Closed
Bug 607305
Opened 14 years ago
Closed 12 years ago
Crash with Adblock plus [@ PL_DHashTableOperate][@ PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy] at crash address 0x2c8
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 606667
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
It is a new crash signature. It happens only with Adblock plus. It is #43 top crasher in 4.0b8pre for the last week. Signature PL_DHashTableOperate UUID 878eef07-5092-45e0-b379-0b9d92101026 Time 2010-10-26 03:39:25.604585 Uptime 499630 Last Crash 1622695 seconds (2.7 weeks) before submission Install Age 499630 seconds (5.8 days) since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101020045139 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 23 stepping 7 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x2c8 App Notes AdapterVendorID: 10de, AdapterDeviceID: 0e22 Frame Module Signature [Expand] Source 0 xul.dll PL_DHashTableOperate obj-firefox/xpcom/build/pldhash.c:615 More reports at: http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=PL_DHashTableOperate&version=Firefox%3A4.0b8pre
Comment 1•14 years ago
|
||
First occurrence seems to be 20101019041714 build. All reports list 0x2c8 as crash address (null pointer dereference?), crashing at http://hg.mozilla.org/mozilla-central/annotate/26c47ba8064f/xpcom/glue/pldhash.c#l615. I found one report without extensions (http://crash-stats.mozilla.com/report/index/c7be0895-c36a-493a-92ff-46ad52101026) which might indicate that Adblock Plus only makes this crash more likely. Others have Adblock Plus installed - either version 1.2.2 or 1.3b, doesn't seem to matter. Unfortunately, the stack is missing. Is there any way to get some more info on where the crash is coming from?
Comment 2•14 years ago
|
||
bp-5bdf503e-e09a-47b0-802f-751c72101022 is the same crash and has extensions - but no Adblock Plus. That's the only one, all other reports either mention Adblock Plus or have no extensions at all.
bp-c7be0895-c36a-493a-92ff-46ad52101026 had a .dmp, and there's really no stack trace that windbg can make out. sorry.
Having NoScript installed and using the SuperGenPass bookmarklet on a site with password fields I can reliably trigger a crash with the same signature with the latest nightly builds. I believe this might related also because there are some similarities between ABP and NS (and both were affected by the introductions of compartments).
Automated crash reports from two different machines running different OS on new profiles with only the the latest dev version of the NoScript add-on installed: on Windows 7 http://crash-stats.mozilla.com/report/index/91102161-b161-46c1-9392-943622101116 http://crash-stats.mozilla.com/report/index/5001ccb4-be91-405e-9e72-c7eee2101116 on Ubuntu http://crash-stats.mozilla.com/report/index/38b56af8-02df-42ec-93cc-b04232101116
Reporter | ||
Updated•14 years ago
|
Summary: crash with Adblock plus [@ PL_DHashTableOperate ] → Crash with Adblock plus [@ PL_DHashTableOperate ] at crash address 0x2c8
Signature PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy UUID 38b56af8-02df-42ec-93cc-b04232101116 Time 2010-11-16 06:25:03.557417 Uptime 14 Last Crash 72 seconds before submission Install Age 76194 seconds (21.2 hours) since version was first installed. Product Firefox-4.0 Version 4.0b8pre Build ID 20101112074138 OS Linux OS Version 0.0.0 Linux 2.6.37-3-generic-pae #11-Ubuntu SMP Fri Nov 12 02:27:02 UTC 2010 i686 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 13 Crash Reason SIGSEGV Crash Address 0x24 User Comments SuperGenPass bookmarklet Processor Notes EMCheckCompatibility False Bugzilla - Report this Crash Crashing Thread Frame Module Signature [Expand] Source 0 libxul.so PL_DHashTableOperate pldhash.c:615 1 libxul.so nsScriptSecurityManager::LookupPolicy nsScriptSecurityManager.cpp:1216 2 libxul.so nsScriptSecurityManager::CheckPropertyAccessImpl nsScriptSecurityManager.cpp:721 3 libxul.so nsScriptSecurityManager::CanAccess nsScriptSecurityManager.cpp:3177 4 libxul.so XPCWrappedNative::CallMethod xpcwrappednative.cpp:2258 5 libxul.so XPCWrappedNative::GetAttribute xpcprivate.h:2646 6 libxul.so XPC_WN_GetterSetter xpcwrappednativejsops.cpp:1636 7 libxul.so js::Invoke jscntxtinlines.h:684 8 libxul.so js::ExternalInvoke jsinterp.cpp:881 9 libxul.so js::ExternalGetOrSet jsinterp.h:954 10 libxul.so js_GetProperty jsscopeinlines.h:246 11 libxul.so JSWrapper::get jsobj.h:1075 12 libxul.so js::proxy_GetProperty jsproxy.cpp:763 13 libxul.so InlineGetProp jsobj.h:1075 14 libxul.so js::mjit::stubs::GetProp StubCalls.cpp:1997 15 @0xad451109 16 libxul.so js::mjit::JaegerShot MethodJIT.cpp:739 17 libxul.so js::Invoke jsinterp.cpp:662 18 libxul.so js_fun_apply jsfun.cpp:2341 19 @0xae5b6194 20 libxul.so js::mjit::JaegerShot MethodJIT.cpp:739 21 libxul.so js::Invoke jsinterp.cpp:662 22 libxul.so js::ExternalInvoke jsinterp.cpp:881 23 libxul.so JS_CallFunctionValue jsinterp.h:954 24 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1694 25 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:577 26 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:95 27 libxul.so nsEventListenerManager::HandleEventSubType nsEventListenerManager.cpp:1112 28 libxul.so nsEventListenerManager::HandleEventInternal nsEventListenerManager.cpp:1208 29 libxul.so nsEventTargetChainItem::HandleEvent nsEventDispatcher.cpp:212 30 libxul.so nsEventTargetChainItem::HandleEventTargetChain nsEventDispatcher.cpp:341
sounds like a domain policy got killed and caps got confused
Component: Extension Compatibility → Security: CAPS
Product: Firefox → Core
QA Contact: extension.compatibility → caps
Summary: Crash with Adblock plus [@ PL_DHashTableOperate ] at crash address 0x2c8 → Crash with Adblock plus [@ PL_DHashTableOperate][@ PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy] at crash address 0x2c8
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ PL_DHashTableOperate]
[@ PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy]
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Crash Signature: [@ PL_DHashTableOperate]
[@ PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy] → [@ PL_DHashTableOperate]
[@ PL_DHashTableOperate | nsScriptSecurityManager::LookupPolicy(nsIPrincipal*, ClassInfoData&, int, unsigned int, ClassPolicy**, SecurityLevel*)]
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•