Last Comment Bug 750625 - crash in nsUrlClassifierPrefixSet::GetPrefixes
: crash in nsUrlClassifierPrefixSet::GetPrefixes
Status: RESOLVED FIXED
: crash, regression
Product: Toolkit
Classification: Components
Component: Safe Browsing (show other bugs)
: 13 Branch
: All Windows XP
: -- critical (vote)
: Firefox 17
Assigned To: Gian-Carlo Pascutto [:gcp]
:
Mentors:
Depends on:
Blocks: 673470
  Show dependency treegraph
 
Reported: 2012-05-01 01:09 PDT by Scoobidiver (away)
Modified: 2014-05-27 12:25 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
fixed
fixed


Attachments

Description Scoobidiver (away) 2012-05-01 01:09:05 PDT
It's #21 top browser crasher in 13.0b1 with many dupes and first appeared in 13.0a1/20120211.
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fb81c9a433e4&tochange=d71dab82fff4

It has never shown up in crash stats after 14.0a1/20120418.

Signature 	nsUrlClassifierPrefixSet::GetPrefixes(unsigned int*, unsigned int**) More Reports Search
UUID	0a5b9e22-9f79-44a1-9f52-80cd02120501
Date Processed	2012-05-01 00:29:40
Uptime	80
Last Crash	1.4 minutes before submission
Install Age	2.5 days since version was first installed.
Install Time	2012-04-28 13:03:01
Product	Firefox
Version	13.0
Build ID	20120425123149
Release Channel	beta
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
Build Architecture	x86
Build Architecture Info	GenuineIntel family 15 model 3 stepping 4
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x7d03000
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2572, AdapterSubsysID: 12bc103c, AdapterDriverVersion: 6.14.10.4363
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	2147352576
Available Virtual Memory	1928089600
System Memory Use Percentage	84
Available Page File	213168128
Available Physical Memory	40714240

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsUrlClassifierPrefixSet::GetPrefixes 	toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp:275
1 	xul.dll 	mozilla::safebrowsing::LookupCache::GetPrefixes 	toolkit/components/url-classifier/LookupCache.cpp:778
2 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyTableUpdates 	toolkit/components/url-classifier/Classifier.cpp:530
3 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyUpdates 	toolkit/components/url-classifier/Classifier.cpp:366
4 	xul.dll 	nsUrlClassifierDBServiceWorker::ApplyUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:660
5 	xul.dll 	nsUrlClassifierDBServiceWorker::FinishUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:634
6 	xul.dll 	nsRunnableMethodImpl<unsigned int 	obj-firefox/dist/include/nsThreadUtils.h:345
7 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
8 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:289
9 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:426
10 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:122
11 	msvcr100.dll 	_callthreadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314
12 	msvcr100.dll 	_threadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292
13 	kernel32.dll 	BaseThreadStart 

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsUrlClassifierPrefixSet%3A%3AGetPrefixes%28unsigned+int*%2C+unsigned+int**%29
Comment 1 Lukas Blakk [:lsblakk] use ?needinfo 2012-05-03 12:12:25 PDT
QA can anyone reproduce this or get STR?
Comment 2 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-05-08 12:32:32 PDT
(In reply to Lukas Blakk [:lsblakk] from comment #1)
> QA can anyone reproduce this or get STR?

I'm not even sure where to begin. There are no comments in the crash reports and I don't see any correlations.
Comment 3 Alex Keybl [:akeybl] 2012-05-09 17:05:15 PDT
Hey Gavin, we don't have any good leads for QA to pick up on, but we do know that this topcrash was fixed on or soon after 14.0a1/20120418. Any suspect (or rather beneficial) changes in that build?
Comment 4 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-05-09 17:26:45 PDT
gcp backed out bug 673470 on April 20th. That backout also made it to beta (bug 673470 comment 100).
Comment 5 Gian-Carlo Pascutto [:gcp] 2012-05-09 17:45:26 PDT
I backed the relevant code out of beta the 1st of May, so betas built after that date should be unaffected. 

http://hg.mozilla.org/releases/mozilla-beta/annotate/f16e48c88ac3/toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp#l275

The sanity/corruption check on line 361 should be done before line 275 too.
Comment 6 Scoobidiver (away) 2012-06-20 06:01:15 PDT
There are no crashes in versions above 13.0b1.
Comment 7 Gian-Carlo Pascutto [:gcp] 2012-08-15 00:17:19 PDT
The code that was causing this is landing again in bug 673470, but has a fix applied:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4c01bc89b521
Comment 8 Ed Morley [:emorley] 2012-08-15 09:47:14 PDT
https://hg.mozilla.org/mozilla-central/rev/4c01bc89b521

Note You need to log in before you can comment on or make changes to this bug.