Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.1.22 (or ClickPotatoLite 10.0 or QuestBrowse 1.0)

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
--
critical
RESOLVED FIXED
7 years ago
a year ago

People

(Reporter: Scoobidiver (away), Assigned: fligtar)

Tracking

({crash, regression, topcrash})

unspecified
x86
Windows 7
crash, regression, topcrash
Points:
---

Firefox Tracking Flags

(blocking2.0 final+, status1.9.2 ?, status1.9.1 ?)

Details

(Whiteboard: [blocklist][hardblocker][Hardblocked 2/9], crash signature)

(Reporter)

Description

7 years ago
It is #8 top crasher in 4.0b10 over the last week.

Signature	nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&)
UUID	22831dbc-e36b-409a-a4a1-b1ff82110131
Time 	2011-01-31 00:03:59.789793
Uptime	187
Last Crash	214 seconds (3.6 minutes) before submission
Install Age	387062 seconds (4.5 days) since version was first installed.
Product	Firefox
Version	4.0b10
Build ID	20110121161358
Branch	2.0
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	GenuineIntel family 6 model 30 stepping 5
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xffffffffc3671973
App Notes 	AdapterVendorID: 1002, AdapterDeviceID: 68c1, AdapterDriverVersion: 8.672.3.0

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	nsContentUtils::ASCIIToLower 	content/base/src/nsContentUtils.cpp:5075
1 	xul.dll 	nsDocument::GetElementsByTagName 	content/base/src/nsDocument.cpp:4557
2 		@0x30adbf 	
3 	mozillaps.dll 	mozillaps.dll@0x1e849 	
4 	mozillaps.dll 	mozillaps.dll@0x1e849 	
5 	mozillaps.dll 	mozillaps.dll@0x203af 	
6 	mozillaps.dll 	mozillaps.dll@0x203af 	
7 	mozillaps.dll 	mozillaps.dll@0x4557d 	
8 	mozillaps.dll 	mozillaps.dll@0xb53b 	
9 	mozillaps.dll 	mozillaps.dll@0x4be0b 	
10 	CmndFF.dll 	CmndFF.dll@0x15b2d 	
11 	mozillaps.dll 	mozillaps.dll@0x622c3 	
12 	mozillaps.dll 	mozillaps.dll@0x41ad0 	
13 	CmndFF.dll 	CmndFF.dll@0x1ab0a 	
14 	CmndFF.dll 	CmndFF.dll@0x1a9a3 	
15 	CmndFF.dll 	CmndFF.dll@0x16b0f 	
16 	CmndFF.dll 	CmndFF.dll@0x16ba5 	
17 	BrowserExtensionFF.dll 	BrowserExtensionFF.dll@0x1dc9 	
18 	BrowserExtensionFF.dll 	BrowserExtensionFF.dll@0x22d65 	
19 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
20 	xul.dll 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593
21 	xul.dll 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593
22 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
23 	xul.dll 	xul.dll@0x63aff 	
24 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
25 	mozjs.dll 	js::detail::HashTable<unsigned int const,js::HashSet<unsigned int,js::AtomHasher,js::SystemAllocPolicy>::SetOps,js::SystemAllocPolicy>::lookupForAdd 	js/src/jshashtable.h:591
26 	mozjs.dll 	js_AtomizeString 	js/src/jsatom.cpp:544
27 	mozjs.dll 	js::proxy_DefineProperty 	js/src/jsproxy.cpp:889
28 	xul.dll 	SandboxImport 	js/src/xpconnect/src/xpccomponents.cpp:3097
29 	mozjs.dll 	DefinePropertyById 	js/src/jsapi.cpp:3287
30 	mozjs.dll 	js_IndexToId 	js/src/jsarray.cpp:248
31 	mozjs.dll 	JS_DefineProperty 	js/src/jsapi.cpp:3332
32 	mozjs.dll 	JSObject::nativeSearch 	js/src/jsscope.h:676
33 	mozjs.dll 	GetPropertyDescriptorById 	js/src/jsapi.cpp:3515
34 	mozjs.dll 	JSObject::typeOf 	js/src/jsobj.h:1220
35 	mozjs.dll 	js::JSProxy::typeOf 	js/src/jsproxy.cpp:835
36 		@0xbf 	

More reports at:
https://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=nsContentUtils%3A%3AASCIIToLower%28nsAString_internal%20const%26%2C%20nsAString_internal%26%29
(Reporter)

Updated

7 years ago
blocking2.0: --- → ?

Comment 1

7 years ago
#4 on Beta10 and one of the top 20 regressions not in 3.6.13.
Keywords: regression
Extension correlation for ASCIIToLower in 20110201_Firefox_4.0b10-interesting-addons.txt.gz :

  nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&)|EXCEPTION_ACCESS_VIOLATION_READ (660 crashes)
     79% (520/660) vs.   1% (593/54673) ShopperReports@ShopperReports.com
     40% (261/660) vs.   1% (781/54673) ClickPotatoLite@ClickPotatoLite.com
     21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
     33% (216/660) vs.  19% (10151/54673) engine@conduit.com
      8% (53/660) vs.   0% (163/54673) HBLite@HBLite.com
     99% (652/660) vs.  93% (50876/54673) {972ce4c6-7e08-4474-a285-3208198ce6fd} (Default, https://addons.mozilla.org/addon/8150)
(In reply to comment #2)
>      21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}

I found a site that calls this Adware.QuestBrowse
(In reply to comment #2)
>      79% (520/660) vs.   1% (593/54673) ShopperReports@ShopperReports.com
>      40% (261/660) vs.   1% (781/54673) ClickPotatoLite@ClickPotatoLite.com
>      21% (137/660) vs.   1% (377/54673) {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}

Google searches seem to suggest that all three of these are adware/malware, though shopper reports does have a legit-looking website.

We should probably consider blocklisting them.
Whiteboard: [blocklist?]
(Reporter)

Updated

7 years ago
Summary: Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.0 → Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.1.22 or ClickPotatoLite 10.0 or QuestBrowse 1.0
(Or some of them; some may just be correlated with others.  Then again, if they're malware, it might not matter.  Who decides?)
So I think the minimum thing we should block is:

extension id: ShopperReports@ShopperReports.com
version: 3.1.22.0
Firefox versions: 3.7a1pre and higher

Based on the crash data, such a block would fix most of the crashes, and once it's in place we can see if any of the other extensions showing up as correlated need to be blocked as well (or they're just correlated with ShopperReports).


I suspect the extension is calling a method on an unfrozen interface (nsIDocument) without proper handling of binary compatibility issues.

(I tried installing the extension to see what minVersion/maxVersion its manifest reports, but the installer I downloaded into my VM didn't seem to install the extension.)
Component: DOM → Blocklisting
Product: Core → addons.mozilla.org
QA Contact: general → blocklisting
Version: Trunk → unspecified
blocking2.0: ? → final+
Whiteboard: [blocklist?] → [blocklist?][softblocker]
(Assignee)

Comment 7

7 years ago
Kev, can you reach out to ShopperReports.com? This is a Firefox 4 softblocker.
Assignee: nobody → kev
This is a hard blocker, actually. #4 topcrash. We can either blocklist the extension or, perhaps more easily, add the DLL to our DLL blocklist.
Whiteboard: [blocklist?][softblocker] → [blocklist?][hardblocker]

Comment 9

7 years ago
This is, I believe, one of Pinball Publishing Network's (formerly Zango Cash, Inc.) crapware extensions. They basically create installers for apps that include/install the extensions, and pay distributors an install fee for putting it in. I can reach out, but don't expect any happy replies.
I would say blocklist the hell out of this, both CmndFF.dll and mozillaps.dll.

Comment 11

7 years ago
I second Comment #10, and will add a "damn hell" for additional emphasis.
Shouldn't we generally prefer addon blocklisting over dll blocklisting when both would work?
I dunno, seems like we'd never want those dlls to load, no matter what addon they come from.  I would not be opposed to doing both, though!

Comment 14

7 years ago
Just to confirm, DLL blocklisting is like add-on hardblocking right?  I'm pretty sure no one will miss this but I just want to know if people were going to get the "We've disabled X" message in case we need to explain it on SUMO.

Comment 15

7 years ago
Also, per reports on sumo this is unwanted:

https://support.mozilla.com/en-US/questions/778682
https://support.mozilla.com/en-US/questions/777919

I'd suggest just doing an across the board blocklist rather than just for Firefox 4.
(Assignee)

Comment 16

7 years ago
This bug was filed as a crash block, so I'd like to take care of that. If someone thinks this is malware and wants the block range extended based on that, please file a separate bug for further investigation.

The crashing version and range is only this, correct?

extension id: ShopperReports@ShopperReports.com
version: 3.1.22.0
Firefox versions: 3.7a1pre and higher

Kev, have they responded about whether they intend to fix the bug as described in comment #6?
Whiteboard: [blocklist?][hardblocker] → [blocklist?][hardblocker][Block planned for 2/8]
(In reply to comment #16)
> This bug was filed as a crash block, so I'd like to take care of that. If
> someone thinks this is malware and wants the block range extended based on
> that, please file a separate bug for further investigation.
> 
> The crashing version and range is only this, correct?
> 
> extension id: ShopperReports@ShopperReports.com
> version: 3.1.22.0
> Firefox versions: 3.7a1pre and higher

Actually, just looked at crash reports for 3.6, and it's also the primary cause of the PR_AtomicIncrement crashes on 3.6 (which is the #3 browser crash), and the same on 3.5.16 (again, PR_AtomicIncrement, #3 browser crash).

So I think the block should be for all Firefox versions.

But as far as fixing crashes, that's what's needed.
(Reporter)

Updated

7 years ago
Duplicate of this bug: 631149
(Reporter)

Updated

7 years ago
status1.9.1: --- → ?
status1.9.2: --- → ?
(Reporter)

Updated

7 years ago
Summary: Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.1.22 or ClickPotatoLite 10.0 or QuestBrowse 1.0 → Crash [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ] with Shopper reports 3.1.22 (or ClickPotatoLite 10.0 or QuestBrowse 1.0)
(Assignee)

Comment 19

7 years ago
Alright, this is on staging:

<emItem id="ShopperReports@ShopperReports.com">
    <versionRange minVersion="3.1.22.0" maxVersion="3.1.22.0"/>
</emItem>

Any help testing it using these instructions ( https://wiki.mozilla.org/Blocklisting/Testing ) would be appreciated.

I went with a hardblock because it is limited to a single version and we've recently had disturbing numbers of users opting out of softblocks and still crashing.
Assignee: kev → fligtar
Whiteboard: [blocklist?][hardblocker][Block planned for 2/8] → [blocklist?][hardblocker][Block planned for 2/8][needs testing]
(Assignee)

Updated

7 years ago
Whiteboard: [blocklist?][hardblocker][Block planned for 2/8][needs testing] → [blocklist?][hardblocker][Block planned for 2/9][needs testing]
note this is rising up in crash-stats
(Assignee)

Comment 21

7 years ago
bug 632984 filed for website update. as soon as that's live I'll push the block.
Depends on: 632984
(Assignee)

Comment 22

7 years ago
Blocked in production.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Whiteboard: [blocklist?][hardblocker][Block planned for 2/9][needs testing] → [blocklist][hardblocker][Hardblocked 2/9]
nsContentUtils::ASCIIToLower has fallen down to #76 browser crash for 4.0b11 when searching only the last 24 hours.  (The remaining crashes could just be an issue of blocklist uptake being slow for some users.)

Comment 24

6 years ago
Thought I'd leave a comment on this bug just in case anyone who worked on it is CC'd by the change (and is still interested):

I'm one of the developers working on the shopperreports@shopperreports.com extension.  We tracked this crash down to issues with XPCOM glue in several of our supporting modules.  I believe we have it ironed out and we will re-deploy a new build of the extension in the next few days.  When we do, we'll be watching crash-stats.mozilla.com (wish we had found that site a long time ago) to make sure we don't create another headache like this one.

I see the business model this extension supports is not popular with everyone who worked on this bug.  I can't change the company's business model, but I can respond when there are issues with our software.  Please consider me a future point of contact regarding Pinball software if you need one--and I sincerely hope it will be for happier reasons than this.
Crash Signature: [@ nsContentUtils::ASCIIToLower(nsAString_internal const&, nsAString_internal&) ]

Comment 25

4 years ago
I would like to no if i can be un blocked if possible because i would like to continue playing card games in yahoo if possible in it a great site to play in and i would like to no the the problem why i was blocked in the first place if i did something wrong i would like to apologize from anywrong doing thank you for listening
(Reporter)

Comment 26

4 years ago
riouxsam, do you have an extension blocked? Which one and which version?
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.