Crash [@ FlashPlayer-10.4-10.5@0x9d249] [@ __CFStringEncodingIsDecomposableCharacter] [@dyld_stub_objc_msgSend] [@ dyld_stub_sprintf]

RESOLVED WORKSFORME

Status

External Software Affecting Firefox
Flash (Adobe)
--
critical
RESOLVED WORKSFORME
7 years ago
2 years ago

People

(Reporter: bc, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

7 years ago
Flash Version: 10.1.102.64 Mac OS X

1. http://www.thunderdomesystems.com/ in 1.9.1, 1.9.2, 2.0.0
2. crash the entire browser (opt, debug 1.9.1, 1.9.2, debug 2.0.0 not sure about opt 2.0.0 yet.).

Filing this under Core:Plugins since OOP ought to protect us?

In the sisyphus crash automation I saw:

Operating system: Mac OS X
                  10.5.8 9L34
CPU: x86
     GenuineIntel family 6 model 26 stepping 5
     1 CPU

Crash reason:  EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE
Crash address: 0x13d77000

Thread 0 (crashed)
 0  FlashPlayer-10.4-10.5 + 0x9d249
    eip = 0x12c1d249   esp = 0xbfff9b80   ebp = 0xbfff9ba8   ebx = 0x12eb7211
    esi = 0x0007d473   edi = 0x13d76ff8   eax = 0x00000000   ecx = 0x13d76ffe
    edx = 0x1419d5bd   efl = 0x00210293
    Found by: given as instruction pointer in context
 1  FlashPlayer-10.4-10.5 + 0xfc409
    eip = 0x12c7c40a   esp = 0xbfff9bb0   ebp = 0xbfff9bc8
    Found by: previous frame's frame pointer
 2  FlashPlayer-10.4-10.5 + 0x33726f
    eip = 0x12eb7270   esp = 0xbfff9bd0   ebp = 0xbfff9c18
    Found by: previous frame's frame pointer
 3  FlashPlayer-10.4-10.5 + 0x33af6b
    eip = 0x12ebaf6c   esp = 0xbfff9c20   ebp = 0xbfff9c48
    Found by: previous frame's frame pointer
 4  FlashPlayer-10.4-10.5 + 0x34b154
    eip = 0x12ecb155   esp = 0xbfff9c50   ebp = 0xbfff9ce8
    Found by: previous frame's frame pointer

bp-10163d67-1d49-4e8e-8d56-a10b32110107 is an example of this same stack.

A local debug build on mac os x 10.5 intel showed

1.9.1

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x22829000
0x1f71e249 in dyld_stub_objc_msgSend ()
(gdb) bt
#0  0x1f71e249 in dyld_stub_objc_msgSend ()
#1  0x1fc8243b in NP_Initialize ()
#2  0x1f77d40a in dyld_stub_objc_msgSend ()
#3  0x1f9b8270 in dyld_stub_objc_msgSend ()
#4  0x1f9bbf6c in dyld_stub_objc_msgSend ()
#5  0x1f8dede1 in dyld_stub_objc_msgSend ()
#6  0x1f9cbefb in dyld_stub_objc_msgSend ()
#7  0x1f9cc574 in dyld_stub_objc_msgSend ()
#8  0x1fb14948 in NP_Initialize ()

1.9.2

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x22c38000
0x2019d249 in dyld_stub_sprintf ()
(gdb) bt
#0  0x2019d249 in dyld_stub_sprintf ()
#1  0x22bf9718 in ?? ()
#2  0x201fc40a in dyld_stub_sprintf ()
#3  0x20437270 in dyld_stub_sprintf ()
#4  0x2043af6c in dyld_stub_sprintf ()
#5  0x2044b155 in dyld_stub_sprintf ()
#6  0x2044b574 in dyld_stub_sprintf ()
#7  0x20593948 in NP_Initialize ()
#8  0x205a09ea in NP_Initialize ()
#9  0x20516d48 in FlashPlayer_10_1_102_64_FlashPlayer ()

2.0.0

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x2910e000
0x27911249 in __CFStringEncodingIsDecomposableCharacter ()
(gdb) bt
#0  0x27911249 in __CFStringEncodingIsDecomposableCharacter ()
#1  0x282813d0 in fieldID_ShockwaveFlash_panModePixels ()
#2  0x2797040a in __CFStringEncodingIsDecomposableCharacter ()
#3  0x27bab270 in __CFStringEncodingIsDecomposableCharacter ()
#4  0x27baef6c in __CFStringEncodingIsDecomposableCharacter ()
#5  0x27bbf155 in __CFStringEncodingIsDecomposableCharacter ()
#6  0x27bbf574 in __CFStringEncodingIsDecomposableCharacter ()
#7  0x27d0af19 in NP_Initialize ()

Comment 1

7 years ago
OOPP is 10.6 only. OOPP does protect us on 10.6.

It looks like this is purely a Flash bug.
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Version: Trunk → unspecified

Updated

7 years ago
Version: unspecified → 10.x

Updated

7 years ago
Severity: normal → critical
Keywords: crash
(Assignee)

Updated

7 years ago
Crash Signature: [@ FlashPlayer-10.4-10.5@0x9d249] [@ __CFStringEncodingIsDecomposableCharacter] [@dyld_stub_objc_msgSend] [@ dyld_stub_sprintf]
(Reporter)

Comment 2

7 years ago
Not reproducible with Flash 10.3.181.22
Status: NEW → RESOLVED
Crash Signature: [@ FlashPlayer-10.4-10.5@0x9d249] [@ __CFStringEncodingIsDecomposableCharacter] [@dyld_stub_objc_msgSend] [@ dyld_stub_sprintf] → [@ FlashPlayer-10.4-10.5@0x9d249] [@ __CFStringEncodingIsDecomposableCharacter] [@dyld_stub_objc_msgSend] [@ dyld_stub_sprintf]
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME

Comment 3

2 years ago
Version and milestone values are being reset to defaults as part of product refactoring.
Version: 10.x → unspecified
You need to log in before you can comment on or make changes to this bug.