Closed
Bug 531290
Opened 15 years ago
Closed 15 years ago
Firefox 3.6b4 [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ] during npietab.dll initialization [@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | xul.dll@0x9cc3c3 ]
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Tracking
(status1.9.2 beta5-fixed)
RESOLVED
FIXED
mozilla1.9.2
Tracking | Status | |
---|---|---|
status1.9.2 | --- | beta5-fixed |
People
(Reporter: chofmann, Assigned: jst)
References
Details
(Keywords: crash, regression, topcrash, Whiteboard: [crashkill][#2 Firefox 3.6b4 topcrash])
Crash Data
Attachments
(1 file)
786 bytes,
patch
|
jaas
:
review+
|
Details | Diff | Splinter Review |
Very early 3.6b4 crash data shows this as the top crash.
I don't see any reports of this in beta3 or before in a quick scan.
Possibly a few testers that have spotted a new or existing compat problem with IE Tab.
Only comment so far is
"Test d'utilisation du module IE Tab"
Stack looks like
http://crash-stats.mozilla.com/report/index/c07d22ba-b8a2-4050-8807-05b892091126
Frame Module Signature [Expand] Source
0 plc4.dll PL_strlen nsprpub/lib/libc/src/strlen.c:50
1 xul.dll nsNPAPIPluginInstance::Initialize modules/plugin/base/src/nsNPAPIPluginInstance.cpp:1091
2 npietab.dll npietab.dll@0x3789
3 npietab.dll npietab.dll@0x3470
4 xul.dll nsPluginNativeWindow::CallSetWindow obj-firefox/dist/include/nsPluginNativeWindow.h:101
5 xul.dll nsPluginNativeWindowWin::CallSetWindow modules/plugin/base/src/nsPluginNativeWindowWin.cpp:510
6 xul.dll nsPluginHost::InstantiateEmbeddedPlugin modules/plugin/base/src/nsPluginHost.cpp:3267
7 xul.dll nsObjectFrame::InstantiatePlugin layout/generic/nsObjectFrame.cpp:1021
8 xul.dll nsObjectFrame::Instantiate layout/generic/nsObjectFrame.cpp:2088
9 xul.dll nsObjectLoadingContent::Instantiate content/base/src/nsObjectLoadingContent.cpp:1763
10 xul.dll nsObjectLoadingContent::EnsureInstantiation content/base/src/nsObjectLoadingContent.cpp:787
11 xul.dll nsHTMLPluginObjElementSH::GetPluginInstanceIfSafe dom/base/nsDOMClassInfo.cpp:9415
12 xul.dll nsHTMLPluginObjElementSH::SetupProtoChain dom/base/nsDOMClassInfo.cpp:9495
13 xul.dll nsHTMLPluginObjElementSH::PostCreate dom/base/nsDOMClassInfo.cpp:9608
14 xul.dll FinishCreate js/src/xpconnect/src/xpcwrappednative.cpp:660
15 xul.dll XPCWrappedNative::GetNewOrUsed js/src/xpconnect/src/xpcwrappednative.cpp:590
16 xul.dll XPCConvert::NativeInterface2JSObject js/src/xpconnect/src/xpcconvert.cpp:1199
17 xul.dll XPCConvert::NativeData2JS js/src/xpconnect/src/xpcconvert.cpp:471
18 xul.dll XPCConvert::NativeData2JS js/src/xpconnect/src/xpcprivate.h:2974
19 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2809
20 xul.dll XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1740
21 js3250.dll js_Invoke js/src/jsinterp.cpp:1360
22 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1423
23 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5098
24 xul.dll XPC_NW_FunctionWrapper js/src/xpconnect/src/XPCNativeWrapper.cpp:531
25 js3250.dll js_Invoke js/src/jsinterp.cpp:1360
26 js3250.dll js_Interpret js/src/jsops.cpp:2240
27 js3250.dll js_Invoke js/src/jsinterp.cpp:1368
28 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1423
29 js3250.dll js_GetPropertyHelper js/src/jsobj.cpp:4271
30 js3250.dll js_Interpret js/src/jsops.cpp:1520
31 js3250.dll js_Invoke js/src/jsinterp.cpp:1368
32 xul.dll nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1696
33 xul.dll nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:570
34 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
35 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
36 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1041
more reports at
http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=PL_strlen%20|%20nsNPAPIPluginInstance%3A%3AInitialize%28nsIPluginInstanceOwner*%2C%20char%20const*%29&date=&range_value=1&range_unit=weeks&do_query=1&signature=PL_strlen%20|%20nsNPAPIPluginInstance%3A%3AInitialize%28nsIPluginInstanceOwner*%2C%20char%20const*%29
Summary: Firefox 3.6b4 [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ] → Firefox 3.6b4 [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ] during npietab.dll initialization
Reporter | ||
Comment 1•15 years ago
|
||
there are a few instances of this showing up in builds from a few days ago
3.6b2pre 2009 11 08 053558
http://crash-stats.mozilla.com/report/index/a967984c-35c0-4a41-ba71-9400e2091121
3.6b3pre 2009 11 09 051912
http://crash-stats.mozilla.com/report/index/9757e9a9-223c-4c80-8405-9127d2091113
3.6b3pre 2009 11 13 051922
http://crash-stats.mozilla.com/report/index/036b1578-b275-4435-94e5-8acbb2091115
then the larger ramp up in reports begins on
3.6b4pre 2009 11 19 052617
http://crash-stats.mozilla.com/report/index/b4f77c3e-a94a-46a2-8345-1ea212091120
And the volume on this signature seems to be ramping quickly
51 reports on this signature in 3.6b4 and 3.5b5pre build in the last day.
Reporter | ||
Updated•15 years ago
|
Keywords: crash,
regression
Reporter | ||
Updated•15 years ago
|
Whiteboard: [crashkill]
Reporter | ||
Comment 2•15 years ago
|
||
IE Tab is only shown compatible with 3.6a1
https://addons.mozilla.org/en-US/firefox/addon/1419
Based on the early data, this is continuing to look like the #1 topcrash in Firefox 3.6b4.
Flags: blocking1.9.2?
Keywords: topcrash
Whiteboard: [crashkill] → [crashkill][#1 Firefox 3.6b4 topcrash]
Are there any recent changes to IE Tab that might have caused this to start happening?
Reporter | ||
Comment 5•15 years ago
|
||
the amo page says:
Updated June 2, 2009
Comment 6•15 years ago
|
||
Are we sure that this is IE Tab?
If so, then the question is: why are we seeing more of this now, and that could be answered by the fact that LifeHacker posted a "how to get your add-ons to work in Firefox 3.6 beta" article recently.
If not, then we should figure out what else could be causing it; the b3/b4 divide makes me suspicious.
Reporter | ||
Comment 7•15 years ago
|
||
(In reply to comment #6)
> Are we sure that this is IE Tab?
>
no, but its a bystander near the top of the stack.
> If so, then the question is: why are we seeing more of this now, and that could
> be answered by the fact that LifeHacker posted a "how to get your add-ons to
> work in Firefox 3.6 beta" article recently.
>
> If not, then we should figure out what else could be causing it; the b3/b4
> divide makes me suspicious.
plugin code surrounds the ie tab code on the stack. plugin changes might be responsible, or plugin changes might have tickled an old bug in ie tab.
josh, any thoughts on recent plugin initialization changes that might have tickled bugs here?
Reporter | ||
Comment 8•15 years ago
|
||
many more comments from users in the last day. most believe the problem is with IEtab. others indicate a problem in trying to login to hotmail/banking sites
> Hi, the crash occurs when I try to log to my hotmail account, even typing the URL directly in the address field (so no link with MSN).
maybe those are pre-configed to use ittab?
There is one other interesting comment about another addon that might also have problems
> Likely to be the extension "decreased productivity". Activating the "hide images" button in this extension, caused Firefox to crash
or, is "decreased productivity" just a nick name for ietab ;-)
I guess not, dp -> https://addons.mozilla.org/en-US/firefox/addon/6682
Reporter | ||
Comment 9•15 years ago
|
||
Its interesting that all the reported urls for this signature look something like this...
[path on hardrive to user profile]jumbuldy-gook-path-hiding.default/extensions/%7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D/chrome/content/reloaded.html?url=http://www.cnn.com/ --- or some other site...
Comment 10•15 years ago
|
||
That's the UUID of IETab, yup.
I don't think this blocks, but we should reach out to the author of the add-on and figure out if we changed something between b3 and b4 that would cause this amount of crashy-crash.
The list I have of changes in Core::Plug-ins is:
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:beta4-fixed%20component:Plug-ins
Flags: blocking1.9.2? → blocking1.9.2-
Comment 11•15 years ago
|
||
(cc'd the author of IE Tab to this bug - PCMan, could you please read through the previous comments and help us understand what might be causing this crash?
Comment 12•15 years ago
|
||
I suspect that this 3.6b4 crash signature is the same thing:
[@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | xul.dll@0x9cc3c3 ]
(there are 42 crashes for 3.6b4, #94 on the b4 top crash list)
http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.6b4&version=Firefox%3A3.6b5pre&query_search=signature&query_type=exact&query=&date=&range_value=1&range_unit=weeks&do_query=1&signature=nsCOMPtr_base%3A%3Aassign_from_qi%28nsQueryInterface%2C%20nsID%20const%26%29%20|%20xul.dll%400x9cc3c3
and this signature for 3.6b5pre:
[@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | xul.dll@0x9da477 ]
(3 crashes for 3.6b5pre, #17 on the b5pre top crash list)
http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.6b5pre&query_search=signature&query_type=exact&query=&date=&range_value=2&range_unit=weeks&do_query=1&signature=nsCOMPtr_base%3A%3Aassign_from_qi%28nsQueryInterface%2C%20nsID%20const%26%29%20|%20xul.dll%400x9da477
Summary: Firefox 3.6b4 [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ] during npietab.dll initialization → Firefox 3.6b4 [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ] during npietab.dll initialization [@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | xul.dll@0x9cc3c3 ]
Whiteboard: [crashkill][#1 Firefox 3.6b4 topcrash] → [crashkill][#2 Firefox 3.6b4 topcrash]
Comment 13•15 years ago
|
||
This bug is caused by IE Tab uses the invalid domWindow from NPN_GetValue().
Since fx3.6b4, it seems plug-in will no longer use NPN_GetValue() to get the NPNVDOMWindow object. Thus, NPN_GetValue() always return NPERR_GENERIC_ERROR in this case.
Refer to the source code:
http://www.mozdev.org/source/browse/ietab/src/plug-in/plugin.cpp?rev=1.13;ln=1
See function nsPluginInstance::init(), near line 139:
139: NPN_GetValue( this->getInstance(), NPNVDOMWindow,
140: NS_STATIC_CAST(nsIDOMWindow **, &domWindow));
You can see IE Tab didn't check the success of NPN_GetValue(), it only check domWindow is not NULL, then immediately use domWindow to call GetDocument().
141: if (domWindow) {
142: nsIDOMDocument* doc;
143: if( NS_SUCCEEDED( domWindow->GetDocument( &doc ) ) )
Actually, line 139, the NPN_GetValue() return NPERR_GENERIC_ERROR, so the domWindow is invalid. Then, line 143, the call domWindow->GetDocument() causes EXCEPTION_ACCESS_VIOLATION and crash the Firefox.
Comment 14•15 years ago
|
||
Getting XPCOM objects through NPN_GetValue() was removed by bug 500513.
Blocks: 500513
Reporter | ||
Comment 15•15 years ago
|
||
nick/fligtar, sounds like we need a scan of all addon source for uses of NPN_GetValue() and (another?) alert to addon developers about this change.
considering the pretty high use of IE tab seems like this should block on getting a fixed version of IE tab in place.
Flags: blocking1.9.2- → blocking1.9.2?
Reporter | ||
Comment 17•15 years ago
|
||
as mentioned in comment 8
"decreased productivity" https://addons.mozilla.org/en-US/firefox/addon/6682
should also get checked for use of NPN_GetValue()
dbaron's addon correlation analysis might also be helpful here to broadcast to and check the widest network of addons that might have this problem. Here is the list of addons that were around when we hit this crash on 11/27. There will likely be some false positives in the list, but its a good place to start investigations and outreach.
PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*)|EXCEPTION_ACCESS_VIOLATION (193 crashes)
100% (193/193) vs. 7% (248/3557) {77b819fa-95ad-4f2c-ac7c-486b356188a9} (IE Tab, https://addons.mozilla.org/addon/1419)
68% (131/193) vs. 22% (783/3557) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
50% (96/193) vs. 10% (346/3557) compatibility@addons.mozilla.org
38% (74/193) vs. 10% (350/3557) {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} (Download Statusbar, https://addons.mozilla.org/addon/26)
33% (63/193) vs. 4% (152/3557) {8620c15f-30dc-4dba-a131-7c5d20cf4a29} (Nightly Tester Tools, https://addons.mozilla.org/addon/6543)
27% (53/193) vs. 5% (169/3557) {dc572301-7619-498c-a57d-39143191b318} (Tab Mix Plus, https://addons.mozilla.org/addon/1122)
25% (48/193) vs. 6% (197/3557) {DDC359D1-844A-42a7-9AA1-88A850A938A8} (DownThemAll!, https://addons.mozilla.org/addon/201)
22% (42/193) vs. 4% (154/3557) foxmarks@kei.com (Xmarks (formerly Foxmarks), https://addons.mozilla.org/addon/2410)
21% (40/193) vs. 4% (158/3557) {e4a8a97b-f2ed-450b-b12d-ee082ba24781} (Greasemonkey, https://addons.mozilla.org/addon/748)
21% (40/193) vs. 5% (165/3557) {1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox, https://addons.mozilla.org/addon/5791)
22% (42/193) vs. 9% (305/3557) {b9db16a4-6edc-47ec-a1f4-b86292ed211d} (Video DownloadHelper, https://addons.mozilla.org/addon/3006)
19% (36/193) vs. 6% (214/3557) {73a6fe31-595d-460b-a920-fcc0f8843232} (NoScript, https://addons.mozilla.org/addon/722)
16% (30/193) vs. 3% (106/3557) {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} (MR Tech Toolkit, https://addons.mozilla.org/addon/421)
17% (33/193) vs. 6% (200/3557) personas@christopher.beard (Personas, https://addons.mozilla.org/addon/10900)
19% (36/193) vs. 7% (262/3557) {3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar, https://addons.mozilla.org/addon/6249)
13% (25/193) vs. 2% (70/3557) {4BBDD651-70CF-4821-84F8-2B918CF89CA3} (FEBE, https://addons.mozilla.org/addon/2109)
13% (26/193) vs. 3% (90/3557) {1280606b-2510-4fe0-97ef-9b5a22eafe41} (Fission, https://addons.mozilla.org/addon/1951)
12% (23/193) vs. 1% (36/3557) {0545b830-f0aa-4d7e-8820-50a4629a56fe} (ColorfulTabs, https://addons.mozilla.org/addon/1368)
15% (29/193) vs. 4% (152/3557) {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} (FlashGot, https://addons.mozilla.org/addon/220)
13% (26/193) vs. 3% (109/3557) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843)
11% (21/193) vs. 1% (27/3557) checkplaces@andyhalford.com (CheckPlaces, https://addons.mozilla.org/addon/10897)
11% (22/193) vs. 1% (48/3557) {a7c6cf7f-112c-4500-a7ea-39801a327e5f} (FireFTP, https://addons.mozilla.org/addon/684)
13% (25/193) vs. 3% (104/3557) {37E4D8EA-8BDA-4831-8EA1-89053939A250} (PDF Download, https://addons.mozilla.org/addon/636)
46% (88/193) vs. 36% (1267/3557) {20a82645-c095-46ed-80e3-08825760534b} (Microsoft .NET Framework Assistant, http://www.windowsclient.net/)
11% (22/193) vs. 2% (58/3557) FasterFox_Lite@BigRedBrent (Fasterfox, https://addons.mozilla.org/addon/9148)
11% (22/193) vs. 2% (61/3557) {000a9d1c-beef-4f90-9363-039d445309b8} (Google Gears Portable, https://addons.mozilla.org/addon/13492)
12% (23/193) vs. 3% (90/3557) {3d7eb24f-2740-49df-8937-200b1cc08f8a} (Flashblock, https://addons.mozilla.org/addon/433)
11% (21/193) vs. 2% (86/3557) {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} (Forecastfox, https://addons.mozilla.org/addon/398)
10% (20/193) vs. 2% (77/3557) firegestures@xuldev.org (FireGestures, https://addons.mozilla.org/addon/6366)
9% (17/193) vs. 1% (25/3557) add-to-searchbox@maltekraus.de (Add to Search Bar, https://addons.mozilla.org/addon/3682)
37% (71/193) vs. 29% (1021/3557) jqs@sun.com (Java Quick Starter, http://java.sun.com/javase/downloads/)
9% (17/193) vs. 1% (32/3557) {54BB9F3F-07E5-486c-9B39-C7398B99391C} (Text Link, https://addons.mozilla.org/addon/1939)
8% (16/193) vs. 1% (25/3557) LogMeInClient@logmein.com
9% (17/193) vs. 1% (50/3557) bettergmail2@ginatrapani.org (Better Gmail 2, https://addons.mozilla.org/addon/6076)
8% (16/193) vs. 1% (45/3557) piclens@cooliris.com (Cooliris, https://addons.mozilla.org/addon/5579)
8% (15/193) vs. 1% (27/3557) locationbar2@design-noir.de (Locationbar², https://addons.mozilla.org/addon/4014)
8% (16/193) vs. 1% (47/3557) {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} (CustomizeGoogle, https://addons.mozilla.org/addon/743)
10% (19/193) vs. 3% (116/3557) elemhidehelper@adblockplus.org (Adblock Plus: Element Hiding Helper, https://addons.mozilla.org/addon/4364)
8% (15/193) vs. 1% (45/3557) {d37dc5d0-431d-44e5-8c91-49419370caa1} (FoxClocks, https://addons.mozilla.org/addon/1117)
7% (14/193) vs. 1% (27/3557) autopager@mozilla.org (AutoPager, https://addons.mozilla.org/addon/4925)
7% (14/193) vs. 1% (29/3557) {582195F5-92E7-40a0-A127-DB71295901D7} (Gmail Manager, https://addons.mozilla.org/addon/1320)
10% (19/193) vs. 4% (127/3557) {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} (Stylish, https://addons.mozilla.org/addon/2108)
9% (17/193) vs. 3% (92/3557) {64161300-e22b-11db-8314-0800200c9a66} (Speed Dial, https://addons.mozilla.org/addon/4810)
7% (14/193) vs. 1% (47/3557) {EDA7B1D7-F793-4e03-B074-E6F303317FB0} (Menu Editor, https://addons.mozilla.org/addon/710)
7% (13/193) vs. 1% (29/3557) {6e84150a-d526-41f1-a480-a67d3fed910d} (IE View, https://addons.mozilla.org/addon/35)
6% (12/193) vs. 1% (22/3557) {02450954-cdd9-410f-b1da-db804e18c671} (Screengrab, https://addons.mozilla.org/addon/1146)
100% (193/193) vs. 94% (3360/3557) {972ce4c6-7e08-4474-a285-3208198ce6fd} (Default, https://addons.mozilla.org/addon/8150)
7% (14/193) vs. 2% (62/3557) {EF522540-89F5-46b9-B6FE-1829E2B572C6} (GooglePreview, https://addons.mozilla.org/addon/189)
9% (17/193) vs. 3% (118/3557) {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} (WOT, https://addons.mozilla.org/addon/3456)
6% (12/193) vs. 1% (30/3557) {07b2a769-ed19-4483-87ce-c643914c81bb} (Vista-aero, https://addons.mozilla.org/addon/4988)
6% (11/193) vs. 1% (19/3557) de-DE@dictionaries.addons.mozilla.org (German Dictionary, https://addons.mozilla.org/addon/3077)
6% (12/193) vs. 1% (38/3557) {95f24680-9e31-11da-a746-0800200c9a66} (Update Notifier, https://addons.mozilla.org/addon/2098)
6% (11/193) vs. 1% (20/3557) {c4d362ec-1cff-4ca0-9031-99a8fad7995a} (Configuration Mania, https://addons.mozilla.org/addon/4420)
6% (12/193) vs. 1% (39/3557) {c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer, https://addons.mozilla.org/addon/60)
Reporter | ||
Comment 18•15 years ago
|
||
latest list like for comment 17 can be found in http://people.mozilla.com/crash_analysis/20091129/ or daily directories and you can even get specific versions that might have the problem. check the 20091129_Firefox_3.6b4-interesting-addons-with-versions.txt.gz or similar files. just search down in the file for "nsNPAPIPluginInstance::Initialize"
We might also see the list grow as more people check out 3.6 betas with a wider variety of addons.
Reporter | ||
Comment 19•15 years ago
|
||
we could also approach this on the module side. here are the .dll's that are around when we hit this crash on 11/27. where there is overlap between a .dll that is a binary component of an addon from the list above we might have a good candidate in need of a fix. do we keep a list of addons with binary components some where?
PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*)|EXCEPTION_ACCESS_VIOLATION (193 crashes)
100% (193/193) vs. 6% (212/3557) npietab.dll
100% (193/193) vs. 9% (325/3557) oledlg.dll
74% (143/193) vs. 52% (1833/3557) lpk.dll
78% (150/193) vs. 59% (2098/3557) msctf.dll
52% (101/193) vs. 35% (1244/3557) wship6.dll
35% (67/193) vs. 17% (620/3557) explorerframe.dll
35% (67/193) vs. 17% (620/3557) dui70.dll
75% (144/193) vs. 58% (2056/3557) apphelp.dll
36% (70/193) vs. 20% (697/3557) duser.dll
35% (67/193) vs. 19% (685/3557) profapi.dll
35% (67/193) vs. 20% (711/3557) RpcRtRemote.dll
35% (67/193) vs. 20% (711/3557) cryptsp.dll
99% (191/193) vs. 84% (2997/3557) nssckbi.dll
38% (73/193) vs. 23% (824/3557) cscapi.dll
99% (191/193) vs. 84% (3003/3557) freebl3.dll
99% (191/193) vs. 84% (3003/3557) nssdbm3.dll
99% (191/193) vs. 84% (3003/3557) softokn3.dll
44% (84/193) vs. 29% (1031/3557) EhStorShell.dll
34% (66/193) vs. 20% (700/3557) slc.dll
34% (66/193) vs. 20% (700/3557) srvcli.dll
91% (175/193) vs. 76% (2709/3557) shdocvw.dll
35% (67/193) vs. 20% (729/3557) devobj.dll
35% (67/193) vs. 20% (729/3557) sechost.dll
35% (67/193) vs. 20% (729/3557) CRYPTBASE.dll
35% (67/193) vs. 20% (729/3557) KERNELBASE.dll
34% (66/193) vs. 20% (713/3557) FWPUCLNT.DLL
49% (95/193) vs. 35% (1261/3557) powrprof.dll
35% (68/193) vs. 22% (770/3557) cfgmgr32.dll
40% (77/193) vs. 27% (949/3557) msvcr80.dll
37% (72/193) vs. 25% (880/3557) ntshrui.dll
31% (59/193) vs. 18% (651/3557) sspicli.dll
46% (89/193) vs. 34% (1207/3557) WindowsCodecs.dll
47% (90/193) vs. 34% (1227/3557) pnrpnsp.dll
46% (89/193) vs. 34% (1213/3557) NapiNSP.dll
46% (89/193) vs. 34% (1213/3557) nlaapi.dll
46% (89/193) vs. 34% (1225/3557) winnsi.dll
46% (89/193) vs. 34% (1226/3557) Wldap32.dll
46% (89/193) vs. 34% (1227/3557) IPHLPAPI.DLL
46% (89/193) vs. 34% (1227/3557) propsys.dll
46% (89/193) vs. 35% (1228/3557) WSHTCPIP.DLL
46% (89/193) vs. 35% (1230/3557) nsi.dll
38% (74/193) vs. 27% (955/3557) msctfime.ime
19% (36/193) vs. 7% (255/3557) googletoolbar-ff3.dll
19% (36/193) vs. 7% (255/3557) googletoolbarloader.dll
98% (189/193) vs. 87% (3086/3557) rasadhlp.dll
100% (193/193) vs. 89% (3162/3557) mscms.dll
46% (89/193) vs. 36% (1263/3557) dwmapi.dll
16% (30/193) vs. 5% (181/3557) lgscroll.dll
63% (122/193) vs. 53% (1897/3557) rsaenh.dll
77% (148/193) vs. 68% (2408/3557) iertutil.dll
21% (40/193) vs. 12% (438/3557) msi.dll
100% (193/193) vs. 92% (3261/3557) ntmarta.dll
12% (23/193) vs. 4% (141/3557) GoogleDesktopCommon.dll
74% (143/193) vs. 66% (2355/3557) normaliz.dll
13% (25/193) vs. 5% (190/3557) GoogleDesktopNetwork3.dll
91% (176/193) vs. 84% (2979/3557) crypt32.dll
91% (176/193) vs. 84% (2981/3557) msasn1.dll
8% (16/193) vs. 1% (45/3557) cooliris.dll
28% (55/193) vs. 22% (776/3557) mdnsNSP.dll
89% (171/193) vs. 82% (2925/3557) userenv.dll
8% (16/193) vs. 2% (72/3557) glu32.dll
8% (16/193) vs. 2% (72/3557) opengl32.dll
7% (13/193) vs. 1% (31/3557) SASSEH.DLL
9% (18/193) vs. 3% (124/3557) RocketDock.dll
6% (12/193) vs. 1% (38/3557) DropboxExt.3.dll
7% (14/193) vs. 2% (77/3557) frozen.dll
8% (15/193) vs. 3% (96/3557) metricsloader.dll
8% (15/193) vs. 3% (96/3557) metrics-ff3.dll
Assignee | ||
Comment 20•15 years ago
|
||
We should at the very least restore the code that handles NPNVDOMWindow (and friends) and make the code return null instead of leaving the out param uninitialized, which would in at least some cases make this crash go away, and in some others turn it into a unexploitable crash. Josh, can you make up a patch that does that? I think we need to block on doing at least that.
Assignee: nobody → joshmoz
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
Target Milestone: --- → mozilla1.9.2
Assignee | ||
Comment 22•15 years ago
|
||
This should avoid *this* crash, but with some plugins it could just change this from a uninitialized pointer access crash to a null pointer dereference crash. Still worth taking IMO.
Attachment #415011 -
Flags: review?(joshmoz)
Attachment #415011 -
Flags: review?(joshmoz) → review+
Comment 23•15 years ago
|
||
Google code search is quite good at finding (open source) consumers, for example
NPN_GetValue of NPNVWindowNPObject:
http://www.google.com/codesearch?q=NPN_GetValue+NPNVWindowNPObject+-webcore+-mozilla.org&hl=en&btnG=Search+Code
I found many that does not check the return value, and some even use a
non-initialized stack variable, eg Gnash and a couple of plugins by Google.
(In reply to comment #18)
> We might also see the list grow as more people check out 3.6 betas with a wider
> variety of addons.
Given that the list shows 100% vs. 7% for IETab, and we know from the stack that IETab is directly related (causative), that leaves only 7% of the list left to be accounted for; the bulk of the list is extensions whose use is correlated with use of IETab. (This is not suprising; many users have no or very few extensions, and many have large numbers.) Correlation does not imply causation. IETab is causative (though not necessarily at fault); most of the rest of the list is just noise.
(In reply to comment #24)
> Given that the list shows 100% vs. 7% for IETab, and we know from the stack
> that IETab is directly related (causative), that leaves only 7% of the list
> left to be accounted for; the bulk of the list is extensions whose use is
er, sorry, it leaves *none* of the list left to be accounted for. It would be 7% if it were 93% vs. 0%.
Assignee | ||
Updated•15 years ago
|
Keywords: checkin-needed
Comment 26•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/e48f74a76449
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/636c633c6b31
Status: NEW → RESOLVED
Closed: 15 years ago
status1.9.2:
--- → final-fixed
Keywords: checkin-needed
Resolution: --- → FIXED
Reporter | ||
Comment 27•15 years ago
|
||
this would be good to get out in a beta soon so we could get at the list of the other addons that might be affected and make some estimates about how widely they might be in use by non-beta testers.
Updated•14 years ago
|
Crash Signature: [@ PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) ]
[@nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | xul.dll@0x9cc3c3 ]
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•