Closed
Bug 752266
Opened 13 years ago
Closed 12 years ago
Firefox startup crash in nsFileInputStream::Read (virus)
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Assigned: michal)
Details
(Keywords: crash, Whiteboard: [startupcrash])
Crash Data
This bug was filed from the Socorro interface and is
report bp-d7d5b176-a9eb-451f-9621-5186a2120505 .
=============================================================
Seen while looking through FF 13 B2 crashes. This crash has been around since much earlier releases, but has increased in volume since Firefox 11 - https://crash-stats.mozilla.com/report/list?signature=nsFileInputStream::Read%28char*,%20unsigned%20int,%20unsigned%20int*%29.
I will try to hunt down some manual correlations between the various versions. Haven't found anything useful yet in the comments.
Frame Module Signature Source
0 @0x8f51d478
1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367
2 xul.dll NS_ConsumeStream xpcom/io/nsStreamUtils.cpp:666
3 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:641
4 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512
5 xul.dll nsJSON::DecodeFromStream dom/src/json/nsJSON.cpp:444
6 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
7 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
8 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
9 xul.dll xul.dll@0x12928f
10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514
11 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711
12 mozjs.dll JSScript::makeAnalysis js/src/jsinfer.cpp:5546
13 mozjs.dll js::RunScript js/src/jsinterp.cpp:469
14 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529
15 mozjs.dll js::Invoke js/src/jsinterp.cpp:561
16 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432
17 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518
18 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617
19 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117
20 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144
21 xul.dll nsComponentManagerImpl::CreateInstance xpcom/components/nsComponentManager.cpp:977
22 xul.dll nsComponentManagerImpl::GetService xpcom/components/nsComponentManager.cpp:1270
23 xul.dll nsJSCID::GetService js/xpconnect/src/XPCJSID.cpp:803
24 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
25 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
26 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
27 xul.dll xul.dll@0x12928f
28 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514
29 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711
30 mozjs.dll js::RunScript js/src/jsinterp.cpp:461
31 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529
32 mozjs.dll js::Invoke js/src/jsinterp.cpp:561
33 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432
34 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518
35 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1911
36 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:682
37 xul.dll nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:745
38 xul.dll PresShell::HandleDOMEventWithTarget layout/base/nsPresShell.cpp:6733
39 xul.dll nsContentUtils::DispatchXULCommand content/base/src/nsContentUtils.cpp:5807
40 xul.dll nsButtonBoxFrame::DoMouseClick layout/xul/base/src/nsButtonBoxFrame.cpp:177
41 xul.dll nsScrollbarButtonFrame::MouseClicked layout/xul/base/src/nsScrollbarButtonFrame.cpp:229
42 xul.dll nsButtonBoxFrame::HandleEvent layout/xul/base/src/nsButtonBoxFrame.cpp:134
43 xul.dll nsPresShellEventCB::HandleEvent layout/base/nsPresShell.cpp:643
44 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:394
45 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:682
46 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6566
47 xul.dll PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6245
48 xul.dll nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:4283
49 xul.dll nsEventStateManager::PostHandleEvent content/events/src/nsEventStateManager.cpp:3177
50 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6588
51 xul.dll PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6230
52 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:6060
53 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:908
54 xul.dll AttachedHandleEvent view/src/nsView.cpp:190
55 xul.dll nsWindow::DispatchEvent widget/windows/nsWindow.cpp:3518
56 xul.dll nsWindow::DispatchWindowEvent widget/windows/nsWindow.cpp:3544
57 xul.dll nsWindow::DispatchMouseEvent widget/windows/nsWindow.cpp:3977
58 xul.dll nsWindow::ProcessMessage widget/windows/nsWindow.cpp:4883
59 xul.dll nsWindow::WindowProcInternal widget/windows/nsWindow.cpp:4379
60 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp:65
61 xul.dll nsWindow::WindowProc widget/windows/nsWindow.cpp:4321
62 user32.dll InternalCallWinProc
63 user32.dll UserCallWinProcCheckWow
64 user32.dll DispatchMessageWorker
65 user32.dll DispatchMessageW
66 xul.dll nsAppShell::ProcessNextNativeEvent widget/windows/nsAppShell.cpp:336
67 xul.dll nsBaseAppShell::OnProcessNextEvent widget/xpwidgets/nsBaseAppShell.cpp:324
68 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:619
69 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245
70 xul.dll nsXULWindow::ShowModal xpfe/appshell/src/nsXULWindow.cpp:420
71 xul.dll nsContentTreeOwner::ShowAsModal xpfe/appshell/src/nsContentTreeOwner.cpp:564
72 xul.dll nsWindowWatcher::OpenWindowJSInternal embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1023
73 xul.dll nsWindowWatcher::OpenWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:414
74 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
75 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
76 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
77 xul.dll xul.dll@0x12928f
78 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514
79 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711
80 mozjs.dll js::RunScript js/src/jsinterp.cpp:461
81 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529
82 mozjs.dll js::Invoke js/src/jsinterp.cpp:561
83 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432
84 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518
85 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617
86 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117
87 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144
88 xul.dll nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:130
89 xul.dll nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:182
90 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3661
91 msvcr100.dll msvcr100.dll@0x8b581
92 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107
93 msvcr100.dll _initterm f:\dd\vctools\crt_bld\self_x86\crt\src\crt0dat.c:872
94 firefox.exe __tmainCRTStartup crtexe.c:552
95 firefox.exe _SEH_epilog4
96 kernel32.dll BaseThreadInitThunk
97 ntdll.dll __RtlUserThreadStart
98 ntdll.dll WinSqmSetIfMaxDWORD
99 ntdll.dll _RtlUserThreadStart
100 firefox.exe pre_c_init crtexe.c:261
101 firefox.exe pre_c_init crtexe.c:261
102 @0xfffddfff
|
||
Comment 1•13 years ago
|
||
It's #63 top browser crasher in 12.0, #45 in 13.0b4, and #74 in 14.0a2.
There are three kinds of stack:
Frame Module Signature Source
0 @0x8f5a6cdb
1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367
2 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:654
3 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512
4 xul.dll nsJSON::DecodeFromStream dom/src/json/nsJSON.cpp:444
5 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
6 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
7 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...
Frame Module Signature Source
0 @0x2b36cdb
1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367
2 xul.dll nsScriptableInputStream::Read xpcom/io/nsScriptableInputStream.cpp:81
3 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
4 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
5 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...
Frame Module Signature Source
0 @0xf4516cdb
1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367
2 xul.dll ByteBufferImpl::Fill xpcom/ds/nsByteBuffer.cpp:145
3 xul.dll nsConverterInputStream::Fill intl/uconv/src/nsConverterInputStream.cpp:211
4 xul.dll nsConverterInputStream::ReadString intl/uconv/src/nsConverterInputStream.cpp:172
5 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
6 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322
7 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539
...
Crash Signature: [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*)] → [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*) ]
OS: Windows NT → Windows 7
|
Reporter | |
Comment 2•13 years ago
|
||
URLs are not of much help here:
28 about:sessionrestore
20 about:home
3 about:blank
In Beta 5 data with a little over a million ADUs this is the #21 top crash.
|
|
||
Updated•13 years ago
|
tracking-firefox13:
--- → +
|
|
Reporter | |
Comment 3•13 years ago
|
||
URLs in Comment 2 are from betas, I can get some more from the other branches if that helps.
|
|
||
Comment 4•13 years ago
|
||
Are we still looking at release top crash lists as part of crash-kill? This is also a top crasher (#19) on FF12 now, so very unlikely to be a regression in FF13.
Still needs to be addressed, but it must be an external issue.
status-firefox12:
--- → affected
status-firefox13:
--- → affected
Michal - can you come up with some more information about this crash?
Assignee: nobody → michal.novotny
|
Assignee | |
Comment 6•13 years ago
|
||
This is yet another windows only crash that ends up in PR_Read or PR_Write. I know about #741179, #656758, #572011, #597260, #721196 but there are probably others. There are lot of different back traces in this bug, but for example the following one is easy to verify:
https://crash-stats.mozilla.com/report/index/36a8855c-fe35-455d-bbf5-dba9b2120606
0 @0x9b39702b
1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367
2 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:654
3 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512
There is a char array on the stack in nsJSONListener::OnDataAvailable() that is passed to nsFileInputStream::Read() and then to PR_Read(). From the code it is obvious that we can neither pass a wrong pointer nor an invalid buffer size to PR_Read().
With regard to comment 13 in bug #656758, I tend to believe that all these crashes are caused by some virus. I couldn't find any statistics that would tell me which MBR viruses are most active these days. If we had some most common viruses we could try to reproduce the crash with an infected VM. Could we officially ask some antivirus company for a help with this issue?
|
||
Comment 7•12 years ago
|
||
in 4 weeks, only one crash [1] newer than version 13 [2].
WFM?
[1] bp-a8a1ffe2-0f20-4c69-932c-82f152130720 fx22
[2] bp-e18b7721-7c8c-4f9a-b6b7-002672130712 fx13.0.1
Summary: Firefox startup crash in nsFileInputStream::Read → Firefox startup crash in nsFileInputStream::Read (virus)
|
|
||
Comment 8•12 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #7)
> in 4 weeks, only one crash [1] newer than version 13 [2].
> WFM?
Yes.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•