crash in nsUrlClassifierPrefixSet::GetPrefixes

RESOLVED FIXED in Firefox 13

Status

()

Toolkit
Safe Browsing
--
critical
RESOLVED FIXED
5 years ago
3 years ago

People

(Reporter: Scoobidiver (away), Assigned: gcp)

Tracking

({crash, regression})

13 Branch
Firefox 17
All
Windows XP
crash, regression
Points:
---

Firefox Tracking Flags

(firefox13+ fixed, firefox14 fixed)

Details

(crash signature)

(Reporter)

Description

5 years ago
It's #21 top browser crasher in 13.0b1 with many dupes and first appeared in 13.0a1/20120211.
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fb81c9a433e4&tochange=d71dab82fff4

It has never shown up in crash stats after 14.0a1/20120418.

Signature 	nsUrlClassifierPrefixSet::GetPrefixes(unsigned int*, unsigned int**) More Reports Search
UUID	0a5b9e22-9f79-44a1-9f52-80cd02120501
Date Processed	2012-05-01 00:29:40
Uptime	80
Last Crash	1.4 minutes before submission
Install Age	2.5 days since version was first installed.
Install Time	2012-04-28 13:03:01
Product	Firefox
Version	13.0
Build ID	20120425123149
Release Channel	beta
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
Build Architecture	x86
Build Architecture Info	GenuineIntel family 15 model 3 stepping 4
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x7d03000
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2572, AdapterSubsysID: 12bc103c, AdapterDriverVersion: 6.14.10.4363
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	2147352576
Available Virtual Memory	1928089600
System Memory Use Percentage	84
Available Page File	213168128
Available Physical Memory	40714240

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsUrlClassifierPrefixSet::GetPrefixes 	toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp:275
1 	xul.dll 	mozilla::safebrowsing::LookupCache::GetPrefixes 	toolkit/components/url-classifier/LookupCache.cpp:778
2 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyTableUpdates 	toolkit/components/url-classifier/Classifier.cpp:530
3 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyUpdates 	toolkit/components/url-classifier/Classifier.cpp:366
4 	xul.dll 	nsUrlClassifierDBServiceWorker::ApplyUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:660
5 	xul.dll 	nsUrlClassifierDBServiceWorker::FinishUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:634
6 	xul.dll 	nsRunnableMethodImpl<unsigned int 	obj-firefox/dist/include/nsThreadUtils.h:345
7 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
8 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:289
9 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:426
10 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:122
11 	msvcr100.dll 	_callthreadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314
12 	msvcr100.dll 	_threadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292
13 	kernel32.dll 	BaseThreadStart 

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsUrlClassifierPrefixSet%3A%3AGetPrefixes%28unsigned+int*%2C+unsigned+int**%29
QA can anyone reproduce this or get STR?
tracking-firefox13: ? → +
Keywords: qawanted
(In reply to Lukas Blakk [:lsblakk] from comment #1)
> QA can anyone reproduce this or get STR?

I'm not even sure where to begin. There are no comments in the crash reports and I don't see any correlations.

Comment 3

5 years ago
Hey Gavin, we don't have any good leads for QA to pick up on, but we do know that this topcrash was fixed on or soon after 14.0a1/20120418. Any suspect (or rather beneficial) changes in that build?
Assignee: nobody → gavin.sharp
Keywords: qawanted
gcp backed out bug 673470 on April 20th. That backout also made it to beta (bug 673470 comment 100).
Assignee: gavin.sharp → gpascutto
(Assignee)

Updated

5 years ago
Blocks: 673470
(Assignee)

Comment 5

5 years ago
I backed the relevant code out of beta the 1st of May, so betas built after that date should be unaffected. 

http://hg.mozilla.org/releases/mozilla-beta/annotate/f16e48c88ac3/toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp#l275

The sanity/corruption check on line 361 should be done before line 275 too.
(Reporter)

Updated

5 years ago
status-firefox13: affected → fixed
status-firefox14: unaffected → fixed
(Reporter)

Comment 6

5 years ago
There are no crashes in versions above 13.0b1.
Keywords: topcrash
(Assignee)

Comment 7

5 years ago
The code that was causing this is landing again in bug 673470, but has a fix applied:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4c01bc89b521
https://hg.mozilla.org/mozilla-central/rev/4c01bc89b521
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 17
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.