Closed Bug 750625 Opened 8 years ago Closed 7 years ago

crash in nsUrlClassifierPrefixSet::GetPrefixes

Categories

(Toolkit :: Safe Browsing, defect, critical)

13 Branch
All
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Firefox 17
Tracking Status
firefox13 + fixed
firefox14 --- fixed

People

(Reporter: scoobidiver, Assigned: gcp)

References

Details

(Keywords: crash, regression)

Crash Data

It's #21 top browser crasher in 13.0b1 with many dupes and first appeared in 13.0a1/20120211.
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fb81c9a433e4&tochange=d71dab82fff4

It has never shown up in crash stats after 14.0a1/20120418.

Signature 	nsUrlClassifierPrefixSet::GetPrefixes(unsigned int*, unsigned int**) More Reports Search
UUID	0a5b9e22-9f79-44a1-9f52-80cd02120501
Date Processed	2012-05-01 00:29:40
Uptime	80
Last Crash	1.4 minutes before submission
Install Age	2.5 days since version was first installed.
Install Time	2012-04-28 13:03:01
Product	Firefox
Version	13.0
Build ID	20120425123149
Release Channel	beta
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
Build Architecture	x86
Build Architecture Info	GenuineIntel family 15 model 3 stepping 4
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x7d03000
App Notes 	
AdapterVendorID: 0x8086, AdapterDeviceID: 0x2572, AdapterSubsysID: 12bc103c, AdapterDriverVersion: 6.14.10.4363
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	2147352576
Available Virtual Memory	1928089600
System Memory Use Percentage	84
Available Page File	213168128
Available Physical Memory	40714240

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsUrlClassifierPrefixSet::GetPrefixes 	toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp:275
1 	xul.dll 	mozilla::safebrowsing::LookupCache::GetPrefixes 	toolkit/components/url-classifier/LookupCache.cpp:778
2 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyTableUpdates 	toolkit/components/url-classifier/Classifier.cpp:530
3 	xul.dll 	mozilla::safebrowsing::Classifier::ApplyUpdates 	toolkit/components/url-classifier/Classifier.cpp:366
4 	xul.dll 	nsUrlClassifierDBServiceWorker::ApplyUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:660
5 	xul.dll 	nsUrlClassifierDBServiceWorker::FinishUpdate 	toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:634
6 	xul.dll 	nsRunnableMethodImpl<unsigned int 	obj-firefox/dist/include/nsThreadUtils.h:345
7 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
8 	xul.dll 	nsThread::ThreadFunc 	xpcom/threads/nsThread.cpp:289
9 	nspr4.dll 	_PR_NativeRunThread 	nsprpub/pr/src/threads/combined/pruthr.c:426
10 	nspr4.dll 	pr_root 	nsprpub/pr/src/md/windows/w95thred.c:122
11 	msvcr100.dll 	_callthreadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314
12 	msvcr100.dll 	_threadstartex 	f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292
13 	kernel32.dll 	BaseThreadStart 

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsUrlClassifierPrefixSet%3A%3AGetPrefixes%28unsigned+int*%2C+unsigned+int**%29
QA can anyone reproduce this or get STR?
(In reply to Lukas Blakk [:lsblakk] from comment #1)
> QA can anyone reproduce this or get STR?

I'm not even sure where to begin. There are no comments in the crash reports and I don't see any correlations.
Hey Gavin, we don't have any good leads for QA to pick up on, but we do know that this topcrash was fixed on or soon after 14.0a1/20120418. Any suspect (or rather beneficial) changes in that build?
Assignee: nobody → gavin.sharp
Keywords: qawanted
gcp backed out bug 673470 on April 20th. That backout also made it to beta (bug 673470 comment 100).
Assignee: gavin.sharp → gpascutto
Blocks: 673470
I backed the relevant code out of beta the 1st of May, so betas built after that date should be unaffected. 

http://hg.mozilla.org/releases/mozilla-beta/annotate/f16e48c88ac3/toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp#l275

The sanity/corruption check on line 361 should be done before line 275 too.
There are no crashes in versions above 13.0b1.
Keywords: topcrash
The code that was causing this is landing again in bug 673470, but has a fix applied:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4c01bc89b521
https://hg.mozilla.org/mozilla-central/rev/4c01bc89b521
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 17
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.