Closed Bug 752262 Opened 12 years ago Closed 12 years ago

cross_fuzz_v3 crash NULL_CLASS_PTR_DEREFERENCE_c0000005_xul.dll!xpc::WrapperFactory::PrepareForWrapping

Categories

(Core :: XPConnect, defect)

x86_64
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: geeknik, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Attached file windbg log file
While running cross_fuzz_randomized_20110105_seed.html#1337 locally, Firefox 15a1 x64 (Built from http://hg.mozilla.org/mozilla-central/rev/0a48e6561534), Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:15.0) Gecko/15.0 Firefox/15.0a1, crashes within 2-3 minutes. There is no crash reporter popup, Firefox simply vanishes. I've attached a complete WinDBG log file.


FAULTING_IP: 
xul!xpc::WrapperFactory::PrepareForWrapping+25d [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\xpconnect\wrappers\wrapperfactory.cpp @ 234]
000007fe`e093001d 4d8b5d08        mov     r11,qword ptr [r13+8]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fee093001d (xul!xpc::WrapperFactory::PrepareForWrapping+0x000000000000025d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

FAULTING_THREAD:  000000000000103c

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000008

READ_ADDRESS:  0000000000000008 

FOLLOWUP_IP: 
xul!xpc::WrapperFactory::PrepareForWrapping+25d [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\xpconnect\wrappers\wrapperfactory.cpp @ 234]
000007fe`e093001d 4d8b5d08        mov     r11,qword ptr [r13+8]

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 000007fee0baa09b to 000007fee093001d
Probably a dupe of bug 752164.
Crash Signature: [@ xpc::WrapperFactory::PrepareForWrapping(JSContext*, JSObject*, JSObject*, unsigned int)]
Component: General → XPConnect
Product: Firefox → Core
QA Contact: general → xpconnect
Depends on: 752309
Blocks: 752309
No longer depends on: 752309
Blocks: 752164
(In reply to Scoobidiver from comment #1)
> Probably a dupe of bug 752164.

Actually, bug 752309 is where we are tracking this one.
Brian, does it work for you?
No longer crashes here.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: