Closed Bug 719953 Opened 13 years ago Closed 13 years ago

mozcrt19.dll stack overflow using cisco vpn

Categories

(Core :: Memory Allocator, defect, P1)

Product:
Core
Component:
Memory Allocator
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: vnarsipu, Unassigned)

Details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2) Steps to reproduce: Dynamically loaded nspr4.dll. Actual results: Dynamically loading nspr4.dll, causes recursion in the mozcrt19.dll causing stack overflow and eventually resulting in a crash through invalid pointer dereference. A snapshot of the stack trace looks like below 0:000> ~*k . 0 Id: 21b0.104c Suspend: 0 Teb: 7efdd000 Unfrozen ChildEBP RetAddr 00091028 74be6d21 ntdll!_SEH_prolog4+0x2b 00091038 74bbe59e KERNELBASE!BaseSetLastNTError+0xf 00091048 74bbe600 KERNELBASE!VirtualAllocEx+0x53 00091064 043f5624 KERNELBASE!VirtualAlloc+0x18 00091080 043f8d59 mozcrt19!chunk_alloc_mmap+0x14 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 2451] 0009108c 043f8efc mozcrt19!chunk_alloc+0x9 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 2578] 000910a8 043f8f93 mozcrt19!arena_run_alloc+0xcc [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 3241] 000910c0 043f9112 mozcrt19!arena_bin_nonfull_run_get+0x53 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 3516] 000910d8 043f977f mozcrt19!arena_malloc_small+0x102 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 3771] 000910e4 043f9b1d mozcrt19!icalloc+0x2f [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 3867] . . . . . d96 0018e90c 039c3145 00000001 00000214 00000214 mozcrt19!_calloc_crt+0x17 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\crtheap.c @ 59] d97 0018e920 039c42a5 039c9ab8 00001db1 00000000 mozcrt19!_getptd_noexit+0x55 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\tidtable.c @ 606] d98 0018e924 039c9ab8 00001db1 00000000 039c47a7 mozcrt19!_errno+0x5 [e:\builds\moz2_slave\rel-m- rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\dosmap.c @ 282] d99 0018e930 039c47a7 00000001 00000214 00001db1 mozcrt19!calloc+0x28 [e:\builds\moz2_slave\rel-m- rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\jemalloc.c @ 6039] d9a 0018e94c 039c351d 00000001 00000214 00993eb0 mozcrt19!_calloc_crt+0x17 [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\crtheap.c @ 59] d9b 0018e95c 039c205a 0018ea48 00000001 00000001 mozcrt19!_mtinit+0x13d [e:\builds\moz2_slave\rel-m- rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\tidtable.c @ 426] d9c 0018e96c 039c23db 00000000 0018e98c 777a9930 mozcrt19!__CRTDLL_INIT+0xba [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\crtlib.c @ 302] d9d 0018e978 777a9930 039c0000 00000001 00000000 mozcrt19!_CRTDLL_INIT+0x1b [e:\builds\moz2_slave\rel-m-rel-w32-bld\build\obj-firefox\memory\jemalloc\crtsrc\crtlib.c @ 217] d9e 0018e998 777ad8a9 039c23c0 039c0000 00000001 ntdll!LdrpCallInitRoutine+0x14 d9f 0018ea8c 777ad76c 00000000 6a6cc0af 00000000 ntdll!LdrpRunInitializeRoutines+0x26f da0 0018ebf8 777ac4b5 0018ec5c 0018ec24 00000000 ntdll!LdrpLoadDll+0x4d1 da1 0018ec30 767c2288 0018ec24 0018ec74 0018ec5c ntdll!LdrLoadDll+0xaa da2 0018ec6c 0040e4d1 00000000 00000000 0381f9c4 KERNELBASE!LoadLibraryExW+0x1f1 Expected results: nspr4.dll should have successfully loaded in the context of Cisco VPN.
Severity: normal → critical
Priority: -- → P1
What version of Firefox did you see this with?
The version of mozcrt19.dll is version 8.0.0.0. Firefox was not being used but the libraries were being used.
We reworked our jemalloc integration for version of 9.0. You also shouldn't be using our libraries ... if you need a CRT, ship your own.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.