cross_fuzz_v3 crash NULL_CLASS_PTR_DEREFERENCE_c0000005_xul.dll!WrapNativeParent

RESOLVED WORKSFORME

Status

()

Core
DOM
--
critical
RESOLVED WORKSFORME
6 years ago
3 years ago

People

(Reporter: geeknik, Unassigned)

Tracking

({crash})

Trunk
x86_64
Windows 7
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 667657 [details]
windbg log file

While running file:///d:/fuzzer/FF/cross_fuzz_randomized_20110105_seed.html#13371337, the 10/3 build of Firefox Nightly x64 (Built from http://hg.mozilla.org/mozilla-central/rev/635fcc11d2b1) crashed, no crash reporter popup appeared, so I don't have that, however I do have a windbg log file, attached to this report.


FAULTING_IP: 
xul!WrapNativeParent+6 [e:\builds\moz2_slave\m-cen-w64-ntly\build\dom\base\nsdomclassinfo.cpp @ 2067]
000007fe`e7a7bada 498b5908        mov     rbx,qword ptr [r9+8]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 000007fee7a7bada (xul!WrapNativeParent+0x0000000000000006)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000008
Attempt to read from address 0000000000000008

FAULTING_THREAD:  0000000000002074

PROCESS_NAME:  firefox.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000008

READ_ADDRESS:  0000000000000008 

FOLLOWUP_IP: 
xul!WrapNativeParent+6 [e:\builds\moz2_slave\m-cen-w64-ntly\build\dom\base\nsdomclassinfo.cpp @ 2067]
000007fe`e7a7bada 498b5908        mov     rbx,qword ptr [r9+8]

NTGLOBALFLAG:  70

APPLICATION_VERIFIER_FLAGS:  0

BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from 000007fee7a8eda4 to 000007fee7a7bada

STACK_TEXT:  
00000000`003bc650 000007fe`e7a8eda4 : 00000000`00000000 000007fe`00000001 00000000`00000002 00000000`ffffffff : xul!WrapNativeParent+0x6 [e:\builds\moz2_slave\m-cen-w64-ntly\build\dom\base\nsdomclassinfo.cpp @ 2067]
00000000`003bc6a0 000007fe`e7d92bd3 : 00000000`119cf060 00000000`06dab0f0 00000000`06dab0f0 00000000`3489fd30 : xul!nsDOMStringMapSH::PreCreate+0x44 [e:\builds\moz2_slave\m-cen-w64-ntly\build\dom\base\nsdomclassinfo.cpp @ 8596]
00000000`003bc6e0 000007fe`e831990c : 00000000`1aed0800 00000000`119cf060 00000000`003bc8b8 00000000`003bc8f0 : xul!xpc::WrapperFactory::PrepareForWrapping+0x187 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\xpconnect\wrappers\wrapperfactory.cpp @ 186]
00000000`003bc830 000007fe`e8319bbd : 00000000`003bc960 00000000`00000000 00007fff`ffffffff 00000000`3489fd30 : xul!JSCompartment::wrap+0x19c [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jscompartment.cpp @ 248]
00000000`003bc8b0 000007fe`e8203faa : 00000000`06dab0f0 000003ff`744e5574 fffb8000`3489fd30 fffb8000`119544c0 : xul!JSCompartment::wrap+0x2d [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jscompartment.cpp @ 341]
00000000`003bc8e0 000007fe`e820449b : 00000000`3489fd30 fffb8000`119544c0 fffb8000`33e98d90 00000000`122aeb58 : xul!js::RemapWrapper+0x11a [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jswrapper.cpp @ 1166]
00000000`003bc960 000007fe`e7b7983b : 00000000`16ed2900 00000000`00000000 00000000`16ed2900 00000000`16ed2908 : xul!js::RecomputeWrappers+0x1db [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jswrapper.cpp @ 1250]
00000000`003bca60 000007fe`e79cc99f : 000007fe`e86cfb50 00000000`003bcd01 00000000`003bcba0 00000000`00000000 : xul!nsPrincipal::SetDomain+0x97 [e:\builds\moz2_slave\m-cen-w64-ntly\build\caps\src\nsprincipal.cpp @ 999]
00000000`003bcaa0 000007fe`e7d291d1 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`1df36000 : xul!nsHTMLDocument::SetDomain+0x3ef [e:\builds\moz2_slave\m-cen-w64-ntly\build\content\html\document\src\nshtmldocument.cpp @ 1012]
00000000`003bcd10 000007fe`e8249d94 : 00000000`178f6990 00000000`003bcfa0 00000000`003bcdf0 00000000`00000041 : xul!nsIDOMHTMLDocument_SetDomain+0x215 [e:\builds\moz2_slave\m-cen-w64-ntly\build\obj-firefox\js\xpconnect\src\dom_quickstubs.cpp @ 13777]
00000000`003bcdc0 000007fe`e8251e49 : 00000000`178f6990 00000000`178f6990 00000000`003bcfa0 00000000`00000000 : xul!js::Shape::set+0x134 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsscopeinlines.h @ 332]
00000000`003bce10 000007fe`e81f7a2a : 00000000`178f6990 00000000`003bcfa0 00000000`003bcf88 00000000`003bcf80 : xul!js::baseops::SetPropertyHelper+0x3c9 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsobj.cpp @ 4605]
00000000`003bcf20 000007fe`e82023d8 : 00000000`178f6990 00000000`00000001 00000000`0a9cf920 00000000`40aee730 : xul!js::DirectProxyHandler::set+0xca [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsproxy.cpp @ 601]
00000000`003bcf70 000007fe`e81f9510 : 00000000`003bd059 00000000`0a9cf920 00000000`40aee730 00000000`06d22000 : xul!js::CrossCompartmentWrapper::set+0x158 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jswrapper.cpp @ 607]
00000000`003bcfe0 000007fe`e81f9bd0 : 00000000`00000001 00000000`003bd720 00000000`003bd170 00000000`003bd180 : xul!js::Proxy::set+0x1c0 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsproxy.cpp @ 2427]
00000000`003bd0b0 000007fe`e824a69a : 00000000`29581a45 000007fe`e8373a8e 00000000`08870558 00000000`00000000 : xul!proxy_SetGeneric+0x20 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsproxy.cpp @ 2686]
00000000`003bd0f0 000007fe`e8323c5c : 00000000`08870558 00000000`003bd170 00000000`003bd180 00000000`003bd178 : xul!JSObject::nonNativeSetProperty+0x8a [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsobj.cpp @ 2512]
00000000`003bd130 000007fe`e832b318 : 00000000`454d3080 00000000`00000036 00000000`29581a45 00000000`088705c0 : xul!js::SetPropertyOperation+0x27c [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsinterpinlines.h @ 358]
00000000`003bd1b0 000007fe`e8322be7 : 00000000`003be001 00000000`178f6990 00000000`08870470 00000000`08870548 : xul!js::Interpret+0x4048 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsinterp.cpp @ 2371]
00000000`003bde60 000007fe`e8325e99 : 00000000`178f6990 00000000`003bdfd8 00000000`08870470 00000000`178f6990 : xul!js::RunScript+0x167 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsinterp.cpp @ 324]
00000000`003bdeb0 000007fe`e831734d : fffb8000`27942080 00000000`003bdfd8 00000000`08870470 00000000`003bdfd8 : xul!js::ExecuteKernel+0x129 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\jsinterp.cpp @ 513]
00000000`003bdf40 000007fe`e8317543 : 00000000`08870470 00000000`003be0c0 00000000`00000004 ffff8000`00000001 : xul!EvalKernel+0x4fd [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\builtin\eval.cpp @ 283]
00000000`003be060 000007fe`e8440b96 : 00000000`003be110 00000000`66fdd193 00000000`00000000 ffff8000`00000000 : xul!js::DirectEval+0xd3 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\builtin\eval.cpp @ 333]
00000000`003be0a0 00000000`084921cd : fffb8000`27940980 40180000`00000000 00007fff`ffffffff 00000000`0a900bc0 : xul!js::mjit::stubs::Eval+0x126 [e:\builds\moz2_slave\m-cen-w64-ntly\build\js\src\methodjit\invokehelpers.cpp @ 433]
00000000`003be0f0 fffb8000`27940980 : 40180000`00000000 00007fff`ffffffff 00000000`0a900bc0 00000000`08498ea1 : 0x84921cd
00000000`003be0f8 40180000`00000000 : 00007fff`ffffffff 00000000`0a900bc0 00000000`08498ea1 00000000`178f6990 : 0xfffb8000`27940980
00000000`003be100 00007fff`ffffffff : 00000000`0a900bc0 00000000`08498ea1 00000000`178f6990 00000000`00000000 : 0x40180000`00000000
00000000`003be108 00000000`0a900bc0 : 00000000`08498ea1 00000000`178f6990 00000000`00000000 00000000`00000000 : 0x7fff`ffffffff
00000000`003be110 00000000`08498ea1 : 00000000`178f6990 00000000`00000000 00000000`00000000 00000000`08870538 : 0xa900bc0
00000000`003be118 00000000`178f6990 : 00000000`00000000 00000000`00000000 00000000`08870538 00000000`174f4d24 : 0x8498ea1
00000000`003be120 00000000`00000000 : 00000000`00000000 00000000`08870538 00000000`174f4d24 00000000`00000000 : 0x178f6990


FAULTING_SOURCE_CODE:  
No source found for 'e:\builds\moz2_slave\m-cen-w64-ntly\build\dom\base\nsdomclassinfo.cpp'


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  xul!WrapNativeParent+6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: xul

IMAGE_NAME:  xul.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  506c171f

STACK_COMMAND:  ~0s ; kb

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_xul.dll!WrapNativeParent

BUCKET_ID:  X64_APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_READ_xul!WrapNativeParent+6

Updated

6 years ago
Component: General → DOM
Product: Firefox → Core

Updated

6 years ago
Severity: normal → critical
Keywords: crash
(Reporter)

Comment 1

3 years ago
Closing this bug because nobody cared about it 3 years ago and nobody cares about it now. After this much time it probably isn't even relevant anymore. Hopefully my more recent crash bugs will get some attention.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.