CrashKill/2009-11-23
From MozillaWiki
Agenda
Misc
- list of new crashes in b3 need to review this list to filter out signatures that have just moved around, v. actual new crashes. -chofmann
- list of new crashes in b3 (not in 3.5.5)
Breakpad & Socorro
- SkipList bugs fixed or in progress
- For new bugs: Please add SkipList to summary
- 1.2 release slipped to 12/3
- A new ADU stat proposed any thoughts on the privacy implications?
- Any Questions or suggestions for us?
Breakpad & Socorro
3.5.5 Bugs
| Rank | Stacks | Bug | Owner | Status |
| 1 | (signature unavailable) | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there | ||
| 2 | UserCallWinProcCheckWow | bug 501429 | jst | possibly fixed by never unloading plug-ins (bug 500925), fix landed for 1.9.1.6; almost might need to be on the skip list |
| 3 | 3RD PARTY _woutput_l | bug 511756 | dolske | likely TrendMicro toolbar, need to blocklist? |
| 4 | 3RD PARTY nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) | bug 492675 | dbaron | possible fix landed for 1.9.1.6 but didn't work; looked at WOT code, not their fault, need to investigate more |
| 5 | 3RD PARTY nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) | bug 527339 | dbaron | correlated highly with bit defender; needs a new owner; will determine which version of bit defender |
| 6 | BLOCKLIST _PR_MD_SEND | bug 467167 | sicking, jimm | spin off: malware module detection, bug 523350 |
| 7 | 3RD PARTY Flash Player@0x92160 | bug 520058 | josh | Flash; latest version too |
| 8 | DEBUG GraphWalker::DoWalk(nsDeque&) nsCycleCollector::MarkRoots(GCGraphBuilder&) |
bug 500105 | dbaron, peterv | landed debugging code for b2; investigated, but back to the drawing board |
| 9 | 3RD PARTY RtlpWaitForCriticalSection | bug 511757 | jst | Flash-related |
| 10 | 3RD PARTY NPSWF32.dll@0xca950 | Flash! | ||
| 11 | 3RD PARTY NPSWF32.dll@0x17ba9f | Flash! | ||
| 12 | nsScriptLoader::StartLoad(nsScriptLoadRequest*, nsAString_internal const&) | bug 519886 | jst, mrbkap | unable to reproduce, but likely wallpaper fix in the bug, landed for 1.9.1.6. Correlated with Skype toolbar and hotmail? We'll see in 1.9.1.6. |
| 13 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 519340 | dolske | AVG released an updated version; will plan to blocklist old versions (with their approval) on Friday |
| 14 | js_Interpret | bug 519363 | dmandelin | most popular subcrash fixed on trunk and 1.9.2; jorendorff is backporting a stack of 5 patches to 1.9.1. |
| 15 | FIXED nsWindow::GetParentWindow(int) | bug 470487 | jst, jimm | fix landed for 1.9.1.6 |
| 16 | RtlpWaitOnCriticalSection | bug 511759, bug 527540 | jst | probably multiple bugs; bug 514505 to split signatures should be fixed by Nov 24; possible DLL blocklist nominee! |
| 16 | DEBUG nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 437449 | dbaron, peterv | same as GraphWalker::DoWalk(nsDeque&) |
| 17 | objc_msgSend | IdleTimerVector | bug 509130 | smichaud | caused by webkit (bug filed with Webkit and Radar issue on file); workaround landed for 1.9.2b3 |
| 18 | arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena | bug 519356 | ctalbert | seems related to compatibility mode; need to grab a minidump to investigate |
| 19 | nsXPConnect::Traverse(void*, nsCycleCollectionTraversalCallback&) | bug 500103 | Tomcat | |
| 20 | arena_chunk_init | bug 515211 | dmandelin | fixed on trunk and 1.9.2; waiting for approval for landing to 1.9.1. |
| 21 | BLOCKLIST NPFFAddOn.dll@0x11867 | bug 519343 | tomcat | was able to find this malware and with the help from marcia to extract this dll. AV Vendors are informed and a first one has found a new virus in this :) - Tomcat |
| 22 | 3RD PARTY GoogleDesktopMozilla.dll@0x5512 | bug 401513 | ||
| 23 | js_TraceObject | bug 503772 | Tomcat | taking and investigating |
| 24 | PL_DHashTableOperate | free | nsEventListenerManager::AddEventListenerByType(nsIDOMEventListener*, nsAString_internal const&, int, nsIDOMEventGroup*) | bug 516113 | ? | |
| 25 | RtlpWaitForCriticalSection | RtlEnterCriticalSection | |||
| 32 | HostentBlob_WriteNameOrAlias | bug 508292 | dolske | Windows DNS resolver library crash on Turkish domains. In contact with Microsoft. |
| 44 | FIXED nsXULDocument::ResumeWalk() | bug 519767 | tomcat | fixed in 3.5.6 |
| 47 | objc_msgSend | CanonIJPDE@0x1531e | bug 519451 | tomcat | printer driver issue; seems fixed by new driver; need to test if new cocoa printing dialogs help this -> Josh think this will fix it, if not there is probably nothing we can do (Tomcat) |
| 51 | RaiseException | _CxxThrowException | bug 511758 | (was #24) | |
| 57 | nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) | bug 519752 | tomcat | not reproducible so far |
| 58 | 3RD PARTY {{{1}}}DTToolbarFF.dll@0x4bc19 | bug 512040 | tomcat | trying to repro, but still not crashing |
| 63 | nsBaseWidget::Destroy() | bug 507928 | jst, jimm | Mac-version fixed in 1.9.1.4; now Windows-only |
| 71 | GoogleDesktopNetwork3.dll@0x3dfb | bug 519344 | tomcat | Google has pushed a update - need to check the crash stats next week if the crashnumber has dropped |
| 74 | RtlAllocateHeap | bug 519340 | was in top 25; moved down | |
| 77 | BLOCKLIST {{{1}}} radhslib.dll@0x3b6f | bug 519348 | tomcat | need to blocklist |
| 121 | FIXED nsHttpsHandler::GetProtocolFlags(unsigned int*) | bug 519729 | dolske | correlated with ComputerBild magazine; johnath contacted; out of top 100 now; crashes in the last week |
| xx | NPSWF32.dll@0x77bd0 | bug 516780 | jst | Farmtown flash; need to know when Adobe will ship a fix; no longer in top 100 (crashes in the last week) |
| xx | std::basic_string<unsigned short, std::char_traits<unsigned short>, std::allocator<unsigned short> >::assign(unsigned short const*) | bug 514592 | dolske | Divx associated crash, in contact with DivX folks |
3.6b3 Bugs
| Rank | Stacks | Bug | Owner | Status |
| 1 | FIXED xul.dll@0x42b6ff | bug 529041 | fixed for final | |
| 2 | 3RD PARTY NPSWF32.dll@0x136a29 | bug 530989 | ||
| 3 | FIXED nsAccessibilityService::GetAccessible(nsIDOMNode*, nsIPresShell*, nsIWeakReference*, nsIFrame**, int*, nsIAccessible**) | bug 525579 | fixed for final | |
| 4 | FIXED AffixMgr::suffix_check(char const*, int, int, AffEntry*, char**, int, int*, unsigned short, unsigned short, char) | bug 525581 | dbaron | |
| 5 | FIXED npjava13.dll@0x1674 | bug 527543 | josh | fixed for final |
| 6 | UserCallWinProcCheckWow | bug 501429 | jst | |
| 7 | 3RD PARTY Flash Player-10.6+@0x481904 | |||
| 8 | FIXED nsJSContext::InitContext(nsIScriptGlobalObject*) | bug 525575 | jst | fixed for final |
| 9 | (signature unavailable) | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there | ||
| 10 | FIXED NPJava13.dll@0x12e7 | bug 527543 | josh | fixed for final |
| 11 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 519340 | dolske | |
| 12 | 3RD PARTY Flash Player-10.6+@0x4818fb | |||
| 13 | FIXED nsXULTreeAccessible::GetTreeItemAccessible(int, nsIAccessible**) | bug 528311 | surkov | fixed for final |
| 14 | FIXED nsPresContext::MediaFeatureValuesChanged(int) | bug 528832 | dbaron | fixed for final |
| 15 | BLOCKLIST NPFFAddOn.dll@0x11867 | bug 519343 | tomcat | AV vendors know; need to DLL-block this one |
| 16 | BLOCKLIST _PR_MD_SEND | bug 467167 | sicking, jimm | spin off: malware module detection, bug 523350 |
| 17 | nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | bug 530567, bug 527567 | ||
| 18 | 3RD PARTY NPSWF32.dll@0xca950 | |||
| 19 | 3RD PARTY BLOCKLIST ntdll.dll@0x38c39 | bug 527540 | ||
| 20 | nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 500105 | peterv, dbaron | landed debugging code for b2; investigated, but back to the drawing board |
| 21 | RtlDeleteCriticalSection | |||
| 22 | RtlEnterCriticalSection | |||
| 23 | FIXED npjava11.dll@0x1674 | bug 527543 | josh | fixed for final |
| 24 | js_Interpret | |||
| 25 | FIXED nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) | bug 519719 | jorendorff | fixed in final |
