Last Comment Bug 630191 - Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.1.22 (or ClickPotatoLite 10.0 or QuestBrowse 1.0)
: Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_in...
Status: RESOLVED FIXED
[blocklist][hardblocker][Hardblocked ...
: crash, regression, topcrash
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows 7
: -- critical (vote)
: ---
Assigned To: Justin Scott [:fligtar]
:
Mentors:
: 631149 (view as bug list)
Depends on: 632984
Blocks:
  Show dependency treegraph
 
Reported: 2011-01-31 07:04 PST by Scoobidiver (away)
Modified: 2016-03-07 15:30 PST (History)
18 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
final+
?
?


Attachments

Description Scoobidiver (away) 2011-01-31 07:04:54 PST
It is #8 top crasher in 4.0b10 over the last week.

Signature	nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&)
UUID	22831dbc-e36b-409a-a4a1-b1ff82110131
Time 	2011-01-31 00:03:59.789793
Uptime	187
Last Crash	214 seconds (3.6 minutes) before submission
Install Age	387062 seconds (4.5 days) since version was first installed.
Product	Firefox
Version	4.0b10
Build ID	20110121161358
Branch	2.0
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	GenuineIntel family 6 model 30 stepping 5
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xffffffffc3671973
App Notes 	AdapterVendorID: 1002, AdapterDeviceID: 68c1, AdapterDriverVersion: 8.672.3.0

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	nsContentUtils::ASCIIToLower 	content/base/src/nsContentUtils.cpp:5075
1 	xul.dll 	nsDocument::GetElementsByTagName 	content/base/src/nsDocument.cpp:4557
2 		@0x30adbf 	
3 	mozillaps.dll 	mozillaps.dll@0x1e849 	
4 	mozillaps.dll 	mozillaps.dll@0x1e849 	
5 	mozillaps.dll 	mozillaps.dll@0x203af 	
6 	mozillaps.dll 	mozillaps.dll@0x203af 	
7 	mozillaps.dll 	mozillaps.dll@0x4557d 	
8 	mozillaps.dll 	mozillaps.dll@0xb53b 	
9 	mozillaps.dll 	mozillaps.dll@0x4be0b 	
10 	CmndFF.dll 	CmndFF.dll@0x15b2d 	
11 	mozillaps.dll 	mozillaps.dll@0x622c3 	
12 	mozillaps.dll 	mozillaps.dll@0x41ad0 	
13 	CmndFF.dll 	CmndFF.dll@0x1ab0a 	
14 	CmndFF.dll 	CmndFF.dll@0x1a9a3 	
15 	CmndFF.dll 	CmndFF.dll@0x16b0f 	
16 	CmndFF.dll 	CmndFF.dll@0x16ba5 	
17 	BrowserExtensionFF.dll 	BrowserExtensionFF.dll@0x1dc9 	
18 	BrowserExtensionFF.dll 	BrowserExtensionFF.dll@0x22d65 	
19 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
20 	xul.dll 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593
21 	xul.dll 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593
22 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
23 	xul.dll 	xul.dll@0x63aff 	
24 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
25 	mozjs.dll 	js::detail::HashTable<unsigned int const,js::HashSet<unsigned int,js::AtomHasher,js::SystemAllocPolicy>::SetOps,js::SystemAllocPolicy>::lookupForAdd 	js/src/jshashtable.h:591
26 	mozjs.dll 	js_AtomizeString 	js/src/jsatom.cpp:544
27 	mozjs.dll 	js::proxy_DefineProperty 	js/src/jsproxy.cpp:889
28 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
29 	mozjs.dll 	DefinePropertyById 	js/src/jsapi.cpp:3287
30 	mozjs.dll 	js_IndexToId 	js/src/jsarray.cpp:248
31 	mozjs.dll 	JS_DefineProperty 	js/src/jsapi.cpp:3332
32 	mozjs.dll 	JSObject::nativeSearch 	js/src/jsscope.h:676
33 	mozjs.dll 	GetPropertyDescriptorById 	js/src/jsapi.cpp:3515
34 	mozjs.dll 	JSObject::typeOf 	js/src/jsobj.h:1220
35 	mozjs.dll 	js::JSProxy::typeOf 	js/src/jsproxy.cpp:835
36 		@0xbf 	

More reports at:
https://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=nsContentUtils%3A%3AASCIIToLower%28nsAString_internal%20const%26%2C%20nsAString_internal%26%29
Comment 1 Sheila Mooney 2011-02-01 12:01:25 PST
#4 on Beta10 and one of the top 20 regressions not in 3.6.13.
Comment 2 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-01 12:56:21 PST
Extension correlation for ASCIIToLower in 20110201_Firefox_4.0b10-interesting-addons.txt.gz :

  nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&)|EXCEPTION_ACCESS_VIOLATION_READ (660 crashes)
     79% (520/660) vs.   1% (593/54673) ShopperReports@ShopperReports.com
     40% (261/660) vs.   1% (781/54673) ClickPotatoLite@ClickPotatoLite.com
     21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
     33% (216/660) vs.  19% (10151/54673) engine@conduit.com
      8% (53/660) vs.   0% (163/54673) HBLite@HBLite.com
     99% (652/660) vs.  93% (50876/54673) {972ce4c6-7e08-4474-a285-3208198ce6fd} (Default, https://addons.mozilla.org/addon/8150)
Comment 3 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-01 13:39:14 PST
(In reply to comment #2)
>      21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}

I found a site that calls this Adware.QuestBrowse
Comment 4 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-01 13:48:20 PST
(In reply to comment #2)
>      79% (520/660) vs.   1% (593/54673) ShopperReports@ShopperReports.com
>      40% (261/660) vs.   1% (781/54673) ClickPotatoLite@ClickPotatoLite.com
>      21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}

Google searches seem to suggest that all three of these are adware/malware, though shopper reports does have a legit-looking website.

We should probably consider blocklisting them.
Comment 5 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-01 21:02:31 PST
(Or some of them; some may just be correlated with others.  Then again, if they're malware, it might not matter.  Who decides?)
Comment 6 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-02 12:26:54 PST
So I think the minimum thing we should block is:

extension id: ShopperReports@ShopperReports.com
version: 3.1.22.0
Firefox versions: 3.7a1pre and higher

Based on the crash data, such a block would fix most of the crashes, and once it's in place we can see if any of the other extensions showing up as correlated need to be blocked as well (or they're just correlated with ShopperReports).


I suspect the extension is calling a method on an unfrozen interface (nsIDocument) without proper handling of binary compatibility issues.

(I tried installing the extension to see what minVersion/maxVersion its manifest reports, but the installer I downloaded into my VM didn't seem to install the extension.)
Comment 7 Justin Scott [:fligtar] 2011-02-03 21:36:14 PST
Kev, can you reach out to ShopperReports.com? This is a Firefox 4 softblocker.
Comment 8 Mike Beltzner [:beltzner, not reading bugmail] 2011-02-04 08:57:57 PST
This is a hard blocker, actually. #4 topcrash. We can either blocklist the extension or, perhaps more easily, add the DLL to our DLL blocklist.
Comment 9 Kev Needham [:kev] 2011-02-04 10:39:45 PST
This is, I believe, one of Pinball Publishing Network's (formerly Zango Cash, Inc.) crapware extensions. They basically create installers for apps that include/install the extensions, and pay distributors an install fee for putting it in. I can reach out, but don't expect any happy replies.
Comment 10 Vladimir Vukicevic [:vlad] [:vladv] 2011-02-04 12:48:58 PST
I would say blocklist the hell out of this, both CmndFF.dll and mozillaps.dll.
Comment 11 Kev Needham [:kev] 2011-02-04 12:50:13 PST
I second Comment #10, and will add a "damn hell" for additional emphasis.
Comment 12 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-04 13:27:26 PST
Shouldn't we generally prefer addon blocklisting over dll blocklisting when both would work?
Comment 13 Vladimir Vukicevic [:vlad] [:vladv] 2011-02-04 13:45:25 PST
I dunno, seems like we'd never want those dlls to load, no matter what addon they come from.  I would not be opposed to doing both, though!
Comment 14 [:Cww] 2011-02-04 17:43:12 PST
Just to confirm, DLL blocklisting is like add-on hardblocking right?  I'm pretty sure no one will miss this but I just want to know if people were going to get the "We've disabled X" message in case we need to explain it on SUMO.
Comment 15 [:Cww] 2011-02-04 17:49:47 PST
Also, per reports on sumo this is unwanted:

https://support.mozilla.com/en-US/questions/778682
https://support.mozilla.com/en-US/questions/777919

I'd suggest just doing an across the board blocklist rather than just for Firefox 4.
Comment 16 Justin Scott [:fligtar] 2011-02-06 18:57:26 PST
This bug was filed as a crash block, so I'd like to take care of that. If someone thinks this is malware and wants the block range extended based on that, please file a separate bug for further investigation.

The crashing version and range is only this, correct?

extension id: ShopperReports@ShopperReports.com
version: 3.1.22.0
Firefox versions: 3.7a1pre and higher

Kev, have they responded about whether they intend to fix the bug as described in comment #6?
Comment 17 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-06 20:57:34 PST
(In reply to comment #16)
> This bug was filed as a crash block, so I'd like to take care of that. If
> someone thinks this is malware and wants the block range extended based on
> that, please file a separate bug for further investigation.
> 
> The crashing version and range is only this, correct?
> 
> extension id: ShopperReports@ShopperReports.com
> version: 3.1.22.0
> Firefox versions: 3.7a1pre and higher

Actually, just looked at crash reports for 3.6, and it's also the primary cause of the PR_AtomicIncrement crashes on 3.6 (which is the #3 browser crash), and the same on 3.5.16 (again, PR_AtomicIncrement, #3 browser crash).

So I think the block should be for all Firefox versions.

But as far as fixing crashes, that's what's needed.
Comment 18 Scoobidiver (away) 2011-02-07 03:01:11 PST
*** Bug 631149 has been marked as a duplicate of this bug. ***
Comment 19 Justin Scott [:fligtar] 2011-02-07 12:12:45 PST
Alright, this is on staging:

<emItem id="ShopperReports@ShopperReports.com">
    <versionRange minVersion="3.1.22.0" maxVersion="3.1.22.0"/>
</emItem>

Any help testing it using these instructions ( https://wiki.mozilla.org/Blocklisting/Testing ) would be appreciated.

I went with a hardblock because it is limited to a single version and we've recently had disturbing numbers of users opting out of softblocks and still crashing.
Comment 20 Carsten Book [:Tomcat] 2011-02-09 02:13:06 PST
note this is rising up in crash-stats
Comment 21 Justin Scott [:fligtar] 2011-02-09 14:26:20 PST
bug 632984 filed for website update. as soon as that's live I'll push the block.
Comment 22 Justin Scott [:fligtar] 2011-02-09 17:04:18 PST
Blocked in production.
Comment 23 David Baron :dbaron: ⌚️UTC+2 (review requests must explain patch) 2011-02-14 15:37:48 PST
nsContentUtils::ASCIIToLower has fallen down to #76 browser crash for 4.0b11 when searching only the last 24 hours.  (The remaining crashes could just be an issue of blocklist uptake being slow for some users.)
Comment 24 Todd 2011-03-21 11:07:52 PDT
Thought I'd leave a comment on this bug just in case anyone who worked on it is CC'd by the change (and is still interested):

I'm one of the developers working on the shopperreports@shopperreports.com extension.  We tracked this crash down to issues with XPCOM glue in several of our supporting modules.  I believe we have it ironed out and we will re-deploy a new build of the extension in the next few days.  When we do, we'll be watching crash-stats.mozilla.com (wish we had found that site a long time ago) to make sure we don't create another headache like this one.

I see the business model this extension supports is not popular with everyone who worked on this bug.  I can't change the company's business model, but I can respond when there are issues with our software.  Please consider me a future point of contact regarding Pinball software if you need one--and I sincerely hope it will be for happier reasons than this.
Comment 25 riouxsam 2013-08-02 08:57:52 PDT
I would like to no if i can be un blocked if possible because i would like to continue playing card games in yahoo if possible in it a great site to play in and i would like to no the the problem why i was blocked in the first place if i did something wrong i would like to apologize from anywrong doing thank you for listening
Comment 26 Scoobidiver (away) 2013-08-02 09:02:00 PDT
riouxsam, do you have an extension blocked? Which one and which version?

Note You need to log in before you can comment on or make changes to this bug.