on people's radar, although I personally don't think they're hard blockers.
Flags: blocking-firefox3.6?
Agreed that this isn't blocking; once we have more information from the vendor we can decide how to deal with this.
Flags: wanted-firefox3.6+
Flags: blocking-firefox3.6?
Flags: blocking-firefox3.6-
Whiteboard: [#2 Firefox 3.6b5 topcrash][#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block] → [#2 Firefox 3.6b5 topcrash][#4 Firefox 3.6b4 topcrash][crashkill][crashkill-thirdparty][crashkill-block][3.6.x]
At the risk of stepping on morgamic's toes, I've also sent a note to their press alias trying to get a proper engineering contact, and suggesting that blocklisting was our other option. Given dbaron's comment 11 though, it's not clear to me whether add-on blocklisting will be enough, or whether we'll eventually need to DLL blocklist as well.
Crash Signature: [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ]
Duplicate of: 513329
(In reply to comment #0) > So, speedbit claims to be a real product from a real company, and claim to want feedback when their product breaks. ... No doubt ! (In reply to comment #4) > vlad: sounds great. i probably should have written that code when i did the > research. but... I noticed that SpeedBit's DAP has millions of downloads (from a reputable Site) so I thought I would try it. I guess I should have done more research ... Speed-Bit does 'LOOK' fairly great and really works well (for what it CLAIMS to do BUT POORLY for what it does NOT "claim", see below!) with Internet Explorer and YouTube Videos. It is unfortunate the WE do not use multiple Streams when feeding data to the Flash Plugin or clicking on a download Link then we could have a built-in "Download Accelerator". What SpeedBit does not make clear ("claim") when you install it is that it will install more than one Program and overwrite some of your Files in your Windows' Directory. "SuperAntiSpyware" claims it Hijacks your Browser to snoop and feed you 'Search Suggestions' (see enclosed Screenshot). "GMER" "Rootkit Scan" claims it re-writes executables (that are ran at Startup) in Memory and makes JMPs to SpeedBit's .DLLs . It took me over 4 hours work to ensure I had removed "DAP", "SpeedBit Video Accelerator", "SpeedBit Video Downloader" and "SearchPredict". I spent another day doing Scans to make sure I got everything that was attached to something executable - I still have a few files it dropped into "C:\WINDOWS\system32" like "AniGIF.ocx", "EasyHook64.dll", "EasyHook32.dll" etc. that are yet to be removed. I also submitted the SpeedBit Installer to a few "Online Scanners" and here is a bit of that: ------------------------------------------------------------------------------ dap97beta.exe http://cloud.iobit.com/index.php?id=14bb8bdea27ff80043ef39b2f385a26b341d0c0ee9bfe86d0cf1f29d5a83fa54c32660613a6f6e01ea521ab82a104237ac2699c63c1ade25ddb8d8bc&signature=f54f889ffca6889d10 dap96.exe http://cloud.iobit.com/index.php?id=14bb8bdea223a85211e13ab5a2d3f1386245015cbabeba6e5ca6a2cc518ef806c4223264666f6e01ea521ab82a104237ac2699c7701ad221&signature=0e7c3720a61970378b Report ATAS Registry: Action Path Value Data Create key HKLM\SOFTWARE\Microsoft\Cryptography\RNG nil ... Report ATAS Malicious Api: Pid name Count 1188 NtWriteVirtualProcess 4 1188 NtReadVirtualProcess 3 ------------------------------------------------------------------------------ dap97beta.exe http://www.virustotal.com/file-scan/report.html?id=97f3f093a2a4e6e9586f352a8eb237b54c337b6e7d5d9ef8cd017088b7073030-1310519213 Antivirus Version Last Update Result ... eSafe 7.0.17.0 2011.07.12 Virus in password protected archive ... ------------------------------------------------------------------------------ It probably crashes Firefox so often because they are injecting Code that does not work on everyone's Computer. Timeless, I would suggest you run some Spyware Scanners and see for yourself. I don't know how we can "block" someone running an Executable that overwrites System Files _before_ they run Firefox but at least we can detect it afterwards. If the consensus (here at Mozilla) is that the Installer's "Fine Print" does not fully explain all that the SpeedBit Programs do to one's Computer then the Extension could be Blacklisted and a popup could warn the User that we don't support the Program and advise it's removal (along with an URL of how to do it properly).
The Website at 'cnet' has updated the file from "dap97bete.exe to "dap97.exe" and the newer version is some 2K smaller, the Report from IOBit seems similar though: http://cloud.iobit.com/index.php?id=14bb8bdea229f85143e639eaf784fd3d63455159b8bbbd6d5ca2f4cb028ef8039222643d3c6f6e01ea521ab82a104237ac2699c6014b84218bb8&signature=9bd10a63f7161efa42
After removing SpeedBit Spyware I have been able to close FOUR other Bug Reports here; on the basis that the crashes/hanging/pinning was caused by using Speedbit's Software (and not the fault of our programming efforts). Recommended for Blacklisting and we should go out of our way to detect if it was ever installed :( . That will prevent a lot of mysterious crashes and avoid chasing a lot of strange Bugs that are not our fault.
Crash Signature: [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ] → [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ]
Crash Signature: [@ RtlpCoalesceFreeBlocks ] [@ sblsp.dll@0x7228 ] → sblsp.dll@0x25b4] [@ sblsp.dll@0x6ed7] [@ sblsp.dll@0x3f85] [@ sblsp.dll@0x4d22] [@ RtlpWaitOnCriticalSection | RtlpDeCommitFreeBlock | sblsp.dll@0x3ec1] [@ RtlpWaitOnCriticalSection | EtwEventEnabled | sblsp.dll@0x3ec1] [@ sblsp.dll@0x6967] [@ sbls…
Keywords: topcrash
Closing old blocklist bugs. Please reopen if the problem still exists.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: