Closed Bug 566443 Opened 14 years ago Closed 11 years ago

Make Flash signatures cleaner

Categories

(Socorro :: Webapp, task)

Product:
Socorro
Component:
Webapp
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jruderman, Unassigned)

Details

Topcrash lists are full of things like "F_20680835_________________________________".  Please transform these function names to something cleaner like "Flash_20680835", at least when generating signatures.
Some have the form "F1559406643________________________________________", no underscore after the "F".
It is advantageous for our PDB file obfuscation/deobfuscation algorithm to keep the string before the trailing _'s as short as possible. There will only be at most one _ between the F and the number. The number of _s after the number can vary from 0 to n. 

Would it be possible for the website that reports this information to include which module that symbol occurs in? Maybe NPSWF32.dll: F_20680835_________________________________ ? It seems like it should just be a matter of printing out another column from a database. If that's not feasible, then how about replacing some of the trailing _'s with "(Flash)".
Amir, when you're looking at a particular crash report the module is included in the table, e.g. http://crash-stats.mozilla.com/report/index/caea6654-7f0e-4620-bbae-e92b32100518

Amir, are the trailing underscores significant to the deobfuscation algorithm, or can we remove them?

I really only want to do this for the signature, and only for Flash, since trailing underscores may be significant in other cases. Perhaps something like

s/^(F.*)_+$/\1/
The number of trailing underscores IS important, but only when we run our deobfuscator on it. We're still working on establishing a fluid work flow with interacting with your site and our deobfuscator, but so far we've been copying the stack from the Raw Dump tab only and sticking it into our deobfuscator. I understand you all have a lot of reporting around it (not just the URL you sent above), so if those reports on the Details tab had underscores truncated, it shouldn't be an issue -- because we don't run our deobfuscator on it anyway -- at least not today.
Since the number of underscores is relevant to Adobe, I suggest we WONTFIX this bug.
What do the trailing underscores represent? I assumed they were just padding, and stripping the underscores wouldn't cause collisions.
Component: Socorro → General
Product: Webtools → Socorro
Component: General → Webapp
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.