Closed Bug 752266 Opened 9 years ago Closed 7 years ago

Firefox startup crash in nsFileInputStream::Read (virus)

Categories

(Core :: Networking, defect)

13 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox12 --- affected
firefox13 + affected

People

(Reporter: marcia, Assigned: michal)

Details

(Keywords: crash, Whiteboard: [startupcrash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-d7d5b176-a9eb-451f-9621-5186a2120505 .
============================================================= 

Seen while looking through FF 13 B2 crashes. This crash has been around since much earlier releases, but has increased in volume since Firefox 11 - https://crash-stats.mozilla.com/report/list?signature=nsFileInputStream::Read%28char*,%20unsigned%20int,%20unsigned%20int*%29.

I will try to hunt down some manual correlations between the various versions. Haven't found anything useful yet in the comments.

Frame 	Module 	Signature 	Source
0 		@0x8f51d478 	
1 	xul.dll 	nsFileInputStream::Read 	netwerk/base/src/nsFileStreams.cpp:367
2 	xul.dll 	NS_ConsumeStream 	xpcom/io/nsStreamUtils.cpp:666
3 	xul.dll 	nsJSONListener::OnDataAvailable 	dom/src/json/nsJSON.cpp:641
4 	xul.dll 	nsJSON::DecodeInternal 	dom/src/json/nsJSON.cpp:512
5 	xul.dll 	nsJSON::DecodeFromStream 	dom/src/json/nsJSON.cpp:444
6 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
7 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
8 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
9 	xul.dll 	xul.dll@0x12928f 	
10 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:514
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2711
12 	mozjs.dll 	JSScript::makeAnalysis 	js/src/jsinfer.cpp:5546
13 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:469
14 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:529
15 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:561
16 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5432
17 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1518
18 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:617
19 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117
20 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144
21 	xul.dll 	nsComponentManagerImpl::CreateInstance 	xpcom/components/nsComponentManager.cpp:977
22 	xul.dll 	nsComponentManagerImpl::GetService 	xpcom/components/nsComponentManager.cpp:1270
23 	xul.dll 	nsJSCID::GetService 	js/xpconnect/src/XPCJSID.cpp:803
24 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
25 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
26 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
27 	xul.dll 	xul.dll@0x12928f 	
28 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:514
29 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2711
30 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:461
31 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:529
32 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:561
33 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5432
34 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1518
35 	xul.dll 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1911
36 	xul.dll 	nsEventDispatcher::Dispatch 	content/events/src/nsEventDispatcher.cpp:682
37 	xul.dll 	nsEventDispatcher::DispatchDOMEvent 	content/events/src/nsEventDispatcher.cpp:745
38 	xul.dll 	PresShell::HandleDOMEventWithTarget 	layout/base/nsPresShell.cpp:6733
39 	xul.dll 	nsContentUtils::DispatchXULCommand 	content/base/src/nsContentUtils.cpp:5807
40 	xul.dll 	nsButtonBoxFrame::DoMouseClick 	layout/xul/base/src/nsButtonBoxFrame.cpp:177
41 	xul.dll 	nsScrollbarButtonFrame::MouseClicked 	layout/xul/base/src/nsScrollbarButtonFrame.cpp:229
42 	xul.dll 	nsButtonBoxFrame::HandleEvent 	layout/xul/base/src/nsButtonBoxFrame.cpp:134
43 	xul.dll 	nsPresShellEventCB::HandleEvent 	layout/base/nsPresShell.cpp:643
44 	xul.dll 	nsEventTargetChainItem::HandleEventTargetChain 	content/events/src/nsEventDispatcher.cpp:394
45 	xul.dll 	nsEventDispatcher::Dispatch 	content/events/src/nsEventDispatcher.cpp:682
46 	xul.dll 	PresShell::HandleEventInternal 	layout/base/nsPresShell.cpp:6566
47 	xul.dll 	PresShell::HandleEventWithTarget 	layout/base/nsPresShell.cpp:6245
48 	xul.dll 	nsEventStateManager::CheckForAndDispatchClick 	content/events/src/nsEventStateManager.cpp:4283
49 	xul.dll 	nsEventStateManager::PostHandleEvent 	content/events/src/nsEventStateManager.cpp:3177
50 	xul.dll 	PresShell::HandleEventInternal 	layout/base/nsPresShell.cpp:6588
51 	xul.dll 	PresShell::HandlePositionedEvent 	layout/base/nsPresShell.cpp:6230
52 	xul.dll 	PresShell::HandleEvent 	layout/base/nsPresShell.cpp:6060
53 	xul.dll 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:908
54 	xul.dll 	AttachedHandleEvent 	view/src/nsView.cpp:190
55 	xul.dll 	nsWindow::DispatchEvent 	widget/windows/nsWindow.cpp:3518
56 	xul.dll 	nsWindow::DispatchWindowEvent 	widget/windows/nsWindow.cpp:3544
57 	xul.dll 	nsWindow::DispatchMouseEvent 	widget/windows/nsWindow.cpp:3977
58 	xul.dll 	nsWindow::ProcessMessage 	widget/windows/nsWindow.cpp:4883
59 	xul.dll 	nsWindow::WindowProcInternal 	widget/windows/nsWindow.cpp:4379
60 	xul.dll 	CallWindowProcCrashProtected 	xpcom/base/nsCrashOnException.cpp:65
61 	xul.dll 	nsWindow::WindowProc 	widget/windows/nsWindow.cpp:4321
62 	user32.dll 	InternalCallWinProc 	
63 	user32.dll 	UserCallWinProcCheckWow 	
64 	user32.dll 	DispatchMessageWorker 	
65 	user32.dll 	DispatchMessageW 	
66 	xul.dll 	nsAppShell::ProcessNextNativeEvent 	widget/windows/nsAppShell.cpp:336
67 	xul.dll 	nsBaseAppShell::OnProcessNextEvent 	widget/xpwidgets/nsBaseAppShell.cpp:324
68 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:619
69 	xul.dll 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
70 	xul.dll 	nsXULWindow::ShowModal 	xpfe/appshell/src/nsXULWindow.cpp:420
71 	xul.dll 	nsContentTreeOwner::ShowAsModal 	xpfe/appshell/src/nsContentTreeOwner.cpp:564
72 	xul.dll 	nsWindowWatcher::OpenWindowJSInternal 	embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1023
73 	xul.dll 	nsWindowWatcher::OpenWindow 	embedding/components/windowwatcher/src/nsWindowWatcher.cpp:414
74 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
75 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
76 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
77 	xul.dll 	xul.dll@0x12928f 	
78 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:514
79 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2711
80 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:461
81 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:529
82 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:561
83 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5432
84 	xul.dll 	nsXPCWrappedJSClass::CallMethod 	js/xpconnect/src/XPCWrappedJSClass.cpp:1518
85 	xul.dll 	nsXPCWrappedJS::CallMethod 	js/xpconnect/src/XPCWrappedJS.cpp:617
86 	xul.dll 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117
87 	xul.dll 	SharedStub 	xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144
88 	xul.dll 	nsObserverList::NotifyObservers 	xpcom/ds/nsObserverList.cpp:130
89 	xul.dll 	nsObserverService::NotifyObservers 	xpcom/ds/nsObserverService.cpp:182
90 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3661
91 	msvcr100.dll 	msvcr100.dll@0x8b581 	
92 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
93 	msvcr100.dll 	_initterm 	f:\dd\vctools\crt_bld\self_x86\crt\src\crt0dat.c:872
94 	firefox.exe 	__tmainCRTStartup 	crtexe.c:552
95 	firefox.exe 	_SEH_epilog4 	
96 	kernel32.dll 	BaseThreadInitThunk 	
97 	ntdll.dll 	__RtlUserThreadStart 	
98 	ntdll.dll 	WinSqmSetIfMaxDWORD 	
99 	ntdll.dll 	_RtlUserThreadStart 	
100 	firefox.exe 	pre_c_init 	crtexe.c:261
101 	firefox.exe 	pre_c_init 	crtexe.c:261
102 		@0xfffddfff
It's #63 top browser crasher in 12.0, #45 in 13.0b4, and #74 in 14.0a2.

There are three kinds of stack:
Frame 	Module 	Signature 	Source
0 		@0x8f5a6cdb 	
1 	xul.dll 	nsFileInputStream::Read 	netwerk/base/src/nsFileStreams.cpp:367
2 	xul.dll 	nsJSONListener::OnDataAvailable 	dom/src/json/nsJSON.cpp:654
3 	xul.dll 	nsJSON::DecodeInternal 	dom/src/json/nsJSON.cpp:512
4 	xul.dll 	nsJSON::DecodeFromStream 	dom/src/json/nsJSON.cpp:444
5 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
6 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
7 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...

Frame 	Module 	Signature 	Source
0 		@0x2b36cdb 	
1 	xul.dll 	nsFileInputStream::Read 	netwerk/base/src/nsFileStreams.cpp:367
2 	xul.dll 	nsScriptableInputStream::Read 	xpcom/io/nsScriptableInputStream.cpp:81
3 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
4 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
5 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...

Frame 	Module 	Signature 	Source
0 		@0xf4516cdb 	
1 	xul.dll 	nsFileInputStream::Read 	netwerk/base/src/nsFileStreams.cpp:367
2 	xul.dll 	ByteBufferImpl::Fill 	xpcom/ds/nsByteBuffer.cpp:145
3 	xul.dll 	nsConverterInputStream::Fill 	intl/uconv/src/nsConverterInputStream.cpp:211
4 	xul.dll 	nsConverterInputStream::ReadString 	intl/uconv/src/nsConverterInputStream.cpp:172
5 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
6 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2322
7 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...
Crash Signature: [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*)] → [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*) ]
OS: Windows NT → Windows 7
URLs are not of much help here:

28 	about:sessionrestore
20 	about:home
3 	about:blank

In Beta 5 data with a little over a million ADUs this is the #21 top crash.
URLs in Comment 2 are from betas, I can get some more from the other branches if that helps.
Are we still looking at release top crash lists as part of crash-kill? This is also a top crasher (#19) on FF12 now, so very unlikely to be a regression in FF13.

Still needs to be addressed, but it must be an external issue.
Michal - can you come up with some more information about this crash?
Assignee: nobody → michal.novotny
This is yet another windows only crash that ends up in PR_Read or PR_Write. I know about #741179, #656758, #572011, #597260, #721196 but there are probably others. There are lot of different back traces in this bug, but for example the following one is easy to verify:

https://crash-stats.mozilla.com/report/index/36a8855c-fe35-455d-bbf5-dba9b2120606
0 		@0x9b39702b 	
1 	xul.dll 	nsFileInputStream::Read 	netwerk/base/src/nsFileStreams.cpp:367
2 	xul.dll 	nsJSONListener::OnDataAvailable 	dom/src/json/nsJSON.cpp:654
3 	xul.dll 	nsJSON::DecodeInternal 	dom/src/json/nsJSON.cpp:512

There is a char array on the stack in nsJSONListener::OnDataAvailable() that is passed to nsFileInputStream::Read() and then to PR_Read(). From the code it is obvious that we can neither pass a wrong pointer nor an invalid buffer size to PR_Read().

With regard to comment 13 in bug #656758, I tend to believe that all these crashes are caused by some virus. I couldn't find any statistics that would tell me which MBR viruses are most active these days. If we had some most common viruses we could try to reproduce the crash with an infected VM. Could we officially ask some antivirus company for a help with this issue?
in 4 weeks, only one crash [1] newer than version 13 [2].
WFM?

[1] bp-a8a1ffe2-0f20-4c69-932c-82f152130720 fx22
[2] bp-e18b7721-7c8c-4f9a-b6b7-002672130712 fx13.0.1
Summary: Firefox startup crash in nsFileInputStream::Read → Firefox startup crash in nsFileInputStream::Read (virus)
(In reply to Wayne Mery (:wsmwk) from comment #7)
> in 4 weeks, only one crash [1] newer than version 13 [2].
> WFM?
Yes.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.