Closed
Bug 752266
Opened 11 years ago
Closed 10 years ago
Firefox startup crash in nsFileInputStream::Read (virus)
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Assigned: michal)
Details
(Keywords: crash, Whiteboard: [startupcrash])
Crash Data
This bug was filed from the Socorro interface and is report bp-d7d5b176-a9eb-451f-9621-5186a2120505 . ============================================================= Seen while looking through FF 13 B2 crashes. This crash has been around since much earlier releases, but has increased in volume since Firefox 11 - https://crash-stats.mozilla.com/report/list?signature=nsFileInputStream::Read%28char*,%20unsigned%20int,%20unsigned%20int*%29. I will try to hunt down some manual correlations between the various versions. Haven't found anything useful yet in the comments. Frame Module Signature Source 0 @0x8f51d478 1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367 2 xul.dll NS_ConsumeStream xpcom/io/nsStreamUtils.cpp:666 3 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:641 4 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512 5 xul.dll nsJSON::DecodeFromStream dom/src/json/nsJSON.cpp:444 6 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 7 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 8 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 9 xul.dll xul.dll@0x12928f 10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514 11 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711 12 mozjs.dll JSScript::makeAnalysis js/src/jsinfer.cpp:5546 13 mozjs.dll js::RunScript js/src/jsinterp.cpp:469 14 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529 15 mozjs.dll js::Invoke js/src/jsinterp.cpp:561 16 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432 17 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518 18 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617 19 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117 20 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144 21 xul.dll nsComponentManagerImpl::CreateInstance xpcom/components/nsComponentManager.cpp:977 22 xul.dll nsComponentManagerImpl::GetService xpcom/components/nsComponentManager.cpp:1270 23 xul.dll nsJSCID::GetService js/xpconnect/src/XPCJSID.cpp:803 24 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 25 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 26 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 27 xul.dll xul.dll@0x12928f 28 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514 29 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711 30 mozjs.dll js::RunScript js/src/jsinterp.cpp:461 31 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529 32 mozjs.dll js::Invoke js/src/jsinterp.cpp:561 33 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432 34 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518 35 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1911 36 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:682 37 xul.dll nsEventDispatcher::DispatchDOMEvent content/events/src/nsEventDispatcher.cpp:745 38 xul.dll PresShell::HandleDOMEventWithTarget layout/base/nsPresShell.cpp:6733 39 xul.dll nsContentUtils::DispatchXULCommand content/base/src/nsContentUtils.cpp:5807 40 xul.dll nsButtonBoxFrame::DoMouseClick layout/xul/base/src/nsButtonBoxFrame.cpp:177 41 xul.dll nsScrollbarButtonFrame::MouseClicked layout/xul/base/src/nsScrollbarButtonFrame.cpp:229 42 xul.dll nsButtonBoxFrame::HandleEvent layout/xul/base/src/nsButtonBoxFrame.cpp:134 43 xul.dll nsPresShellEventCB::HandleEvent layout/base/nsPresShell.cpp:643 44 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:394 45 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:682 46 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6566 47 xul.dll PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6245 48 xul.dll nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:4283 49 xul.dll nsEventStateManager::PostHandleEvent content/events/src/nsEventStateManager.cpp:3177 50 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6588 51 xul.dll PresShell::HandlePositionedEvent layout/base/nsPresShell.cpp:6230 52 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:6060 53 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:908 54 xul.dll AttachedHandleEvent view/src/nsView.cpp:190 55 xul.dll nsWindow::DispatchEvent widget/windows/nsWindow.cpp:3518 56 xul.dll nsWindow::DispatchWindowEvent widget/windows/nsWindow.cpp:3544 57 xul.dll nsWindow::DispatchMouseEvent widget/windows/nsWindow.cpp:3977 58 xul.dll nsWindow::ProcessMessage widget/windows/nsWindow.cpp:4883 59 xul.dll nsWindow::WindowProcInternal widget/windows/nsWindow.cpp:4379 60 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp:65 61 xul.dll nsWindow::WindowProc widget/windows/nsWindow.cpp:4321 62 user32.dll InternalCallWinProc 63 user32.dll UserCallWinProcCheckWow 64 user32.dll DispatchMessageWorker 65 user32.dll DispatchMessageW 66 xul.dll nsAppShell::ProcessNextNativeEvent widget/windows/nsAppShell.cpp:336 67 xul.dll nsBaseAppShell::OnProcessNextEvent widget/xpwidgets/nsBaseAppShell.cpp:324 68 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:619 69 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 70 xul.dll nsXULWindow::ShowModal xpfe/appshell/src/nsXULWindow.cpp:420 71 xul.dll nsContentTreeOwner::ShowAsModal xpfe/appshell/src/nsContentTreeOwner.cpp:564 72 xul.dll nsWindowWatcher::OpenWindowJSInternal embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1023 73 xul.dll nsWindowWatcher::OpenWindow embedding/components/windowwatcher/src/nsWindowWatcher.cpp:414 74 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 75 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 76 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 77 xul.dll xul.dll@0x12928f 78 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:514 79 mozjs.dll js::Interpret js/src/jsinterp.cpp:2711 80 mozjs.dll js::RunScript js/src/jsinterp.cpp:461 81 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:529 82 mozjs.dll js::Invoke js/src/jsinterp.cpp:561 83 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5432 84 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1518 85 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617 86 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117 87 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144 88 xul.dll nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:130 89 xul.dll nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:182 90 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3661 91 msvcr100.dll msvcr100.dll@0x8b581 92 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107 93 msvcr100.dll _initterm f:\dd\vctools\crt_bld\self_x86\crt\src\crt0dat.c:872 94 firefox.exe __tmainCRTStartup crtexe.c:552 95 firefox.exe _SEH_epilog4 96 kernel32.dll BaseThreadInitThunk 97 ntdll.dll __RtlUserThreadStart 98 ntdll.dll WinSqmSetIfMaxDWORD 99 ntdll.dll _RtlUserThreadStart 100 firefox.exe pre_c_init crtexe.c:261 101 firefox.exe pre_c_init crtexe.c:261 102 @0xfffddfff
|
||
Comment 1•11 years ago
|
||
It's #63 top browser crasher in 12.0, #45 in 13.0b4, and #74 in 14.0a2. There are three kinds of stack: Frame Module Signature Source 0 @0x8f5a6cdb 1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367 2 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:654 3 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512 4 xul.dll nsJSON::DecodeFromStream dom/src/json/nsJSON.cpp:444 5 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 6 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 7 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 ... Frame Module Signature Source 0 @0x2b36cdb 1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367 2 xul.dll nsScriptableInputStream::Read xpcom/io/nsScriptableInputStream.cpp:81 3 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 4 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 5 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 ... Frame Module Signature Source 0 @0xf4516cdb 1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367 2 xul.dll ByteBufferImpl::Fill xpcom/ds/nsByteBuffer.cpp:145 3 xul.dll nsConverterInputStream::Fill intl/uconv/src/nsConverterInputStream.cpp:211 4 xul.dll nsConverterInputStream::ReadString intl/uconv/src/nsConverterInputStream.cpp:172 5 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 6 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2322 7 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1539 ...
Crash Signature: [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*)] → [@ nsFileInputStream::Read(char*, unsigned int, unsigned int*) ]
OS: Windows NT → Windows 7
|
Reporter | |
Comment 2•11 years ago
|
||
URLs are not of much help here: 28 about:sessionrestore 20 about:home 3 about:blank In Beta 5 data with a little over a million ADUs this is the #21 top crash.
|
||
Updated•11 years ago
|
tracking-firefox13:
--- → +
|
|
Reporter | |
Comment 3•11 years ago
|
||
URLs in Comment 2 are from betas, I can get some more from the other branches if that helps.
|
|
||
Comment 4•11 years ago
|
||
Are we still looking at release top crash lists as part of crash-kill? This is also a top crasher (#19) on FF12 now, so very unlikely to be a regression in FF13. Still needs to be addressed, but it must be an external issue.
status-firefox12:
--- → affected
status-firefox13:
--- → affected
Michal - can you come up with some more information about this crash?
Assignee: nobody → michal.novotny
|
Assignee | |
Comment 6•11 years ago
|
||
This is yet another windows only crash that ends up in PR_Read or PR_Write. I know about #741179, #656758, #572011, #597260, #721196 but there are probably others. There are lot of different back traces in this bug, but for example the following one is easy to verify: https://crash-stats.mozilla.com/report/index/36a8855c-fe35-455d-bbf5-dba9b2120606 0 @0x9b39702b 1 xul.dll nsFileInputStream::Read netwerk/base/src/nsFileStreams.cpp:367 2 xul.dll nsJSONListener::OnDataAvailable dom/src/json/nsJSON.cpp:654 3 xul.dll nsJSON::DecodeInternal dom/src/json/nsJSON.cpp:512 There is a char array on the stack in nsJSONListener::OnDataAvailable() that is passed to nsFileInputStream::Read() and then to PR_Read(). From the code it is obvious that we can neither pass a wrong pointer nor an invalid buffer size to PR_Read(). With regard to comment 13 in bug #656758, I tend to believe that all these crashes are caused by some virus. I couldn't find any statistics that would tell me which MBR viruses are most active these days. If we had some most common viruses we could try to reproduce the crash with an infected VM. Could we officially ask some antivirus company for a help with this issue?
|
||
Comment 7•10 years ago
|
||
in 4 weeks, only one crash [1] newer than version 13 [2]. WFM? [1] bp-a8a1ffe2-0f20-4c69-932c-82f152130720 fx22 [2] bp-e18b7721-7c8c-4f9a-b6b7-002672130712 fx13.0.1
Summary: Firefox startup crash in nsFileInputStream::Read → Firefox startup crash in nsFileInputStream::Read (virus)
|
|
||
Comment 8•10 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #7) > in 4 weeks, only one crash [1] newer than version 13 [2]. > WFM? Yes.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•