Open
Bug 616361
Opened 14 years ago
Updated 2 years ago
OOM exception from excessive XML entity expansion
*
Summary:
OOM exception from excessive XML entity expansion
Categories
(Core :: Layout, defect)
Tracking
()
NEW
NEW
---
---
Iteration:
---
| a11y-review | |
| Accessibility Severity | |
| Webcompat Priority | |
| Webcompat Score | |
| Performance Impact |
| Tracking | Status | |
|---|---|---|
| relnote-firefox | ||
| thunderbird_esr115 | ||
| thunderbird_esr128 | ||
| firefox-esr115 | ||
| firefox-esr128 | ||
| firefox135 | ||
| firefox136 | ||
| firefox137 |
People
(Reporter: bsterne, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, stackwanted, testcase, Whiteboard: [sg:dos oom])
---
[sg:dos oom]
QA Whiteboard:
---
Has STR:
---
Change Request:
---
0
Bug Flags:
|
| ||||
Crash Data
Signature:
None
Security
(public)
This bug is publicly visible.
User Story
Attachments
(1 file)
|
331 bytes,
application/zip
|
Details |
Attached file
testcase (zipped)
— Details
Frank Boldewin reported the following to security@m.o. His stack showed he crashed in kernel32.dll, but when I loaded the testcase (attached) I got a crash in xul.dll, though unfortunately the crash report didn't have symbols. I haven't had a chance to look any further into the issue at this point. From his email:
------
hey,
i was playing with several XML parsers how they react, when it comes to XML bombs.
firefox 3.6.11 under windows just seems to crash after some time with a abnormal termination error.
my exception logger show me that the exception (code: e06d7363, this is a Microsoft C++ Exception) comes from kernel32.dll---->raiseexception
find attached a sample xml-bomb for testing ---> in the firefox url bar just type: c:\xml-bomb.xml
donno if this is what you've expected. maybe there is a better way to handle this in firefox.
cheers,
frank
--- Exception detected ---
PID: 2528 First Chance: YES
Exception code: e06d7363 (UNKNOWN)
Exception addr: 7c812afb
Image (from OpenProcess): C:\Programme\Mozilla Firefox\firefox.exe
Image (from EPROCESS) : firefox.exe
Param count : 3
Params:
19930520 0013a52c 781caa24
Eax: 0013a494 Edx: 781d7ba8 Ecx: 00000000 Ebx: 09e59b00
Esi: 0013a51c Edi: 1cb00008 Esp: 0013a490 Ebp: 0013a4e4
Eip: 7c812afb
EFlags: 00000206
CF: 0 PF: 1 AF: 0 ZF: 0 SF: 0 TF: 0
IF: 1 DF: 0 OF: 0 NT: 0 RF: 0 VM: 0
AC: 0 ID: 0
IOPL: 0 VIF: 0 VIP: 0
Stack:
05ffa54a e06d7363 00000001 00000000 7c812afb 00000003 19930520 0013a52c
781caa24 0000000c 78132e76 0081b08c 781a8a50 7813d051 0081b08c 781a8a50
Code:
[7c812afb] 5e POP ESI
[7c812afc] c9 LEAVE
[7c812afd] c2 1000 RET 0x10
[7c812b00] 85ff TEST EDI, EDI
[7c812b02] 0f8e 3693ffff JLE 0x7c80be3e
[7c812b08] 8b55 fc MOV EDX, [EBP-0x4]
[7c812b0b] 8955 0c MOV [EBP+0xc], EDX
[7c812b0e] 0fb716 MOVZX EDX, [ESI]
[7c812b11] 8b7d f8 MOV EDI, [EBP-0x8]
[7c812b14] 8a143a MOV DL, [EDX+EDI]
[7c812b17] 8811 MOV [ECX], DL
[7c812b19] 8b78 0c MOV EDI, [EAX+0xc]
[7c812b1c] 0fb6d2 MOVZX EDX, DL
[7c812b1f] 66 8b1457 MOV DX, [EDI+EDX*2]
[7c812b23] 66 3b16 CMP DX, [ESI]
[7c812b26] 0f85 0b8c0300 JNZ 0x7c84b737
|
||
Comment 1•14 years ago
|
||
view-source:jar:https://bug616361.bugzilla.mozilla.org/attachment.cgi?id=494894&t=ZkwLFsFAXR!/xml-bomb.xml
This seems to just be trying to generate a huge textnode.
I loaded the file in Linux 64 debug build. The process took 1.3 GB of RAM and didn't crash. It stopped responding to user events for a prolonged time (maybe a couple of minutes). That time was spent in font code apparently laying out the huge text node. The huge text node wasn't painted in the resulting XSLT-generated tree view and an attempt to collapse the 'kaboom' node made the process get entangled in gfxFontGroup for a prolonged time again.
|
||
Comment 3•14 years ago
|
||
We need at least a stack trace from windows here to know what rating to put on this bug.
Keywords: crash,
stackwanted
|
||
Comment 6•14 years ago
|
||
| crash-backtrace typo | ||
| Comment hidden (typo) |
(In reply to comment #3)
> We need at least a stack trace from windows here to know what rating to put on
> this bug.
Opened log file 'c:\firefox-debug_0be8_2010-12-19_21-44-38-328.log'
0:000> .childdbg 1
Processes created by the current process will be debugged
0:000> .tlist
0n0 System Process
0n4 System
0n2020 smss.exe
0n256 csrss.exe
0n296 winlogon.exe
0n328 services.exe
0n340 lsass.exe
0n540 ibmpmsvc.exe
0n572 ati2evxx.exe
0n596 svchost.exe
0n680 svchost.exe
0n1636 svchost.exe
0n1660 btwdins.exe
0n1740 S24EvMon.exe
0n1204 svchost.exe
0n1252 svchost.exe
0n1408 svchost.exe
0n1444 svchost.exe
0n716 ati2evxx.exe
0n924 spoolsv.exe
0n1056 svchost.exe
0n1976 trcboot.exe
0n424 mDNSResponder.exe
0n732 svchost.exe
0n500 EvtEng.exe
0n2416 mfevtps.exe
0n3120 RegSrvc.exe
0n3896 TPHDEXLG.exe
0n3928 uphclean.exe
0n3956 vmware-usbarbitrator.exe
0n3256 vmnat.exe
0n4060 cccredmgr.exe
0n204 vmware-authd.exe
0n1536 vmnetdhcp.exe
0n3536 alg.exe
0n3216 explorer.exe
0n2228 smax4pnp.exe
0n2348 TpShocks.exe
0n2368 SynTPLpr.exe
0n2380 SynTPEnh.exe
0n2484 rundll32.exe
0n2580 EZEJMNAP.EXE
0n2608 tpfnf7sp.exe
0n2812 TPOSDSVC.exe
0n2376 TPONSCR.exe
0n3808 TpScrex.exe
0n2640 fpassist.exe
0n3780 vmware-tray.exe
0n4320 wuauclt.exe
0n4716 ctfmon.exe
0n6072 AppleMobileDeviceService.exe
0n4580 SciTE.exe
0n3048 windbg.exe
0n3168 firefox.exe
0:000> sxn gp
0:000> |* lm
start end module name
00290000 0030b000 sqlite3 (private pdb symbols) c:\symbols\sqlite3.pdb\1BAFC49C00004BCB9A2A4A4E111D39321\sqlite3.pdb
00310000 00341000 nspr4 (private pdb symbols) c:\symbols\nspr4.pdb\F787D7B9247241689CD65A164D69241F1\nspr4.pdb
00350000 00368000 smime3 (private pdb symbols) c:\symbols\smime3.pdb\170D36FCB90B4E06A2D577C8E6E68AE41\smime3.pdb
00370000 00384000 nssutil3 (private pdb symbols) c:\symbols\nssutil3.pdb\7188D66E46CB4697BAF0D94FF049E7FD1\nssutil3.pdb
00390000 00397000 plc4 (private pdb symbols) c:\symbols\plc4.pdb\678D7414A7CC489291134EA05B19E7131\plc4.pdb
003a0000 003a7000 plds4 (private pdb symbols) c:\symbols\plds4.pdb\8885F9ABCC4A4265B2C2FAD0304873681\plds4.pdb
003b0000 003d1000 ssl3 (private pdb symbols) c:\symbols\ssl3.pdb\C4A53415B93E4A77B69DCEB1063699011\ssl3.pdb
003e0000 003e7000 xpcom (private pdb symbols) c:\symbols\xpcom.pdb\4DA33B9A17324C4FBF6A44B5040D56B22\xpcom.pdb
00400000 004e0000 firefox (private pdb symbols) c:\symbols\firefox.pdb\5F0662B9EA55440192592EA0466AA8412\firefox.pdb
004e0000 005da000 js3250 (private pdb symbols) c:\symbols\js3250.pdb\69F17842AE164654A7D27C2518CB49612\js3250.pdb
005e0000 0067d000 nss3 (private pdb symbols) c:\symbols\nss3.pdb\CFCECAA4E5D7442F81E09CA566EE4E6B1\nss3.pdb
10000000 10b55000 xul (private pdb symbols) c:\symbols\xul.pdb\CE2DF3F0B6EE465A9E403E5F147CEF692\xul.pdb
71a00000 71a08000 WS2HELP (pdb symbols) c:\symbols\ws2help.pdb\6049CF5877C54E2AB512ABC1B4B2E7992\ws2help.pdb
71a10000 71a27000 WS2_32 (pdb symbols) c:\symbols\ws2_32.pdb\A7605F8695A34329B38DDB8421A004CA2\ws2_32.pdb
71a30000 71a3a000 WSOCK32 (pdb symbols) c:\symbols\wsock32.pdb\2B38FE8F84144DACB8A4FD07C05E49FC2\wsock32.pdb
72f70000 72f96000 WINSPOOL (pdb symbols) c:\symbols\winspool.pdb\5199B63B39904A05A517CEE5158071522\winspool.pdb
75790000 757fb000 USP10 (pdb symbols) c:\symbols\usp10.pdb\D4BA2952809F469BB6D1D3AF6B956E6B1\usp10.pdb
76320000 76325000 MSIMG32 (pdb symbols) c:\symbols\msimg32.pdb\D2E18526D8234F4BB5A85DE12E71DE812\msimg32.pdb
76330000 7634d000 IMM32 (pdb symbols) c:\symbols\imm32.pdb\F7A5B5DB13324153B57AAF340C77EA512\imm32.pdb
76350000 7639a000 COMDLG32 (pdb symbols) c:\symbols\comdlg32.pdb\026A6FF770FD4E6186ADBBE96DFFA99C2\comdlg32.pdb
76af0000 76b1e000 WINMM (pdb symbols) c:\symbols\winmm.pdb\90FC96D5AD8440A2B14855895BD92ED62\winmm.pdb
770f0000 7717b000 OLEAUT32 (pdb symbols) c:\symbols\oleaut32.pdb\F2A209009B694EFCAD1A6CE9D992EBC12\oleaut32.pdb
773a0000 774a3000 COMCTL32 (pdb symbols) c:\symbols\MicrosoftWindowsCommon-Controls-6.0.2600.6028-comctl32.pdb\E882C2C890724D598449E20A4FE6F07C1\MicrosoftWindowsCommon-Controls-6.0.2600.6028-comctl32.pdb
774b0000 775ee000 ole32 (pdb symbols) c:\symbols\ole32.pdb\0E73207536D64E9C9FB83C682ED9E5852\ole32.pdb
77bd0000 77bd8000 VERSION (pdb symbols) c:\symbols\version.pdb\EA3D1BD3FE65475C8449C8D8B00722962\version.pdb
77be0000 77c38000 msvcrt (pdb symbols) c:\symbols\msvcrt.pdb\7BCF30D8C91B4F1B85FA4E55896250111\msvcrt.pdb
77da0000 77e4a000 ADVAPI32 (pdb symbols) c:\symbols\advapi32.pdb\F759D3F1C6614313B07C84BC33F02E4D2\advapi32.pdb
77e50000 77ee3000 RPCRT4 (pdb symbols) c:\symbols\rpcrt4.pdb\1A465C67828242F28A8C70E3B9D5C4772\rpcrt4.pdb
77ef0000 77f39000 GDI32 (pdb symbols) c:\symbols\gdi32.pdb\372C0F0E08FB456EAB7B4CB2B53E27952\gdi32.pdb
77f40000 77fb6000 SHLWAPI (pdb symbols) c:\symbols\shlwapi.pdb\483E8894476B412DABC2FBA7F470E39A2\shlwapi.pdb
77fc0000 77fd1000 Secur32 (pdb symbols) c:\symbols\secur32.pdb\7867B3F28B5C41CE847895E3FC013DC52\secur32.pdb
78130000 781e0000 MOZCRT19 (private pdb symbols) c:\symbols\MOZCRT19.pdb\858730465F3145B29B80F27A3951F51D1\MOZCRT19.pdb
7c420000 7c4cf000 MOZCPP19 (private pdb symbols) c:\symbols\MOZCPP19.pdb\34C925AE579D4137997D5DA3BCFD97F91\MOZCPP19.pdb
7c800000 7c908000 kernel32 (pdb symbols) c:\symbols\kernel32.pdb\072FF0EB54D24DFAAE9D13885486EE092\kernel32.pdb
7c910000 7c9c9000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\6992F4DAF4B144068D78669D6CB5D2072\ntdll.pdb
7e360000 7e3f1000 USER32 (pdb symbols) c:\symbols\user32.pdb\D18A41B74E7F458CAAAC1847E2D8BF022\user32.pdb
7e670000 7ee91000 SHELL32 (pdb symbols) c:\symbols\shell32.pdb\D664FA74256F458FBBCC8D4A941819392\shell32.pdb
0:000> g
ModLoad: 5cf00000 5cf26000 C:\WINNT\system32\ShimEng.dll
ModLoad: 5b0f0000 5b128000 C:\WINNT\system32\uxtheme.dll
ModLoad: 59dd0000 59e71000 C:\WINNT\system32\dbghelp.dll
ModLoad: 746a0000 746ec000 C:\WINNT\system32\MSCTF.dll
ModLoad: 63000000 63014000 C:\WINNT\system32\SynTPFcs.dll
ModLoad: 778f0000 779e4000 C:\WINNT\system32\SETUPAPI.dll
ModLoad: 77b10000 77b32000 C:\WINNT\system32\apphelp.dll
ModLoad: 75250000 7527e000 C:\WINNT\system32\msctfime.ime
ModLoad: 76f90000 7700f000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77010000 770e3000 C:\WINNT\system32\COMRes.dll
ModLoad: 01640000 01648000 C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
ModLoad: 719b0000 719f0000 C:\WINNT\system32\mswsock.dll
ModLoad: 66710000 66769000 C:\WINNT\system32\hnetcfg.dll
ModLoad: 719f0000 719f8000 C:\WINNT\System32\wshtcpip.dll
ModLoad: 76d20000 76d39000 C:\WINNT\system32\iphlpapi.dll
ModLoad: 76ee0000 76f07000 C:\WINNT\system32\DNSAPI.dll
ModLoad: 76f70000 76f78000 C:\WINNT\System32\winrnr.dll
ModLoad: 76f20000 76f4d000 C:\WINNT\system32\WLDAP32.dll
ModLoad: 750f0000 7510e000 C:\WINNT\system32\wshbth.dll
ModLoad: 64000000 64025000 c:\Programme\Bonjour\mdnsNSP.dll
ModLoad: 73c50000 73c71000 C:\WINNT\system32\t2embed.dll
ModLoad: 73dc0000 73dc3000 C:\WINNT\system32\LZ32.dll
ModLoad: 016d0000 016f4000 C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
ModLoad: 77660000 77681000 C:\WINNT\system32\NTMARTA.DLL
ModLoad: 71b70000 71b83000 C:\WINNT\system32\SAMLIB.dll
ModLoad: 03500000 037d9000 C:\WINNT\system32\xpsp2res.dll
ModLoad: 597d0000 59825000 C:\WINNT\system32\netapi32.dll
ModLoad: 452e0000 45413000 C:\WINNT\system32\urlmon.dll
ModLoad: 40f50000 41138000 C:\WINNT\system32\iertutil.dll
Symbol search path is: SRV*c:\symbols*http://symbols.mozilla.org/firefox;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;srv*
Executable search path is:
ModLoad: 00400000 0040c000 jqsnotify.exe
ModLoad: 7c910000 7c9c9000 ntdll.dll
ModLoad: 7c800000 7c908000 C:\WINNT\system32\kernel32.dll
ModLoad: 71a10000 71a27000 C:\WINNT\system32\WS2_32.dll
ModLoad: 77da0000 77e4a000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee3000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000 C:\WINNT\system32\Secur32.dll
ModLoad: 77be0000 77c38000 C:\WINNT\system32\msvcrt.dll
ModLoad: 71a00000 71a08000 C:\WINNT\system32\WS2HELP.dll
ModLoad: 7c340000 7c396000 C:\Programme\Java\jre6\bin\MSVCR71.dll
(12bc.ab0): Break instruction exception - code 80000003 (first chance)
eax=00261eb4 ebx=7ffde000 ecx=00000003 edx=00000008 esi=00261f48 edi=00261eb4
eip=7c91120e esp=0013fb20 ebp=0013fc94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!DbgBreakPoint:
7c91120e cc int 3
1:013> g
ModLoad: 5cf00000 5cf26000 C:\WINNT\system32\ShimEng.dll
ModLoad: 719b0000 719f0000 C:\WINNT\system32\mswsock.dll
ModLoad: 66710000 66769000 C:\WINNT\system32\hnetcfg.dll
ModLoad: 03400000 03426000 C:\Programme\Mozilla Firefox\softokn3.dll
ModLoad: 03430000 03448000 C:\Programme\Mozilla Firefox\nssdbm3.dll
ModLoad: 77ef0000 77f39000 C:\WINNT\system32\GDI32.dll
ModLoad: 7e360000 7e3f1000 C:\WINNT\system32\USER32.dll
ModLoad: 76330000 7634d000 C:\WINNT\system32\IMM32.DLL
ModLoad: 03450000 03491000 C:\Programme\Mozilla Firefox\freebl3.dll
ModLoad: 034a0000 034f2000 C:\Programme\Mozilla Firefox\nssckbi.dll
ModLoad: 719f0000 719f8000 C:\WINNT\System32\wshtcpip.dll
ModLoad: 76f80000 76f86000 C:\WINNT\system32\rasadhlp.dll
ModLoad: 73aa0000 73ab5000 C:\WINNT\system32\mscms.dll
(12bc.ab0): C++ EH exception - code e06d7363 (first chance)
eax=00000000 ebx=00000000 ecx=7c800000 edx=7c98e120 esi=7c91de6e edi=00000000
eip=7c91e514 esp=0013fdcc ebp=0013fec8 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
7c91e514 c3 ret
1:013> g
ModLoad: 021d0000 021e1000 C:\Programme\Lenovo\HOTKEY\hkvolkey.dll
ModLoad: 7e1e0000 7e353000 C:\WINNT\system32\shdocvw.dll
ModLoad: 77a50000 77ae6000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77af0000 77b02000 C:\WINNT\system32\MSASN1.dll
ModLoad: 76880000 76905000 C:\WINNT\system32\CRYPTUI.dll
ModLoad: 408b0000 40996000 C:\WINNT\system32\WININET.dll
ModLoad: 06660000 06669000 C:\WINNT\system32\Normaliz.dll
ModLoad: 76bf0000 76c1e000 C:\WINNT\system32\WINTRUST.dll
ModLoad: 76c50000 76c78000 C:\WINNT\system32\IMAGEHLP.dll
ModLoad: 74db0000 74e1d000 C:\WINNT\system32\RichEd20.dll
(c60.9fc): C++ EH exception - code e06d7363 (first chance)
(c60.9fc): C++ EH exception - code e06d7363 (!!! second chance !!!)
eax=0013a4d4 ebx=042f3040 ecx=00000000 edx=781d7ba8 esi=0013a55c edi=1cb00008
eip=7c812afb esp=0013a4d0 ebp=0013a524 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
kernel32!RaiseException+0x53:
7c812afb 5e pop esi
0:000> |* ~* kp
. 0 Id: c60.9fc Suspend: 1 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr
0013a524 7815c52b kernel32!RaiseException+0x53
0013a55c 78164f13 MOZCRT19!_CxxThrowException(void * pExceptionObject = 0x0013a56c, struct _s__ThrowInfo * pThrowInfo = 0x781caa34)+0x46 [f:\sp\vctools\crt_bld\self_x86\crt\prebuild\eh\throw.cpp @ 161]
0013a574 101102b1 MOZCRT19!operator new(unsigned int size = 0x100c7b4c)+0x73 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\new.cpp @ 61]
0013aaf8 100c7b4c xul!TextRunWordCache::MakeTextRun(unsigned char * aText = 0x00000000 "", unsigned int aLength = 0x5ffa54a, class gfxFontGroup * aFontGroup = 0x042f3040, struct gfxTextRunFactory::Parameters * aParams = 0x0013abd0, unsigned int aFlags = 0x1100120)+0x91 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\gfx\thebes\src\gfxtextrunwordcache.cpp @ 709]
0013ab24 100fc0d7 xul!MakeTextRun(unsigned char * aText = 0x00000001 "--- memory read error at address 0x00000001 ---", unsigned int aLength = 0x8000000a, class gfxFontGroup * aFontGroup = 0x00000000, struct gfxTextRunFactory::Parameters * aParams = 0x01d4e500, unsigned int aFlags = 0x781d7ba8)+0x3c [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 517]
0013c024 10110ebc xul!BuildTextRunsScanner::BuildTextRunForFrames(void * aTextBuffer = 0x00000000)+0x727 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1853]
0013d054 100e93ba xul!BuildTextRunsScanner::FlushFrames(int aFlushLineBreaks = <Memory access error>, int aSuppressTrailingBreak = 0)+0xac [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1272]
0013d0cc 100c33c4 xul!BuildTextRuns(class gfxContext * aContext = <Memory access error>, class nsTextFrame * aForFrame = <Memory access error>, class nsIFrame * aLineContainer = 0x00000000, class nsLineList_iterator * aForFrameLine = <Memory access error>)+0x32a [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1206]
0013d110 100c3baa xul!nsRuleNode::SetFont(class nsPresContext * aPresContext = 0x01d4e010, class nsStyleContext * aContext = 0x0013a4d4, int aMinFontSize = 1299184, unsigned char aGenericFontID = 0x01 '', struct nsRuleDataFont * aFontData = 0x01d70fd0, struct nsStyleFont * aParentFont = 0x000004b0, struct nsStyleFont * aFont = 0x04391a80, int aUsedStartStruct = 70851200, int * aCanStoreInRuleTree = 0x0013e920)+0x234 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\style\nsrulenode.cpp @ 2867]
0013d214 00000000 xul!nsRuleNode::ComputeFontData(void * aStartStruct = 0x00000000, struct nsCSSStruct * aData = 0x781d7ba8, class nsStyleContext * aContext = 0x04471660, class nsRuleNode * aHighestNode = 0x00000000, nsRuleNode::RuleDetail aRuleDetail = 1301232 (No matching enumerant), int aCanStoreInRuleTree = 1)+0x1fa [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\style\nsrulenode.cpp @ 3046]
1 Id: c60.1d8 Suspend: 1 Teb: 7ffde000 Unfrozen
ChildEBP RetAddr
00f8ff28 7c91df5a ntdll!KiFastSystemCallRet
00f8ff2c 7c8025db ntdll!ZwWaitForSingleObject+0xc
00f8ff90 7c802542 kernel32!WaitForSingleObjectEx+0xa8
00f8ffa4 1024214e kernel32!WaitForSingleObject+0x12
00f8ffb4 7c80b729 xul!google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain(void * lpParameter = 0x00000000)+0x13 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\toolkit\crashreporter\google-breakpad\src\client\windows\handler\exception_handler.cc @ 401]
00f8ffec 00000000 kernel32!BaseThreadStart+0x37
2 Id: c60.ebc Suspend: 1 Teb: 7ffdd000 Unfrozen "Gecko_IOThread"
ChildEBP RetAddr
0162fd84 7c91da4a ntdll!KiFastSystemCallRet
0162fd88 7c80a7e6 ntdll!NtRemoveIoCompletion+0xc
0162fdb4 1000247f kernel32!GetQueuedCompletionStatus+0x29
0162fde0 100024c3 xul!base::MessagePumpForIO::GetIOItem(unsigned long timeout = 0xffffffff, struct base::MessagePumpForIO::IOItem * item = 0x0162fdf8)+0x37 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.cc @ 528]
0162fe08 1022b83f xul!base::MessagePumpForIO::WaitForIOCompletion(unsigned long timeout = 0xffffffff, class base::MessagePumpForIO::IOHandler * filter = 0x00000000)+0x20 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.cc @ 499]
0162fe14 10204511 xul!base::MessagePumpForIO::WaitForWork(void)+0x1c [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.cc @ 493]
0162fe2c 1023dc65 xul!base::MessagePumpForIO::DoRunLoop(void)+0x68 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.cc @ 477]
0162fe48 1023dc77 xul!base::MessagePumpWin::RunWithDispatcher(class base::MessagePump::Delegate * delegate = 0x10a6498c, class base::MessagePumpWin::Dispatcher * dispatcher = 0x0162fe8c)+0x31 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.cc @ 54]
0162fe50 1022a073 xul!base::MessagePumpWin::Run(class base::MessagePump::Delegate * delegate = 0x1022a03b)+0xc [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_pump_win.h @ 78]
0162fe8c 1022a03b xul!MessageLoop::RunHandler(void)+0x26 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_loop.cc @ 200]
0162fec4 10229fd7 xul!MessageLoop::Run(void)+0x1f [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\message_loop.cc @ 174]
0162ffb0 1023f307 xul!base::Thread::ThreadMain(void)+0xbc [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\thread.cc @ 168]
0162ffb4 7c80b729 xul!`anonymous namespace'::ThreadFunc(void * closure = 0x00000000)+0x9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\ipc\chromium\src\base\platform_thread_win.cc @ 27]
0162ffec 00000000 kernel32!BaseThreadStart+0x37
3 Id: c60.14d0 Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr
018fff78 7c91da4a ntdll!KiFastSystemCallRet
018fff7c 719bd320 ntdll!NtRemoveIoCompletion+0xc
018fffb4 7c80b729 mswsock!SockAsyncThread+0x5a
018fffec 00000000 kernel32!BaseThreadStart+0x37
4 Id: c60.858 Suspend: 1 Teb: 7ffdb000 Unfrozen
ChildEBP RetAddr
019fcc00 7c91df5a ntdll!KiFastSystemCallRet
019fcc04 719b402b ntdll!ZwWaitForSingleObject+0xc
019fcc40 719b5fa7 mswsock!SockWaitForSingleObject+0x1a0
019fcd34 71a1314f mswsock!WSPSelect+0x25f
019fcd84 00330b6d WS2_32!select+0xb8
019ffdf4 00328363 nspr4!_PR_MD_PR_POLL(struct PRPollDesc * pds = 0x0080d4e4, int npds = 49163856, unsigned int timeout = 0xffffffff)+0x39d [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w32poll.c @ 289]
019ffe00 10093fd2 nspr4!PR_Poll(struct PRPollDesc * pds = 0xfeeefeee, int npds = -17891602, unsigned int timeout = 0xfeeefeee)+0x13 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\io\prio.c @ 173]
019ffe24 1009409a xul!nsSocketTransportService::Poll(int wait = -17891602, unsigned int * interval = 0xfeeefeee)+0x62 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\base\src\nssockettransportservice2.cpp @ 355]
019ffe4c 1009fbad xul!nsSocketTransportService::DoPollIteration(int wait = <Memory access error>)+0x8a [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\base\src\nssockettransportservice2.cpp @ 661]
019ffe60 100f42a1 xul!nsSocketTransportService::OnProcessNextEvent(class nsIThreadInternal * thread = 0x0081a510, int mayWait = 1, unsigned int depth = 0)+0x47 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\base\src\nssockettransportservice2.cpp @ 539]
019ffe90 101a0552 xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x2e1 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 508]
019ffeb0 10068d8a xul!NS_ProcessPendingEvents_P(class nsIThread * thread = 0x804b001e, unsigned int timeout = 0x81a510)+0x25 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 200]
019ffee0 100f41d0 xul!nsSocketTransportService::Run(void)+0xa0 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\base\src\nssockettransportservice2.cpp @ 581]
019fff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x210 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 533]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
5 Id: c60.1230 Suspend: 1 Teb: 7ffda000 Unfrozen
ChildEBP RetAddr
01affde0 7c91df4a ntdll!KiFastSystemCallRet
01affde4 7c809590 ntdll!ZwWaitForMultipleObjects+0xc
01affe80 7c80a115 kernel32!WaitForMultipleObjectsEx+0x12c
01affe9c 1023a5a9 kernel32!WaitForMultipleObjects+0x18
01affee0 100f41d0 xul!nsNotifyAddrListener::Run(void)+0x68 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\system\win32\nsnotifyaddrlistener.cpp @ 186]
01afff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x210 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 533]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
6 Id: c60.8ac Suspend: 1 Teb: 7ffd9000 Unfrozen
ChildEBP RetAddr
01bffe54 7c91df5a ntdll!KiFastSystemCallRet
01bffe58 7c8025db ntdll!ZwWaitForSingleObject+0xc
01bffebc 7c802542 kernel32!WaitForSingleObjectEx+0xa8
01bffed0 0032f3d9 kernel32!WaitForSingleObject+0x12
01bffef4 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x008aeec4, struct _MDLock * lock = 0x008aeddc, unsigned int timeout = 0xffffffff)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
01bfff14 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000005c8, struct PRCondVar * cvar = 0x00000010, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xffffffff)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
01bfff2c 004e12c8 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x008aee50, unsigned int timeout = 0xffffffff)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
01bfff44 004e129a js3250!JSBackgroundThread::work(void)+0x28 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\js\src\jstask.cpp @ 93]
01bfff4c 0032bdf9 js3250!start(void * arg = 0x0032e03d)+0xa [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\js\src\jstask.cpp @ 43]
01bfff6c 0032e03d nspr4!_PR_NativeRunThread(void * arg = 0x0082f780)+0x169 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\pruthr.c @ 448]
01bfff74 78132c28 nspr4!pr_root(void * arg = 0x78132cb6)+0xd [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95thred.c @ 122]
01bfffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
01bfffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
01bfffec 00000000 kernel32!BaseThreadStart+0x37
7 Id: c60.3c0 Suspend: 1 Teb: 7ffd8000 Unfrozen
ChildEBP RetAddr
01cffe5c 7c91df5a ntdll!KiFastSystemCallRet
01cffe60 7c8025db ntdll!ZwWaitForSingleObject+0xc
01cffec4 7c802542 kernel32!WaitForSingleObjectEx+0xa8
01cffed8 0032f3d9 kernel32!WaitForSingleObject+0x12
01cffefc 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x008aefe4, struct _MDLock * lock = 0x008ae0ec, unsigned int timeout = 0x3e8)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
01cfff1c 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000005c4, struct PRCondVar * cvar = 0x0080d954, struct PRLock * lock = 0x00000000, unsigned int timeout = 0x3e8)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
01cfff30 10243165 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x008aef70, unsigned int timeout = 0x3e8)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
01cfff4c 0032bdf9 xul!XPCJSRuntime::WatchdogMain(void * arg = 0x1002131a)+0x3d [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\js\src\xpconnect\src\xpcjsruntime.cpp @ 812]
01cfff6c 0032e03d nspr4!_PR_NativeRunThread(void * arg = 0x0082f8c0)+0x169 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\pruthr.c @ 448]
01cfff74 78132c28 nspr4!pr_root(void * arg = 0x78132cb6)+0xd [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95thred.c @ 122]
01cfffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
01cfffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
01cfffec 00000000 kernel32!BaseThreadStart+0x37
8 Id: c60.1454 Suspend: 1 Teb: 7ffd6000 Unfrozen
ChildEBP RetAddr
01fffde4 7c91df5a ntdll!KiFastSystemCallRet
01fffde8 7c8025db ntdll!ZwWaitForSingleObject+0xc
01fffe4c 7c802542 kernel32!WaitForSingleObjectEx+0xa8
01fffe60 0032f3d9 kernel32!WaitForSingleObject+0x12
01fffe84 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x0082eec4, struct _MDLock * lock = 0x0082eddc, unsigned int timeout = 0x23d)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
01fffea4 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000005c0, struct PRCondVar * cvar = 0x00000004, struct PRLock * lock = 0x00000000, unsigned int timeout = 0x23d)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
01fffeb8 1017558b nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x0082ee50, unsigned int timeout = 0x23d)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
01fffee0 100f41d0 xul!TimerThread::Run(void)+0x9b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\timerthread.cpp @ 344]
01ffff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x210 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 533]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
9 Id: c60.e5c Suspend: 1 Teb: 7ffd5000 Unfrozen
ChildEBP RetAddr
03f7fe3c 7c91df5a ntdll!KiFastSystemCallRet
03f7fe40 7c8025db ntdll!ZwWaitForSingleObject+0xc
03f7fea4 7c802542 kernel32!WaitForSingleObjectEx+0xa8
03f7feb8 0032f3d9 kernel32!WaitForSingleObject+0x12
03f7fedc 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x02ee2414, struct _MDLock * lock = 0x02ee232c, unsigned int timeout = 0xffffffff)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
03f7fefc 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000004ec, struct PRCondVar * cvar = 0x00000000, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xffffffff)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
03f7ff10 1021a891 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x02ee23a0, unsigned int timeout = 0xffffffff)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
03f7ff4c 0032bdf9 xul!nsSSLThread::Run(void)+0x57 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\security\manager\ssl\src\nssslthread.cpp @ 983]
03f7ff6c 0032e03d nspr4!_PR_NativeRunThread(void * arg = 0x01e789c0)+0x169 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\pruthr.c @ 448]
03f7ff74 78132c28 nspr4!pr_root(void * arg = 0x78132cb6)+0xd [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95thred.c @ 122]
03f7ffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
03f7ffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
03f7ffec 00000000 kernel32!BaseThreadStart+0x37
10 Id: c60.1128 Suspend: 1 Teb: 7ffd4000 Unfrozen
ChildEBP RetAddr
038dfe14 7c91daaa ntdll!KiFastSystemCallRet
038dfe18 77e565e3 ntdll!NtReplyWaitReceivePortEx+0xc
038dff80 77e56caf RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x12a
038dff88 77e56ad1 RPCRT4!RecvLotsaCallsWrapper+0xd
038dffa8 77e56c97 RPCRT4!BaseCachedThreadRoutine+0x79
038dffb4 7c80b729 RPCRT4!ThreadStartRoutine+0x1a
038dffec 00000000 kernel32!BaseThreadStart+0x37
11 Id: c60.169c Suspend: 1 Teb: 7ffaf000 Unfrozen
ChildEBP RetAddr
039dff1c 7c91d21a ntdll!KiFastSystemCallRet
039dff20 7c8023f1 ntdll!NtDelayExecution+0xc
039dff78 7c802455 kernel32!SleepEx+0x61
039dff88 774ce3d3 kernel32!Sleep+0xf
039dff94 774ce492 ole32!CROIDTable::WorkerThreadLoop+0x14
039dffa8 774ce4fa ole32!CRpcThread::WorkerLoop+0x1e
039dffb4 7c80b729 ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1b
039dffec 00000000 kernel32!BaseThreadStart+0x37
12 Id: c60.14b4 Suspend: 1 Teb: 7ffae000 Unfrozen
ChildEBP RetAddr
03e2fdc4 7c91df5a ntdll!KiFastSystemCallRet
03e2fdc8 7c8025db ntdll!ZwWaitForSingleObject+0xc
03e2fe2c 7c802542 kernel32!WaitForSingleObjectEx+0xa8
03e2fe40 0032f3d9 kernel32!WaitForSingleObject+0x12
03e2fe64 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x032e9b14, struct _MDLock * lock = 0x032e9a2c, unsigned int timeout = 0xea60)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
03e2fe84 0032ab51 nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x0000050c, struct PRCondVar * cvar = 0x0222c810, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xea60)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
03e2fea0 1019566e nspr4!PR_Wait(struct PRMonitor * mon = 0x0332e210, unsigned int ticks = 0xea60)+0x51 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\prmon.c @ 186]
03e2fee0 100f41d0 xul!nsThreadPool::Run(void)+0x11e [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthreadpool.cpp @ 211]
03e2ff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x210 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 533]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
13 Id: c60.6b4 Suspend: 1 Teb: 7ffaa000 Unfrozen
ChildEBP RetAddr
0507fdf4 7c91df5a ntdll!KiFastSystemCallRet
0507fdf8 7c8025db ntdll!ZwWaitForSingleObject+0xc
0507fe5c 7c802542 kernel32!WaitForSingleObjectEx+0xa8
0507fe70 0032f3d9 kernel32!WaitForSingleObject+0x12
0507fe94 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x04d99214, struct _MDLock * lock = 0x04d9912c, unsigned int timeout = 0xffffffff)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
0507feb4 0032ab51 nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000003f8, struct PRCondVar * cvar = 0x00002000, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xffffffff)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
0507fed4 101dfd91 nspr4!PR_Wait(struct PRMonitor * mon = 0x04d93590, unsigned int ticks = 0xffffffff)+0x51 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\prmon.c @ 186]
0507fee0 100f4388 xul!nsAutoMonitor::Wait(unsigned int interval = <Memory access error>)+0xc [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\dist\include\nsautolock.h @ 340]
0507ff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x3c8 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 521]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
14 Id: c60.16f4 Suspend: 1 Teb: 7ffad000 Unfrozen
ChildEBP RetAddr
0407fe54 7c91df5a ntdll!KiFastSystemCallRet
0407fe58 7c8025db ntdll!ZwWaitForSingleObject+0xc
0407febc 7c802542 kernel32!WaitForSingleObjectEx+0xa8
0407fed0 0032f3d9 kernel32!WaitForSingleObject+0x12
0407fef4 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x02ee25c4, struct _MDLock * lock = 0x02ee24dc, unsigned int timeout = 0xffffffff)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
0407ff14 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x000004d4, struct PRCondVar * cvar = 0x02ea2ce0, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xffffffff)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
0407ff28 1021a7f7 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x02ee2550, unsigned int timeout = 0xffffffff)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
0407ff4c 0032bdf9 xul!nsCertVerificationThread::Run(void)+0x36 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\security\manager\ssl\src\nscertverificationthread.cpp @ 138]
0407ff6c 0032e03d nspr4!_PR_NativeRunThread(void * arg = 0x01e78b00)+0x169 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\pruthr.c @ 448]
0407ff74 78132c28 nspr4!pr_root(void * arg = 0x78132cb6)+0xd [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95thred.c @ 122]
0407ffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
0407ffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
0407ffec 00000000 kernel32!BaseThreadStart+0x37
15 Id: c60.f88 Suspend: 1 Teb: 7ffac000 Unfrozen
ChildEBP RetAddr
0417fe24 7c91df5a ntdll!KiFastSystemCallRet
0417fe28 7c8025db ntdll!ZwWaitForSingleObject+0xc
0417fe8c 7c802542 kernel32!WaitForSingleObjectEx+0xa8
0417fea0 0032f3d9 kernel32!WaitForSingleObject+0x12
0417fec4 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x008adb14, struct _MDLock * lock = 0x008ad99c, unsigned int timeout = 0x493e0)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
0417fee4 0032b06b nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x00000448, struct PRCondVar * cvar = 0x03938700, struct PRLock * lock = 0x00000000, unsigned int timeout = 0x493e0)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
0417fef8 10002925 nspr4!PR_WaitCondVar(struct PRCondVar * cvar = 0x008adaa0, unsigned int timeout = 0x493e0)+0x3b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 547]
0417ff2c 1000282f xul!nsHostResolver::GetHostToLookup(class nsHostRecord ** result = 0x0417ff44)+0x79 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\dns\src\nshostresolver.cpp @ 774]
0417ff4c 0032bdf9 xul!nsHostResolver::ThreadFunc(void * arg = 0x0081cb80)+0x2c [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\netwerk\dns\src\nshostresolver.cpp @ 877]
0417ff6c 0032e03d nspr4!_PR_NativeRunThread(void * arg = 0x02db7b80)+0x169 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\pruthr.c @ 448]
0417ff74 78132c28 nspr4!pr_root(void * arg = 0x78132cb6)+0xd [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95thred.c @ 122]
0417ffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
0417ffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
0417ffec 00000000 kernel32!BaseThreadStart+0x37
16 Id: c60.e54 Suspend: 1 Teb: 7ffab000 Unfrozen
ChildEBP RetAddr
045ffdf4 7c91df5a ntdll!KiFastSystemCallRet
045ffdf8 7c8025db ntdll!ZwWaitForSingleObject+0xc
045ffe5c 7c802542 kernel32!WaitForSingleObjectEx+0xa8
045ffe70 0032f3d9 kernel32!WaitForSingleObject+0x12
045ffe94 0032af48 nspr4!_PR_MD_WAIT_CV(struct _MDCVar * cv = 0x043ad5c4, struct _MDLock * lock = 0x043ad4dc, unsigned int timeout = 0xffffffff)+0xc9 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\md\windows\w95cv.c @ 282]
045ffeb4 0032ab51 nspr4!_PR_WaitCondVar(struct PRThread * thread = 0x00000424, struct PRCondVar * cvar = 0x00000004, struct PRLock * lock = 0x00000000, unsigned int timeout = 0xffffffff)+0x58 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\combined\prucv.c @ 205]
045ffed4 101dfd91 nspr4!PR_Wait(struct PRMonitor * mon = 0x0444aa30, unsigned int ticks = 0xffffffff)+0x51 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\nsprpub\pr\src\threads\prmon.c @ 186]
045ffee0 100f4388 xul!nsAutoMonitor::Wait(unsigned int interval = <Memory access error>)+0xc [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\dist\include\nsautolock.h @ 340]
045fff10 10068e0c xul!nsThread::ProcessNextEvent(int mayWait = <Memory access error>, int * result = <Memory access error>)+0x3c8 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\xpcom\threads\nsthread.cpp @ 521]
00000000 00000000 xul!NS_ProcessNextEvent_P(class nsIThread * thread = <Memory access error>, int mayWait = <Memory access error>)+0x1b [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\xpcom\build\nsthreadutils.cpp @ 250]
17 Id: c60.14cc Suspend: 1 Teb: 7ffa9000 Unfrozen
ChildEBP RetAddr
0686fea4 7c91df4a ntdll!KiFastSystemCallRet
0686fea8 7c809590 ntdll!ZwWaitForMultipleObjects+0xc
0686ff44 77dc8631 kernel32!WaitForMultipleObjectsEx+0x12c
0686ffb4 7c80b729 ADVAPI32!WmipEventPump+0x230
0686ffec 00000000 kernel32!BaseThreadStart+0x37
18 Id: c60.fc0 Suspend: 1 Teb: 7ffa8000 Unfrozen
ChildEBP RetAddr
06a7fe88 7c91df4a ntdll!KiFastSystemCallRet
06a7fe8c 7c809590 ntdll!ZwWaitForMultipleObjects+0xc
06a7ff28 7c80a115 kernel32!WaitForMultipleObjectsEx+0x12c
06a7ff44 10242441 kernel32!WaitForMultipleObjects+0x18
06a7ff74 78132c28 xul!nsDownloadScannerWatchdog::WatchdogThread(void * p = 0xffffffff)+0x3f [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\toolkit\components\downloads\src\nsdownloadscanner.cpp @ 704]
06a7ffac 78132cb6 MOZCRT19!_callthreadstartex(void)+0x48 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 348]
06a7ffb4 7c80b729 MOZCRT19!_threadstartex(void * ptd = 0x00000000)+0x66 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\threadex.c @ 326]
06a7ffec 00000000 kernel32!BaseThreadStart+0x37
0:000> |* !analyze -v -f
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Programme\Lenovo\HOTKEY\hkvolkey.dll -
*** WARNING: Unable to verify checksum for C:\Programme\Mozilla Firefox\softokn3.dll
*** WARNING: Unable to verify checksum for C:\Programme\Mozilla Firefox\nssdbm3.dll
*** WARNING: Unable to verify checksum for C:\Programme\Mozilla Firefox\freebl3.dll
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\system32\xpsp2res.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\Normaliz.dll -
*** WARNING: Unable to verify checksum for C:\WINNT\system32\SynTPFcs.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SynTPFcs.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\Programme\Bonjour\mdnsNSP.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\iphlpapi.dll -
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
kernel32!RaiseException+53
7c812afb 5e pop esi
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 7c812afb (kernel32!RaiseException+0x00000053)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 3
Parameter[0]: 19930520
Parameter[1]: 0013a56c
Parameter[2]: 781caa34
!cppexr ffffffffffffffff
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: msvcrt!EHExceptionRecord ***
*** ***
*************************************************************************
FAULTING_THREAD: 000009fc
BUGCHECK_STR: e06d7363
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: firefox.exe
ERROR_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>
EXCEPTION_PARAMETER1: 19930520
EXCEPTION_PARAMETER2: 0013a56c
EXCEPTION_PARAMETER3: 781caa34
NTGLOBALFLAG: 4070
APPLICATION_VERIFIER_FLAGS: 0
LAST_CONTROL_TRANSFER: from 7815c52b to 7c812afb
STACK_TEXT:
0013a524 7815c52b e06d7363 00000001 00000003 kernel32!RaiseException+0x53
0013a55c 78164f13 0013a56c 781caa34 781ac11c MOZCRT19!_CxxThrowException+0x46 [f:\sp\vctools\crt_bld\self_x86\crt\prebuild\eh\throw.cpp @ 161]
0013a574 101102b1 1dfe3ad2 1cb00008 0013abd0 MOZCRT19!operator new+0x73 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\new.cpp @ 61]
0013aaf8 100c7b4c 05ffa54a 042f3040 0013abd0 xul!TextRunWordCache::MakeTextRun+0x91 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\gfx\thebes\src\gfxtextrunwordcache.cpp @ 709]
0013ab24 100fc0d7 1cb00008 05ffa54a 0013abd0 xul!MakeTextRun+0x3c [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 517]
0013c024 10110ebc 0013d0b0 01d4e540 0013d388 xul!BuildTextRunsScanner::BuildTextRunForFrames+0x727 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1853]
0013d054 100e93ba 00000001 00000000 0013d4a4 xul!BuildTextRunsScanner::FlushFrames+0xac [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1272]
0013d0cc 100c33c4 065a36a0 01d4e010 00000000 xul!BuildTextRuns+0x32a [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\generic\nstextframethebes.cpp @ 1206]
0013d110 100c3baa 05407800 00000000 00000000 xul!nsRuleNode::SetFont+0x234 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\style\nsrulenode.cpp @ 2867]
0013d214 00000000 00000000 04471660 00000000 xul!nsRuleNode::ComputeFontData+0x1fa [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\layout\style\nsrulenode.cpp @ 3046]
FOLLOWUP_IP:
MOZCRT19!operator new+73 [e:\builds\moz2_slave\release-mozilla-1.9.2-win32_build\build\obj-firefox\memory\jemalloc\crtsrc\new.cpp @ 61]
78164f13 83c40c add esp,0Ch
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: MOZCRT19!operator new+73
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: MOZCRT19
IMAGE_NAME: MOZCRT19.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4cf914e9
STACK_COMMAND: ~0s ; kb
BUCKET_ID: e06d7363_MOZCRT19!operator_new+73
WATSON_IBUCKET: -2077069680
WATSON_IBUCKETTABLE: 1
FAILURE_BUCKET_ID: APPLICATION_FAULT_e06d7363_MOZCRT19.dll!operator_new
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/firefox_exe/1_9_2_3989/4cf9293f/kernel32_dll/5_1_2600_5781/49c4f482/e06d7363/00012afb.htm?Retriage=1
Followup: MachineOwner
---------
0:000> |* lm
start end module name
00290000 0030b000 sqlite3 (private pdb symbols) c:\symbols\sqlite3.pdb\1BAFC49C00004BCB9A2A4A4E111D39321\sqlite3.pdb
00310000 00341000 nspr4 (private pdb symbols) c:\symbols\nspr4.pdb\F787D7B9247241689CD65A164D69241F1\nspr4.pdb
00350000 00368000 smime3 (private pdb symbols) c:\symbols\smime3.pdb\170D36FCB90B4E06A2D577C8E6E68AE41\smime3.pdb
00370000 00384000 nssutil3 (private pdb symbols) c:\symbols\nssutil3.pdb\7188D66E46CB4697BAF0D94FF049E7FD1\nssutil3.pdb
00390000 00397000 plc4 (private pdb symbols) c:\symbols\plc4.pdb\678D7414A7CC489291134EA05B19E7131\plc4.pdb
003a0000 003a7000 plds4 (private pdb symbols) c:\symbols\plds4.pdb\8885F9ABCC4A4265B2C2FAD0304873681\plds4.pdb
003b0000 003d1000 ssl3 (private pdb symbols) c:\symbols\ssl3.pdb\C4A53415B93E4A77B69DCEB1063699011\ssl3.pdb
003e0000 003e7000 xpcom (private pdb symbols) c:\symbols\xpcom.pdb\4DA33B9A17324C4FBF6A44B5040D56B22\xpcom.pdb
00400000 004e0000 firefox (private pdb symbols) c:\symbols\firefox.pdb\5F0662B9EA55440192592EA0466AA8412\firefox.pdb
004e0000 005da000 js3250 (private pdb symbols) c:\symbols\js3250.pdb\69F17842AE164654A7D27C2518CB49612\js3250.pdb
005e0000 0067d000 nss3 (private pdb symbols) c:\symbols\nss3.pdb\CFCECAA4E5D7442F81E09CA566EE4E6B1\nss3.pdb
01640000 01648000 browserdirprovider (private pdb symbols) c:\symbols\browserdirprovider.pdb\30FCB8D7C7C14D7291D79FEDA233476E2\browserdirprovider.pdb
016d0000 016f4000 brwsrcmp (private pdb symbols) c:\symbols\brwsrcmp.pdb\CD6EC47D18124B0F97885FA7485220612\brwsrcmp.pdb
021d0000 021e1000 hkvolkey (export symbols) C:\Programme\Lenovo\HOTKEY\hkvolkey.dll
03400000 03426000 softokn3 C (private pdb symbols) c:\symbols\softokn3.pdb\66C1E41B9EA84B23B4D01CDDECFE070B1\softokn3.pdb
03430000 03448000 nssdbm3 C (private pdb symbols) c:\symbols\nssdbm3.pdb\6E438EB5AA08487482E4B11A7EEE864C1\nssdbm3.pdb
03450000 03491000 freebl3 C (private pdb symbols) c:\symbols\freebl3.pdb\2CE8BA54C37244EBB3E940C8515F896A1\freebl3.pdb
034a0000 034f2000 nssckbi (private pdb symbols) c:\symbols\nssckbi.pdb\5248B37A3C4F46DF8C9A4E96ED8E7CCA1\nssckbi.pdb
03500000 037d9000 xpsp2res (no symbols)
06660000 06669000 Normaliz (export symbols) C:\WINNT\system32\Normaliz.dll
10000000 10b55000 xul (private pdb symbols) c:\symbols\xul.pdb\CE2DF3F0B6EE465A9E403E5F147CEF692\xul.pdb
408b0000 40996000 WININET (pdb symbols) c:\symbols\wininet.pdb\FD4687FC94A24A839D3978FA33AA7F6D2\wininet.pdb
40f50000 41138000 iertutil (pdb symbols) c:\symbols\iertutil.pdb\01BC9DFD01714DD592C3A1FB141A79682\iertutil.pdb
452e0000 45413000 urlmon (pdb symbols) c:\symbols\urlmon.pdb\1A568E0A69EF43FEA4C54E5ACDAF94DF2\urlmon.pdb
597d0000 59825000 netapi32 (pdb symbols) c:\symbols\netapi32.pdb\49D4D68E25CA4118A09AA9A66E7390E32\netapi32.pdb
59dd0000 59e71000 dbghelp (pdb symbols) c:\symbols\dbghelp.pdb\7FA1C63A9BF54470BCA31E35A94F49971\dbghelp.pdb
5b0f0000 5b128000 uxtheme (pdb symbols) c:\symbols\uxtheme.pdb\E99E16308F094767B1F07FB5C3E5E2462\uxtheme.pdb
63000000 63014000 SynTPFcs C (export symbols) C:\WINNT\system32\SynTPFcs.dll
64000000 64025000 mdnsNSP (export symbols) c:\Programme\Bonjour\mdnsNSP.dll
66710000 66769000 hnetcfg (pdb symbols) c:\symbols\HNetCfg.pdb\87332C2BFF6E42FCB89784A1D24EC2711\HNetCfg.pdb
719b0000 719f0000 mswsock (pdb symbols) c:\symbols\mswsock.pdb\CC64D9118D4E458292AF634D2C79EF662\mswsock.pdb
719f0000 719f8000 wshtcpip (pdb symbols) c:\symbols\wshtcpip.pdb\DE2E52603FFB406D9052C8D884A1AD722\wshtcpip.pdb
71a00000 71a08000 WS2HELP (pdb symbols) c:\symbols\ws2help.pdb\6049CF5877C54E2AB512ABC1B4B2E7992\ws2help.pdb
71a10000 71a27000 WS2_32 (pdb symbols) c:\symbols\ws2_32.pdb\A7605F8695A34329B38DDB8421A004CA2\ws2_32.pdb
71a30000 71a3a000 WSOCK32 (pdb symbols) c:\symbols\wsock32.pdb\2B38FE8F84144DACB8A4FD07C05E49FC2\wsock32.pdb
71b70000 71b83000 SAMLIB (pdb symbols) c:\symbols\samlib.pdb\4BB85DE79B104F1595F96DF1ADAC91C82\samlib.pdb
72f70000 72f96000 WINSPOOL (pdb symbols) c:\symbols\winspool.pdb\5199B63B39904A05A517CEE5158071522\winspool.pdb
73aa0000 73ab5000 mscms (pdb symbols) c:\symbols\mscms.pdb\CCA4C075EBA841D195A0C3BF597CB8112\mscms.pdb
73c50000 73c71000 t2embed (pdb symbols) c:\symbols\t2embed.pdb\E317B5562BDD4146973BB987D4D7B3F31\t2embed.pdb
73dc0000 73dc3000 LZ32 (pdb symbols) c:\symbols\lz32.pdb\3B7D84BD1\lz32.pdb
746a0000 746ec000 MSCTF (pdb symbols) c:\symbols\msctf.pdb\C52F0B4C00E94556AE999F228B0019662\msctf.pdb
750f0000 7510e000 wshbth (pdb symbols) c:\symbols\wshbth.pdb\93D0CB27F7D44CC2A4F908FA9D3C6C8C1\wshbth.pdb
75250000 7527e000 msctfime (pdb symbols) c:\symbols\msctfime.pdb\602288883AF44453979369233E091E641\msctfime.pdb
75790000 757fb000 USP10 (pdb symbols) c:\symbols\usp10.pdb\D4BA2952809F469BB6D1D3AF6B956E6B1\usp10.pdb
76320000 76325000 MSIMG32 (pdb symbols) c:\symbols\msimg32.pdb\D2E18526D8234F4BB5A85DE12E71DE812\msimg32.pdb
76330000 7634d000 IMM32 (pdb symbols) c:\symbols\imm32.pdb\F7A5B5DB13324153B57AAF340C77EA512\imm32.pdb
76350000 7639a000 COMDLG32 (pdb symbols) c:\symbols\comdlg32.pdb\026A6FF770FD4E6186ADBBE96DFFA99C2\comdlg32.pdb
76880000 76905000 CRYPTUI (pdb symbols) c:\symbols\cryptui.pdb\EBC7B38E15F9461D9BBC9317BBB7E8D42\cryptui.pdb
76af0000 76b1e000 WINMM (pdb symbols) c:\symbols\winmm.pdb\90FC96D5AD8440A2B14855895BD92ED62\winmm.pdb
76bf0000 76c1e000 WINTRUST (pdb symbols) c:\symbols\wintrust.pdb\8278C4CC6635458BAE3F9277B618F6C22\wintrust.pdb
76c50000 76c78000 IMAGEHLP (pdb symbols) c:\symbols\imagehlp.pdb\111D199988C249ACA0335F467A6311412\imagehlp.pdb
76d20000 76d39000 iphlpapi (export symbols) C:\WINNT\system32\iphlpapi.dll
76ee0000 76f07000 DNSAPI (pdb symbols) c:\symbols\dnsapi.pdb\8ECFCEE0D6814F54A2EEBA1F19DCE7412\dnsapi.pdb
76f20000 76f4d000 WLDAP32 (pdb symbols) c:\symbols\wldap32.pdb\AC04BCF6FF294FCEAC8B8D937CBA3A172\wldap32.pdb
76f70000 76f78000 winrnr (pdb symbols) c:\symbols\winrnr.pdb\9FE1A4669B69400FAC821A4367AA9CC52\winrnr.pdb
76f80000 76f86000 rasadhlp (pdb symbols) c:\symbols\rasadhlp.pdb\CCA669B1582847D0B330D7ABDB446A472\rasadhlp.pdb
76f90000 7700f000 CLBCATQ (pdb symbols) c:\symbols\clbcatq.pdb\8AE9C54730824764AAF39EA69F8D87582\clbcatq.pdb
77010000 770e3000 COMRes (pdb symbols) c:\symbols\COMRes.pdb\A02453A3EB42413FBFF95326893E977Df\COMRes.pdb
770f0000 7717b000 OLEAUT32 (pdb symbols) c:\symbols\oleaut32.pdb\F2A209009B694EFCAD1A6CE9D992EBC12\oleaut32.pdb
773a0000 774a3000 COMCTL32 (pdb symbols) c:\symbols\MicrosoftWindowsCommon-Controls-6.0.2600.6028-comctl32.pdb\E882C2C890724D598449E20A4FE6F07C1\MicrosoftWindowsCommon-Controls-6.0.2600.6028-comctl32.pdb
774b0000 775ee000 ole32 (pdb symbols) c:\symbols\ole32.pdb\0E73207536D64E9C9FB83C682ED9E5852\ole32.pdb
77660000 77681000 NTMARTA (pdb symbols) c:\symbols\ntmarta.pdb\EB9B3E21F92F4F51AD85D86F4D7741A82\ntmarta.pdb
778f0000 779e4000 SETUPAPI (pdb symbols) c:\symbols\setupapi.pdb\9D52182415AA4179960B37F4C694F90D2\setupapi.pdb
77a50000 77ae6000 CRYPT32 (pdb symbols) c:\symbols\crypt32.pdb\3D2E43BF4FF5446B83957512615FD0942\crypt32.pdb
77af0000 77b02000 MSASN1 (pdb symbols) c:\symbols\msasn1.pdb\1AED0D31142F496E83481A9BF3DEF1A52\msasn1.pdb
77b10000 77b32000 apphelp (pdb symbols) c:\symbols\apphelp.pdb\67A8FA70E1A74574815714DA307E21BB2\apphelp.pdb
77bd0000 77bd8000 VERSION (pdb symbols) c:\symbols\version.pdb\EA3D1BD3FE65475C8449C8D8B00722962\version.pdb
77be0000 77c38000 msvcrt (pdb symbols) c:\symbols\msvcrt.pdb\7BCF30D8C91B4F1B85FA4E55896250111\msvcrt.pdb
77da0000 77e4a000 ADVAPI32 (pdb symbols) c:\symbols\advapi32.pdb\F759D3F1C6614313B07C84BC33F02E4D2\advapi32.pdb
77e50000 77ee3000 RPCRT4 (pdb symbols) c:\symbols\rpcrt4.pdb\1A465C67828242F28A8C70E3B9D5C4772\rpcrt4.pdb
77ef0000 77f39000 GDI32 (pdb symbols) c:\symbols\gdi32.pdb\372C0F0E08FB456EAB7B4CB2B53E27952\gdi32.pdb
77f40000 77fb6000 SHLWAPI (pdb symbols) c:\symbols\shlwapi.pdb\483E8894476B412DABC2FBA7F470E39A2\shlwapi.pdb
77fc0000 77fd1000 Secur32 (pdb symbols) c:\symbols\secur32.pdb\7867B3F28B5C41CE847895E3FC013DC52\secur32.pdb
78130000 781e0000 MOZCRT19 (private pdb symbols) c:\symbols\MOZCRT19.pdb\858730465F3145B29B80F27A3951F51D1\MOZCRT19.pdb
7c420000 7c4cf000 MOZCPP19 (private pdb symbols) c:\symbols\MOZCPP19.pdb\34C925AE579D4137997D5DA3BCFD97F91\MOZCPP19.pdb
7c800000 7c908000 kernel32 (pdb symbols) c:\symbols\kernel32.pdb\072FF0EB54D24DFAAE9D13885486EE092\kernel32.pdb
7c910000 7c9c9000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\6992F4DAF4B144068D78669D6CB5D2072\ntdll.pdb
7e1e0000 7e353000 shdocvw (pdb symbols) c:\symbols\shdocvw.pdb\99022E5B6409403F9B3C36D9AC9D79E82\shdocvw.pdb
7e360000 7e3f1000 USER32 (pdb symbols) c:\symbols\user32.pdb\D18A41B74E7F458CAAAC1847E2D8BF022\user32.pdb
7e670000 7ee91000 SHELL32 (pdb symbols) c:\symbols\shell32.pdb\D664FA74256F458FBBCC8D4A941819392\shell32.pdb
Unloaded modules:
5cf00000 5cf26000 ShimEng.dll
00000001 4802bfa5 Ed20.dll
|
||
Comment 7•14 years ago
|
||
ugh--please save dumps in a file and add them as attachments. Making the bug unreadable doesn't help.
|
|
||
Updated•14 years ago
|
Whiteboard: [sg:dos oom]
|
|
||
Updated•13 years ago
|
Group: core-security
|
|
||
Updated•13 years ago
|
Summary: Investigate crash from "XML bomb" → OOM exception from excessive XML entity expansion
|
||
Comment 8•9 years ago
|
||
Note: I tagged comment 7 as "typo" to autocollapse it, so that this bug remains readable. (Readers can expand it with "+", if they want to see the crash backtrace.)
It basically just shows us OOM'ing in TextRunWordCache::MakeTextRun, which confirms what bz said in comment 1.
See also similar bug 1192544, which has us OOM'ing in parser code, from a similar testcase that uses a nested mega-<!ENTITY> in a SVG or XML attribute.
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•