Closed
Bug 749928
Opened 13 years ago
Closed 12 years ago
[adbe 3517597] Flash crash in F_1522300002
Categories
(External Software Affecting Firefox Graveyard :: Flash (Adobe), defect, P1)
External Software Affecting Firefox Graveyard
Flash (Adobe)
x86
Windows 7
Tracking
(firefox-esr17 unaffected, b2g18 unaffected)
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
firefox-esr17 | --- | unaffected |
b2g18 | --- | unaffected |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, sec-vector, Whiteboard: [Flash 11.7][fixed in Flash 11.7.700.141])
Crash Data
It's #14 top crasher in the first days of 13.0b1.
Signature msvcr100.dll@0x8af06 More Reports Search
UUID ac51f3e2-2c7e-4072-ab88-385122120428
Date Processed 2012-04-28 09:35:12
Process Type plugin Version: Filename: NPSWF32_11_3_300_231.dll
Uptime 3146
Install Age 1.8 days since version was first installed.
Install Time 2012-04-26 14:42:11
Product Firefox
Version 13.0
Build ID 20120425123149
Release Channel beta
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 42 stepping 7
Crash Reason EXCEPTION_NONCONTINUABLE_EXCEPTION
Crash Address 0x0
App Notes
AdapterVendorID: 0x10de, AdapterDeviceID: 0x0dc6, AdapterSubsysID: 23621462, AdapterDriverVersion: 8.17.13.132
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
EMCheckCompatibility True
Frame Module Signature Source
0 msvcr100.dll msvcr100.dll@0x8af06
1 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30541c
2 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x302fd5
3 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x3147c0
4 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30342f
5 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x305bb7
6 user32.dll MsgWaitForMultipleObjects
7 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x318019
8 KERNELBASE.dll WaitForSingleObjectEx
9 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x306549
10 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30511f
11 ntdll.dll WinSqmSetIfMaxDWORD
12 ntdll.dll RtlpLowFragHeapAllocFromContext
13 ntdll.dll RtlAllocateHeap
14 ntdll.dll RtlFreeHeap
15 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30706f
16 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x2fde02
17 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30ba1f
18 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30bd0f
19 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30a63d
20 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30e4eb
21 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x31ce16
22 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30cf77
23 ntdll.dll NtClearEvent
24 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30ed68
25 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x7ba977
26 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x7ba917
27 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30f8a2
28 ntdll.dll RtlAllocateHeap
29 ntdll.dll RtlFreeHeap
30 ntdll.dll RtlpLowFragHeapAllocFromContext
31 ntdll.dll RtlAllocateHeap
32 ntdll.dll RtlFreeHeap
33 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1cc36d
34 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1ccb4d
35 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1ccb4d
36 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1ccc51
37 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1ccd84
38 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x1ccd97
39 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x3150bd
40 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x3000db
41 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x3150ab
42 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30c2ed
43 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x30a54e
44 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x2fda52
45 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x2fd40c
46 ntdll.dll RtlFreeHeap
47 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x670374
48 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x66dbb7
49 NPSWF32_11_3_300_231.dll NPSWF32_11_3_300_231.dll@0x2fd8a7
50 xul.dll mozilla::plugins::PluginModuleChild::AnswerPPluginInstanceConstructor dom/plugins/ipc/PluginModuleChild.cpp:2075
51 xul.dll mozilla::plugins::PPluginModuleChild::OnCallReceived obj-firefox/ipc/ipdl/PPluginModuleChild.cpp:1099
52 xul.dll mozilla::ipc::RPCChannel::DispatchIncall ipc/glue/RPCChannel.cpp:517
53 xul.dll mozilla::ipc::RPCChannel::OnMaybeDequeueOne ipc/glue/RPCChannel.cpp:430
54 xul.dll MessageLoop::RunTask ipc/chromium/src/base/message_loop.cc:318
55 xul.dll MessageLoop::DeferOrRunPendingTask ipc/chromium/src/base/message_loop.cc:326
56 xul.dll MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:426
57 xul.dll base::MessagePumpForUI::DoRunLoop ipc/chromium/src/base/message_pump_win.cc:214
58 xul.dll base::MessagePumpWin::RunWithDispatcher ipc/chromium/src/base/message_pump_win.cc:53
59 xul.dll base::MessagePumpWin::Run ipc/chromium/src/base/message_pump_win.h:78
60 xul.dll MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208
61 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:194
62 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:175
63 xul.dll XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:513
64 xul.dll XRE_StringToChildProcessType toolkit/xre/nsEmbedFunctions.cpp:244
65 plugin-container.exe __tmainCRTStartup crtexe.c:552
66 kernel32.dll BaseThreadInitThunk
67 ntdll.dll __RtlUserThreadStart
68 ntdll.dll _RtlUserThreadStart
More reports at:
https://crash-stats.mozilla.com/report/list?signature=msvcr100.dll%400x8af06
http://flashdaily.net/tagged/stage3d/
using "NEXT PAGE" or "PREVIOUS PAGE"
The first flash content on the page crashing.
NPSWF32_11_3_300_250.dll (beta 3)
https://crash-stats.mozilla.com/report/index/bp-9f6236f6-baa3-441e-8657-f867f2120506
Reporter | ||
Updated•13 years ago
|
Summary: crash in NPSWF32_11_3_300_231 @ msvcr100 → crash in NPSWF32_11_3_300_231 or NPSWF32_11_3_300_250 @ msvcr100
Reporter | ||
Comment 2•13 years ago
|
||
It's #24 top crasher in 13.0b2.
Here is a stack with debug symbols:
Frame Module Signature Source
0 msvcr100.dll msvcr100.dll@0x8af06
1 NPSWF32_11_3_300_231.dll F_1522300002____________________________________________________________________ F1138463164____________________________________________________________________________:296
2 NPSWF32_11_3_300_231.dll F_359086521_____________________________________________________________________ F_810780745_________________________________________________________________________:48
3 user32.dll MsgWaitForMultipleObjects
4 NPSWF32_11_3_300_231.dll F_360897130_____________ F1022490233____________________________________________________________________:14
5 ntdll.dll WinSqmSetIfMaxDWORD
6 ntdll.dll RtlpLowFragHeapAllocFromContext
7 ntdll.dll RtlAllocateHeap
8 ntdll.dll RtlFreeHeap
9 NPSWF32_11_3_300_231.dll F1052806523_____________________________________________________________________ c:\program files (x86)\microsoft visual studio 9.0\vc\include\xhash:822
10 NPSWF32_11_3_300_231.dll F_1668628166____________________________________________________________________ c:\program files (x86)\microsoft visual studio 9.0\vc\include\xhash:638
11 NPSWF32_11_3_300_231.dll F1263766580_________________________________________________________________ F_1065155439_________________________________________________________:103
12 NPSWF32_11_3_300_231.dll F_1513036030________________________________________ F_1776795565____________________________________________________________________________:46
13 NPSWF32_11_3_300_231.dll F_424569316__________________________________________________ F_1294233937_________________________________________________________________________________:199
14 NPSWF32_11_3_300_231.dll F1607135317_____________________________________________________________________ F_952321248____________________________________________________________________:118
15 NPSWF32_11_3_300_231.dll F2166389_____________________________________________________________________ F_952321248____________________________________________________________________:517
16 NPSWF32_11_3_300_231.dll F_917831355____________________________________________ F_952321248____________________________________________________________________:445
17 NPSWF32_11_3_300_231.dll F1315696776________________________________ F_952321248____________________________________________________________________:409
18 NPSWF32_11_3_300_231.dll F81047063_______________________________________ F_1294233937_________________________________________________________________________________:180
19 NPSWF32_11_3_300_231.dll F845925699_____________________________________ F_595327990____________________________________________________________________________________________:90
20 NPSWF32_11_3_300_231.dll F15952908_________________________________________________________ F_2063163564___________________________________________________________________________________________:250
21 NPSWF32_11_3_300_231.dll F1601322143_______________________________________________________________ F_2063163564___________________________________________________________________________________________:1437
22 xul.dll mozilla::plugins::PluginModuleChild::AnswerPPluginInstanceConstructor dom/plugins/ipc/PluginModuleChild.cpp:2075
23 xul.dll mozilla::plugins::PPluginModuleChild::OnCallReceived obj-firefox/ipc/ipdl/PPluginModuleChild.cpp:1099
24 xul.dll mozilla::ipc::RPCChannel::DispatchIncall ipc/glue/RPCChannel.cpp:517
25 xul.dll mozilla::ipc::RPCChannel::Incall ipc/glue/RPCChannel.cpp:503
26 xul.dll mozilla::ipc::RPCChannel::OnMaybeDequeueOne ipc/glue/RPCChannel.cpp:430
...
Summary: crash in NPSWF32_11_3_300_231 or NPSWF32_11_3_300_250 @ msvcr100 → crash in F_1522300002 @ msvcr100 (Flash 11.3)
this does't look to reproduce in the shipping version on flash player 11.3. the reports have no instances of 11,3,200,257 as a loaded module.
Reporter | ||
Comment 4•12 years ago
|
||
It exploded with Flash 11.7 (#4 top Flash crasher). See https://crash-stats.mozilla.com/query/query?product=Firefox&process_type=plugin&hang_type=any&plugin_field=filename&plugin_query_type=exact&plugin_query=NPSWF32_11_7_700_128.dll&do_query=1
The stack trace is slightly different from the one in Flash 11.3:
Frame Module Signature Source
0 msvcr100.dll msvcr100.dll@0x8af06
1 NPSWF32_11_7_700_128.dll F_1522300002____________________________________________________________________ F1748593675___________________________________________________________________________:367
2 NPSWF32_11_7_700_128.dll F_1235519338____________________________________________________________________ F1756936203___________________________________________________________________:879
3 NPSWF32_11_7_700_128.dll F850248864______________________________________________________________________ F_1231830797___________________________________________________________________________:521
4 NPSWF32_11_7_700_128.dll F_773489510_____________________________________________ F1748593675___________________________________________________________________________:199
5 NPSWF32_11_7_700_128.dll F_1513036030________________________________________ F1707225870____________________________________________________________________________:47
6 NPSWF32_11_7_700_128.dll F_1371125________________________________________________ F355145997______________________________________________________________________________:222
7 NPSWF32_11_7_700_128.dll F_652032984_____________________________________________________ F_469029650____________________________________________________________________:261
8 NPSWF32_11_7_700_128.dll F1607135317_____________________________________________________________________ F442887975____________________________________________________________________:134
9 NPSWF32_11_7_700_128.dll F2166389_____________________________________________________________________ F442887975____________________________________________________________________:560
10 NPSWF32_11_7_700_128.dll F_917831355____________________________________________ F442887975____________________________________________________________________:488
11 NPSWF32_11_7_700_128.dll F1315696776________________________________ F442887975____________________________________________________________________:439
12 NPSWF32_11_7_700_128.dll F_1428703866________________________________ F355145997______________________________________________________________________________:203
13 NPSWF32_11_7_700_128.dll F845925699_____________________________________ F1836254737___________________________________________________________________________________________:104
14 NPSWF32_11_7_700_128.dll F15952908_________________________________________________________ F368419163____________________________________________________________________________________________:311
15 NPSWF32_11_7_700_128.dll F1601322143_______________________________________________________________ F368419163____________________________________________________________________________________________:1761
16 xul.dll mozilla::plugins::PluginModuleChild::AnswerPPluginInstanceConstructor dom/plugins/ipc/PluginModuleChild.cpp:2045
17 xul.dll mozilla::plugins::PPluginModuleChild::OnCallReceived obj-firefox/ipc/ipdl/PPluginModuleChild.cpp:1127
18 xul.dll mozilla::ipc::RPCChannel::DispatchIncall ipc/glue/RPCChannel.cpp:486
19 xul.dll mozilla::ipc::RPCChannel::Incall ipc/glue/RPCChannel.cpp:472
20 xul.dll mozilla::ipc::RPCChannel::OnMaybeDequeueOne ipc/glue/RPCChannel.cpp:398
...
Summary: crash in F_1522300002 @ msvcr100 (Flash 11.3) → crash in F_1522300002 @ msvcr100
Whiteboard: [Flash 11.7]
Comment 5•12 years ago
|
||
scoobidiver, I can see F_1522300002 in the topcrash list, but I can't find it calling msvcr100.dll: it seems to always be calling other memory e.g. @0x64457478
see e.g. https://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A19.0b6&query_search=signature&query_type=contains&reason_type=contains&date=03%2F11%2F2013%2015%3A38%3A06&range_value=1&range_unit=weeks&hang_type=any&process_type=plugin&plugin_field=filename&plugin_query_type=exact&plugin_query=NPSWF32_11_7_700_128.dll&do_query=1&admin=1&signature=F_1522300002______________________________________________________________________________________________________________________________________
and https://crash-stats.mozilla.com/report/index/11e3ecb1-7485-44b7-a6f8-f90762130311
Where did the report from comment 4 come from?
Flags: needinfo?(scoobidiver)
Reporter | ||
Comment 6•12 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #5)
> Where did the report from comment 4 come from?
See https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=msvcr100.dll%400x8af06&reason_type=contains&hang_type=any&process_type=plugin&plugin_field=filename&plugin_query_type=exact&plugin_query=NPSWF32_11_7_700_128.dll&do_query=1&signature=msvcr100.dll%400x8af06
> and https://crash-stats.mozilla.com/report/index/11e3ecb1-7485-44b7-a6f8-f90762130311
It has the same stack trace as the one in comment 4.
Crash Signature: [@ msvcr100.dll@0x8af06] → [@ msvcr100.dll@0x8af06]
[@ F_1522300002______________________________________________________________________________________________________________________________________ ]
Flags: needinfo?(scoobidiver)
Summary: crash in F_1522300002 @ msvcr100 → Flash crash in F_1522300002
Comment 7•12 years ago
|
||
Loaded https://crash-stats.mozilla.com/report/index/7ac5cfa1-31bb-477c-8331-846252130311 into a debugger:
> msvcr100.dll!_purecall() Line 54 C
NPSWF32_11_7_700_128.dll!F1533144084___________() Line 367 C++
NPSWF32_11_7_700_128.dll!F_252725760_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________() Line 885 C++
NPSWF32_11_7_700_128.dll!F_1973768506__________________________________________________________________________________________________________________________________________________________________________________________________() Line 521 C++
NPSWF32_11_7_700_128.dll!F1905067976____________________() Line 199 C++
NPSWF32_11_7_700_128.dll!F815948603_________________() Line 47 C++
NPSWF32_11_7_700_128.dll!F_67009659______________________() Line 222 C++
NPSWF32_11_7_700_128.dll!F_312056433__________________________________() Line 267 C++
NPSWF32_11_7_700_128.dll!F_1333012921____________________________________________() Line 135 C++
NPSWF32_11_7_700_128.dll!F2143948523___________________() Line 561 C++
NPSWF32_11_7_700_128.dll!F_130030736______________________() Line 488 C++
NPSWF32_11_7_700_128.dll!F509619773____________() Line 440 C++
NPSWF32_11_7_700_128.dll!F1588688136________() Line 203 C++
NPSWF32_11_7_700_128.dll!F_1695674599__________() Line 105 C++
NPSWF32_11_7_700_128.dll!F_1634308725_________() Line 313 C++
NPSWF32_11_7_700_128.dll!F_168982545___________________() Line 1761 C++
dwmapi.dll!_DwmDefWindowProc@20()
the _purecall here is likely an indication of calling a virtual method on a deleted pointer.
Group: core-security
Updated•12 years ago
|
Priority: -- → P1
Comment 8•12 years ago
|
||
This is Adobe 3517597
Reporter | ||
Updated•12 years ago
|
Summary: Flash crash in F_1522300002 → [adbe 3517597] Flash crash in F_1522300002
Comment 9•12 years ago
|
||
We believe that this is already fixed in our mainline, and should be available in our next beta drop (I don't know the build number yet).
Updated•12 years ago
|
Keywords: sec-vector
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Whiteboard: [Flash 11.7] → [Flash 11.7][fixed in Flash 11.7.700.141]
Reporter | ||
Updated•12 years ago
|
Resolution: WORKSFORME → FIXED
Comment 10•12 years ago
|
||
Thanks for the confirmation. We've closed this on our side as well.
Updated•12 years ago
|
Comment 11•9 years ago
|
||
Version and milestone values are being reset to defaults as part of product refactoring.
Version: 11.x → unspecified
Updated•2 years ago
|
Product: External Software Affecting Firefox → External Software Affecting Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•