MozillaZine

Help: Firefox 3.6 crashes in xul.dll when compiled with -GL

Discussion of third-party/unofficial Firefox/Thunderbird/SeaMonkey builds.
Sephirot

User avatar
 
Posts: 247
Joined: June 15th, 2004, 7:56 am

Post Posted January 21st, 2010, 10:59 am

When I compile Firefox 3.6 with the same options as Firefox 3.5, it will crash in module xul.dll when ever I open
  • download manager
  • options > applications
  • options > general
  • try to download a file

It took me some hours to find out why ... but this happens only when I add the /GL optimization!

So it seems that Firefox crashes only when it uses functions of the download component but I have no clue how to debug nor do I have the next starting-point. :( Could someone please help with that?

I use:
Mozilla Build 1.4
Visual Studio 2008 Express Edition
Win7 SDK

Code: Select all
ac_add_options --enable-optimize="-O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP"


p.s.
Firefox 3.5 works fine with /GL!
Author of Bookmarks Menu Button, Autoclose Bookmark&History Folders and more

Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.19pre) Gecko/20110701 Firefox/3.6.19pre <-- build with MS VC++ 2010 SP1 and PGO on Win 7 x64

roytam1
 
Posts: 341
Joined: August 7th, 2003, 3:52 am

Post Posted January 22nd, 2010, 8:38 am

did you tried --disable-libxul to see which part crashes?
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"

Sephirot

User avatar
 
Posts: 247
Joined: June 15th, 2004, 7:56 am

Post Posted January 22nd, 2010, 10:11 am

roytam1 wrote:did you tried --disable-libxul to see which part crashes?

thanks for the hint

it's imgicon.dll with a BEX (buffer overflow exception), which was caught by the DEP feature of windows

Code: Select all
P1: firefox.exe
P2: 1.9.2.3674
P3: 4b59d248
P4: imgicon.dll
P5: 1.9.2.3674
P6: 4b59cd1c
P7: 00002eb4
P8: c0000409 --> STATUS_STACK_BUFFER_OVERRUN
P9: 00000000
P10:


/GS Exceptions
/GS (0xc0000409=STATUS_STACK_BUFFER_OVERRUN) exceptions are those Windows will throw whenever it detects that the security cookie protecting the return address has been tampered with. Since the goal of /GS is to turn buffer overruns that lead to code execution into denial of service attacks, whenever such a crash is detected you can be certain you have a security bug.

http://msdn.microsoft.com/en-us/magazin ... 11.aspx#S4

So there might be a bug in the code? :?:

part from the build log
Code: Select all
make[6]: Entering directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/win'
nsIconChannel.cpp
Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp
cl -FonsIconChannel.obj -c  -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT  -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I. -I../../../../../dist/include -I../../../../../dist/include/nsprpub  -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss            -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb  -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD            -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\"  -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp
nsIconChannel.cpp
d:/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp(603) : warning C4244: '=': Konvertierung von 'LONG' in 'PRInt8', m”glicher Datenverlust
d:/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp(604) : warning C4244: '=': Konvertierung von 'LONG' in 'PRInt8', m”glicher Datenverlust
rm -f imgiconwin_s.lib
lib -NOLOGO  -LTCG -OUT:"imgiconwin_s.lib"  nsIconChannel.obj 
echo not_ranlib imgiconwin_s.lib
not_ranlib imgiconwin_s.lib
make[6]: Leaving directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/win'
make[6]: Entering directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon'
nsIconURI.cpp
Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconURI.cpp
cl -FonsIconURI.obj -c  -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub  -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss            -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb  -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD            -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\"  -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconURI.cpp
nsIconURI.cpp
nsIconModule.cpp
Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconModule.cpp
cl -FonsIconModule.obj -c  -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub  -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss            -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb  -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD            -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\"  -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconModule.cpp
nsIconModule.cpp
nsIconProtocolHandler.cpp
Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconProtocolHandler.cpp
cl -FonsIconProtocolHandler.obj -c  -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub  -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss            -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb  -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD            -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\"  -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconProtocolHandler.cpp
nsIconProtocolHandler.cpp
D:/Building_Mozilla/apps/mozilla-build/msys/bin/perl.exe /d/Building_Mozilla/source/hg/192src/config/version_win.pl -QUIET 1 -DEPTH ../../../.. -TOPSRCDIR /d/Building_Mozilla/source/hg/192src -OBJDIR . -SRCDIR /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -DISPNAME Firefox -APPVERSION 3.6pre -OFFICIAL 1 -MODNAME imgicon
Creating Resource file: module.res
rc.exe  -r -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub  -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss      -Fomodule.res /d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/module.rc
Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385

Copyright (C) Microsoft Corporation.  All rights reserved.


link -NOLOGO -DLL -OUT:imgicon.dll -PDB:imgicon.pdb -SUBSYSTEM:WINDOWS  nsIconURI.obj nsIconModule.obj nsIconProtocolHandler.obj    ./module.res -LTCG -MANIFESTUAC:NO -NXCOMPAT -SAFESEH -DYNAMICBASE   -OPT:REF -OPT:ICF -IMPLIB:fake.lib  win/imgiconwin_s.lib  ../../../../dist/lib/gkgfx.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/xpcom.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/xpcom_core.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/nspr4.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/plc4.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/plds4.lib    kernel32.lib user32.lib gdi32.lib winmm.lib wsock32.lib advapi32.lib shell32.lib gdi32.lib comctl32.lib   
   Bibliothek "fake.lib" und Objekt "fake.exp" werden erstellt.
Code wird generiert.
Codegenerierung ist abgeschlossen.
chmod +x imgicon.dll
echo not_strip imgicon.dll
not_strip imgicon.dll
d:/Building_Mozilla/source/hg/firefox_vc9_192/config/nsinstall.exe -m 755 imgicon.dll ../../../../dist/bin/components
: ../../../../dist/bin/components/imgicon.dll
nsIIconURI.idl
d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/bin/xpidl.exe -m typelib -w -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I../../../../dist/idl -e _xpidlgen/nsIIconURI.xpt -d .deps/nsIIconURI.pp /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIIconURI.idl
d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/bin/xpt_link.exe _xpidlgen/imgicon.xpt _xpidlgen/nsIIconURI.xpt
d:/Building_Mozilla/source/hg/firefox_vc9_192/config/nsinstall.exe -m 644 _xpidlgen/imgicon.xpt ../../../../dist/bin/components
make[6]: Leaving directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon'



stack trace
Code: Select all
0:000:x86> kb
ChildEBP RetAddr  Args to Child             
0014c0a0 6c8a3587 6c8a41ac bd3640cb 42c9bf34 KERNEL32!UnhandledExceptionFilter+0x5f
WARNING: Stack unwind information not available. Following frames may be wrong.
0014c3d4 6c8a2eb4 00000000 076315a0 00ca09fd imgicon!NSGetModule+0x1897
0014c5ac 6cdcf4cd 00000001 72013090 bc2f41b3 imgicon!NSGetModule+0x11c4
00000000 00000000 00000000 00000000 00000000 gklayout!NSGetModule+0xab03d
Author of Bookmarks Menu Button, Autoclose Bookmark&History Folders and more

Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.19pre) Gecko/20110701 Firefox/3.6.19pre <-- build with MS VC++ 2010 SP1 and PGO on Win 7 x64

roytam1
 
Posts: 341
Joined: August 7th, 2003, 3:52 am

Post Posted January 23rd, 2010, 9:57 am

workaround:
add "-GS-" to your optimize flags.
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"

Sephirot

User avatar
 
Posts: 247
Joined: June 15th, 2004, 7:56 am

Post Posted January 25th, 2010, 2:53 pm

I'm getting closer ... the stack trace from a build with symbol files enabled gives me an function nsIconChannel::MakeInputStream()
Code: Select all
0:000:x86> kb
*** WARNING: Unable to verify checksum for imgicon.dll
ChildEBP RetAddr  Args to Child             
0024cfa0 74413587 744141d0 4e34b4cb b1cb4b34 KERNEL32!UnhandledExceptionFilter+0x5f
0024d2d4 74412eb4 00000000 05cb1168 0ada07a3 imgicon!__report_gsfailure+0xe1 [f:\dd\vctools\crt_bld\self_x86\crt\src\gs_report.c @ 313]
*** WARNING: Unable to verify checksum for gklayout.dll
0024d494 6c7d3157 0024d530 6c82f4b6 74842fde imgicon!nsIconChannel::MakeInputStream+0x404
0024d5c4 6c8af5a5 00000000 009925cc 4e136dad gklayout!NS_NewURI+0x47
0024d608 6c7a5184 05dd6d98 00000001 05ed0cf0 gklayout!nsImageBoxFrame::Init+0xa5
0024d6b0 6c7acc43 0024e030 0024d6d4 085937a8 gklayout!nsCSSFrameConstructor::ConstructFrameFromItemInternal+0x134
0024d6dc 6c7acfc8 0024e030 0024d758 0024d940 gklayout!nsCSSFrameConstructor::ConstructFramesFromItemList+0x43
0024d8e0 6c7a52eb 0024e030 08629228 082c7558 gklayout!nsCSSFrameConstructor::ProcessChildren+0x358


according to the assembly, it happens near the end of the function

wolfbeast71

User avatar
 
Posts: 57
Joined: June 15th, 2008, 7:53 am

Post Posted January 27th, 2010, 5:15 pm

I've actually been running into this issue without using /GL (I don't have the ram to do that to begin with, it eats up everything and then borks when linking because it runs out of heap space), when using a combination of anything other than VC8SP1 and the Win7SDK - it's been consistent in 3.6 for any other combination of compiler and SDK I tried, causing issues in 3 specific areas:
- crashes in xul.dll like you described
- bookmarks/bookmarks toolbar remaining empty
- history not working / menu empty

I guess these would all use the function in question, having site/file icons?

It seems people also have trouble with officially built firefox 3.6 browsers on occasion - if it's caused by a buffer overflow exception that goes unchecked, I guess that would make sense.
Using /GS- IMHO wouldn't be a very smart thing to do, if you do get an overflow, it might be a bigger problem than having the browser crash...
Mozilla's record-time unfixed stack overflow: 8 years and counting! (CVE-2009-1232)

roytam1
 
Posts: 341
Joined: August 7th, 2003, 3:52 am

Post Posted January 27th, 2010, 8:24 pm

VC7.1 overeats RAM when doing /GL, it was fixed in VC8. (from my observed)
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"

wolfbeast71

User avatar
 
Posts: 57
Joined: June 15th, 2008, 7:53 am

Post Posted January 28th, 2010, 2:27 am

roytam1 wrote:VC7.1 overeats RAM when doing /GL, it was fixed in VC8. (from my observed)

That would be nice, I can give that a try then - I still haven't been able to figure out though why I would need VC8 + Win7 SDK to make a build that works. The 2003 SDK certainly doesn't work (problems described above, including these crashes) and I prefer to use that.
Mozilla's record-time unfixed stack overflow: 8 years and counting! (CVE-2009-1232)

wolfbeast71

User avatar
 
Posts: 57
Joined: June 15th, 2008, 7:53 am

Post Posted January 28th, 2010, 5:33 am

I made a compile with GL on VC8 now, and lo and behold, yes, the same crash Sephirot has - hereby confirmed. Nothing else changed, without GL with the same config works fine.
Mozilla's record-time unfixed stack overflow: 8 years and counting! (CVE-2009-1232)

wolfbeast71

User avatar
 
Posts: 57
Joined: June 15th, 2008, 7:53 am

Post Posted January 29th, 2010, 1:06 pm

roytam1 wrote:workaround:
add "-GS-" to your optimize flags.


This doesn't seem to work for me, actually. Then again, DEP is switched off on my machine to begin with, so it wouldn't trigger anyway, would it? It still crashes, though, even with this flag when using -GL
Mozilla's record-time unfixed stack overflow: 8 years and counting! (CVE-2009-1232)

roytam1
 
Posts: 341
Joined: August 7th, 2003, 3:52 am

Post Posted January 29th, 2010, 9:23 pm

wolfbeast71 wrote:
roytam1 wrote:workaround:
add "-GS-" to your optimize flags.


This doesn't seem to work for me, actually. Then again, DEP is switched off on my machine to begin with, so it wouldn't trigger anyway, would it? It still crashes, though, even with this flag when using -GL

with "/GS-"("-GS-") you will not have 0xC0000409, but you may have 0xC0000005 instead.
and my builds with "-GS-" works fine here.
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"

Ted Mielczarek
 
Posts: 1269
Joined: November 5th, 2002, 7:32 am
Location: PA

Post Posted March 12th, 2010, 8:13 am

FWIW, our official builds use -GS (it's on by default in VC8). Since we build using PGO, they also use -GL in most places, but we disable it in a few places:
http://mxr.mozilla.org/mozilla-central/ ... D_OPTIMIZE

hATrayflood

User avatar
 
Posts: 2
Joined: March 24th, 2010, 11:02 am

Post Posted March 24th, 2010, 11:42 am

memcpy() is dangerous.
Code: Select all
diff -urN --strip-trailing-cr -x CVS -x '*.pyc' -x '*.stackdump' mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/Makefile.in mozilla-1.9.2/modules/libpr0n/decoders/icon/win/Makefile.in
--- mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/Makefile.in   2010-03-16 18:56:46 +0900
+++ mozilla-1.9.2/modules/libpr0n/decoders/icon/win/Makefile.in   2010-03-24 02:36:11 +0900
@@ -45,6 +45,7 @@
 MODULE      = imgicon
 LIBRARY_NAME   = imgiconwin_s
 LIBXUL_LIBRARY = 1
+NO_PROFILE_GUIDED_OPTIMIZE = 1
 
 REQUIRES   = xpcom \
         string \
diff -urN --strip-trailing-cr -x CVS -x '*.pyc' -x '*.stackdump' mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp mozilla-1.9.2/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp
--- mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp   2010-03-16 18:56:46 +0900
+++ mozilla-1.9.2/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp   2010-03-25 01:43:22 +0900
@@ -595,7 +595,7 @@
           iconHeader.ifhType = 1;
           iconHeader.ifhCount = 1;
           howMuch = sizeof(ICONFILEHEADER);
-          memcpy(whereTo, &iconHeader, howMuch);
+          memmove(whereTo, &iconHeader, howMuch);
           whereTo += howMuch;
 
           // followed by the single icon entry
@@ -611,7 +611,7 @@
                                   maskInfo.bmiHeader.biSizeImage;
           iconEntry.ieFileOffset = sizeof(ICONFILEHEADER) + sizeof(ICONENTRY);
           howMuch = sizeof(ICONENTRY);
-          memcpy(whereTo, &iconEntry, howMuch);
+          memmove(whereTo, &iconEntry, howMuch);
           whereTo += howMuch;
 
           // followed by the bitmap info header
@@ -619,7 +619,7 @@
           colorInfo.bmiHeader.biHeight *= 2;
           colorInfo.bmiHeader.biSizeImage += maskInfo.bmiHeader.biSizeImage;
           howMuch = sizeof(BITMAPINFOHEADER);
-          memcpy(whereTo, &colorInfo.bmiHeader, howMuch);
+          memmove(whereTo, &colorInfo.bmiHeader, howMuch);
           whereTo += howMuch;
           colorInfo.bmiHeader.biHeight /= 2;
           colorInfo.bmiHeader.biSizeImage -= maskInfo.bmiHeader.biSizeImage;

hATrayflood

User avatar
 
Posts: 2
Joined: March 24th, 2010, 11:02 am

Post Posted March 25th, 2010, 6:11 am

Sorry, NO_PROFILE_GUIDED_OPTIMIZE was not necessary.
I posted Bug 526038.

Return to Third Party/Unofficial Builds


Who is online

Users browsing this forum: No registered users and 3 guests