Last Comment Bug 694432 - Nightly fails to start on Windows 8 since 20111012 build
: Nightly fails to start on Windows 8 since 20111012 build
: regression
Product: Core
Classification: Components
Component: Security (show other bugs)
: Trunk
: x86 Windows 8
-- major with 7 votes (vote)
: mozilla10
Assigned To: :Ehsan Akhgari
: David Keeler [:keeler] (use needinfo?)
: 694558 694729 694731 (view as bug list)
Depends on: 695161 732589
Blocks: 677797 1193387
  Show dependency treegraph
Reported: 2011-10-13 14:54 PDT by Sid
Modified: 2015-08-24 10:10 PDT (History)
22 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

AMDx6 1090T Win8 8102 DxDiag (61.64 KB, text/plain)
2011-10-15 03:15 PDT, MrX1980
no flags Details
Patch (v1) (2.88 KB, patch)
2011-10-16 16:52 PDT, :Ehsan Akhgari
benjamin: review-
Details | Diff | Splinter Review
Patch for aurora and beta (2.15 KB, patch)
2011-10-16 16:55 PDT, :Ehsan Akhgari
asa: approval‑mozilla‑aurora+
asa: approval‑mozilla‑beta+
Details | Diff | Splinter Review
Patch (v2) (2.87 KB, patch)
2011-10-17 08:24 PDT, :Ehsan Akhgari
benjamin: review+
Details | Diff | Splinter Review

Description User image Sid 2011-10-13 14:54:43 PDT
I'm using Windows 8 Developer Preview. Nightly builds 20111012 and later just won't start. The process appears in the Task Manager for a few seconds, then disappears, but application window never shows up. Launching Nightly with Shift button doesn't help. Last working Nightly build was 20111011.
Comment 1 User image Sid 2011-10-13 15:51:05 PDT
The breaking changeset seems to be
Bug 677797 seems suspiciously.
Comment 2 User image Makoto Kato [:m_kato] 2011-10-14 08:11:36 PDT
*** Bug 694558 has been marked as a duplicate of this bug. ***
Comment 3 User image draknem 2011-10-14 08:18:11 PDT
Windows 8 Developer Preview x64 - the same problem. How can it be solved?
Comment 4 User image Michael Lefevre 2011-10-14 18:44:42 PDT
Confirming based on two bugzilla reports and a couple more reports on Mozillazine. Not sure if security is the right component for a non-security bug caused by a security fix, but...
Comment 5 User image bogas04 2011-10-14 22:51:25 PDT
Confirming on Latest UX build and Nightly build
Comment 6 User image Matthias Versen [:Matti] 2011-10-14 23:10:24 PDT
*** Bug 694731 has been marked as a duplicate of this bug. ***
Comment 7 User image Matthias Versen [:Matti] 2011-10-14 23:10:30 PDT
*** Bug 694729 has been marked as a duplicate of this bug. ***
Comment 8 User image xnem3s1sx 2011-10-14 23:32:56 PDT
This should be listed as blocker.
Comment 9 User image MrX1980 2011-10-15 03:13:49 PDT

Stopped working

‎14.‎10.‎2011 21:28

Report sent

Faulting Application Path:	C:\Program Files (x86)\Mozilla\Firefox\Nightly\firefox.exe

Problem signature
Problem Event Name:	APPCRASH
Application Name:	firefox.exe
Application Version:
Application Timestamp:	4e9834b9
Fault Module Name:	ntdll.dll
Fault Module Version:	6.2.8102.0
Fault Module Timestamp:	4e546498
Exception Code:	c0000005
Exception Offset:	00063450
OS Version:	6.2.8102.
Locale ID:	1031
Additional Information 1:	5861
Additional Information 2:	5861822e1919d7c014bbb064c64908b2
Additional Information 3:	7812
Additional Information 4:	78125405641511429762037848645157

Extra information about the problem
Bucket ID:	06fc03c33bb3edbab6a2259a72b3ce6a


Firefox Beta and Aurora are working (exept the GUI glitches)
Comment 10 User image MrX1980 2011-10-15 03:15:48 PDT
Created attachment 567274 [details]
AMDx6 1090T Win8 8102 DxDiag
Comment 11 User image :Ehsan Akhgari 2011-10-15 10:56:50 PDT
I could reproduce this.  I will investigate.
Comment 12 User image :Ehsan Akhgari 2011-10-16 16:52:22 PDT
Created attachment 567368 [details] [diff] [review]
Patch (v1)

It seems like Windows 8's LdrLoadDll has been changed to accept more values inside the filePath argument.  The cause of the crash is that we're passed a value of 1 with that function the first time when we're trying to load user32.dll, and then we pass that to SearchPathW which causes a crash.

This isn't technically a regression from bug 677797 in the sense that on Windows 8, we would still crash without that patch if we're trying to load a DLL which has some of its versions blacklisted.  Therefore I think we need to take this patch (well, it's equivalent which would apply on Aurora and Beta) on those branches as well.
Comment 13 User image :Ehsan Akhgari 2011-10-16 16:55:44 PDT
Created attachment 567369 [details] [diff] [review]
Patch for aurora and beta
Comment 14 User image Benjamin Smedberg [:bsmedberg] 2011-10-17 08:05:41 PDT
Comment on attachment 567368 [details] [diff] [review]
Patch (v1)

IsBadStringPtr is almost never the value we want to be using. I suggest instead, if we don't actually have documentation or understanding of the problem, to use the check

(intptr_t(filePath) < 1024))
Comment 15 User image :Ehsan Akhgari 2011-10-17 08:24:02 PDT
Created attachment 567454 [details] [diff] [review]
Patch (v2)
Comment 17 User image Marco Bonardo [::mak] 2011-10-18 05:35:25 PDT
Comment 18 User image AndreiD[QA] 2011-10-19 07:09:58 PDT
I tested to see if this bug is verified fixed and got the following result for Mozilla Central:
Verified Fixed - Mozilla/5.0 (Windows NT 6.2; rv:10.0a1) Gecko/20111019 Firefox/10.0a1

-> I tested on the Windows 8 Developer Preview
-> The Nightly build before the landing of the patch doesn't load as noted in the Description
-> The first Nightly build (19 October) after the landing of the patch loads as expected

> Created attachment 567369 [details] [diff] [review] [diff] [details] [review]
> Patch for aurora and beta
Are these patches landed yet? If not, the status of this bug will be changed to verified when testing on this branches is done, as well.
Comment 19 User image Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2011-10-19 07:11:37 PDT
Why do we need this on Aurora and Beta?  Windows 8 isn't a supported platform for Gecko 8 or 9.
Comment 20 User image Ludovic Hirlimann [:Usul] 2011-10-19 07:17:34 PDT
(In reply to Kyle Huey [:khuey] ( from comment #19)
> Why do we need this on Aurora and Beta?  Windows 8 isn't a supported
> platform for Gecko 8 or 9.

To get more testing from the users of these branches on windows 8 ?
Comment 21 User image :Ehsan Akhgari 2011-10-19 07:39:31 PDT
(In reply to Kyle Huey [:khuey] ( from comment #19)
> Why do we need this on Aurora and Beta?  Windows 8 isn't a supported
> platform for Gecko 8 or 9.

Technically it's not a supported platform for Gecko 10 either!  But without this, if there's a DLL on a Windows 8 system which we blacklist, we'll just crash.  I think that if we can do something safe to fix that problem (which is what this patch does), we should take it.  But I'll leave it to drivers in order to make a decision about this.
Comment 23 User image AndreiD[QA] 2011-10-24 07:14:00 PDT
(In reply to Ehsan Akhgari [:ehsan] from comment #22)

I tested to see if this bug is verified considering the landing of the patches on Beta and Aurora channels, Windows 8 Developer Preview:
Verified Fixed on:
Mozilla/5.0 (Windows NT 6.2; rv:8.0) Gecko/20100101 Firefox/8.0 (Beta)
Mozilla/5.0 (Windows NT 6.2; rv:9.0a2) Gecko/20111023 Firefox/9.0a2 (Aurora)

Considering these and the verifications did on central (comment 18), setting this bug's status as Verified and changing the keyword to qa! (all channels)
Comment 24 User image christian 2011-10-25 22:15:21 PDT
---------------------------------[ Triage Comment ]---------------------------------

Windows 8 is pre-release and isn't supported by any shipping version of Firefox, therefore we will not track it explicitly.

Of course, the bug is already fixed but if for some reason it becomes unfixed we don't need visibility because of our lack of support (and I bet Asa and Robert Strong's team are all over this).

Note You need to log in before you can comment on or make changes to this bug.