Closed Bug 574533 Opened 11 years ago Closed 10 years ago

Crash [@ msvcr80d.dll@0x3b10c][@ QuickTime Plugin@0x1ecd0]

Categories

(Core :: Plug-ins, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 575836

People

(Reporter: bc, Assigned: cjones)

References

()

Details

(Keywords: crash, Whiteboard: [sg:dupe 575836])

Crash Data

Attachments

(2 files)

Attached file windows crash report
1. load <http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=363625540>
2. crash.

1.9.2, 1.9.3 winxp, vista, mac 10.5 ppc (but not mac 10.5 intel I think) quicktime 7.6.6

Example crash report
Operating system: Windows NT
                  6.0.6002 Service Pack 2
CPU: x86
     AuthenticAMD family 15 model 33 stepping 2
     1 CPU

Crash reason:  EXCEPTION_ACCESS_VIOLATION
Crash address: 0xffffffffcdcdcdcd

Thread 0 (crashed)
 0  msvcr80d.dll + 0x3b10c
    eip = 0x7295b10c   esp = 0x0012e3f4   ebp = 0x0012e3fc   ebx = 0x00000001
    esi = 0x00bd6018   edi = 0x00000000   eax = 0xcdcdcdcd   ecx = 0xcdcdcdcd
    edx = 0xcdcdcdcd   efl = 0x00010202

Uninitialized heap is bad, and a crash address determined by unitialized memory is worse, mmmkay?

I also see the assertion:

ASSERTION: attribute/parameter array not setup correctly for NPAPI plugins: '!values[count]'

in modules/plugin/base/src/nsNPAPIPluginInstance.cpp mac ppc for 1.9.1, 1.9.2.

Do we have Apple Quicktime contacts?
Attached file mac ppc crash report
jst, the more I think about it the more I wonder if this isn't a bug in Core:Plugins rather than Plugins:Quicktime. What do you think?
Whiteboard: [sg:critical+] → [sg:critical]
Whiteboard: [sg:critical] → [sg:critical][critsmash:investigating]
jst says this should be assigned to josh, because we recently fixed a bunch of similar issues.
Assignee: nobody → joshmoz
Assignee: joshmoz → nobody
Component: QuickTime (Apple) → Plug-ins
Product: Plugins → Core
QA Contact: apple-quicktime → plugins
Version: 7.x → unspecified
... and want it back-ported to the 1.9.2 branch.
status1.9.1: --- → ?
Josh, can you have a look here? Might be fixed by your previous fixes to the plugin code.
Assignee: nobody → joshmoz
I think this was fixed by bug 575836.
Using today's mozilla-central nightly build I could not reproduce this on Mac OS X 10.6 or 64-bit Windows 7 (32-bit build). I backed out the patch for bug 575836 and I was able to reproduce on Mac OS X.

Resolving this as a duplicate of bug 575836, will see if we need to backport the patch there.
Assignee: joshmoz → jones.chris.g
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2010-2755
Whiteboard: [sg:critical][critsmash:investigating] → [sg:dupe 575836][critsmash:investigating]
Group: core-security
Whiteboard: [sg:dupe 575836][critsmash:investigating] → [sg:dupe 575836]
Crash Signature: [@ msvcr80d.dll@0x3b10c] [@ QuickTime Plugin@0x1ecd0]
You need to log in before you can comment on or make changes to this bug.