Discussion of third-party/unofficial Firefox/Thunderbird/SeaMonkey builds.
Sephirot
Posts: 247 Joined: June 15th, 2004, 7:56 am
Post
by Sephirot » January 21st, 2010, 10:59 am
When I compile Firefox 3.6 with the same options as Firefox 3.5, it will crash in module xul.dll when ever I open
download manager options > applications options > general try to download a file It took me some hours to find out why ... but this happens only when I add the
/GL optimization !
So it seems that Firefox crashes only when it uses functions of the download component but I have no clue how to debug nor do I have the next starting-point.
Could someone please help with that?
I use:
Mozilla Build 1.4
Visual Studio 2008 Express Edition
Win7 SDK
Code: Select all
ac_add_options --enable-optimize="-O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP"
p.s.
Firefox 3.5 works fine with /GL!
roytam1
Posts: 341 Joined: August 7th, 2003, 3:52 am
Post
by roytam1 » January 22nd, 2010, 8:38 am
did you tried --disable-libxul to see which part crashes?
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"
Sephirot
Posts: 247 Joined: June 15th, 2004, 7:56 am
Post
by Sephirot » January 22nd, 2010, 10:11 am
roytam1 wrote: did you tried --disable-libxul to see which part crashes?
thanks for the hint
it's imgicon.dll with a BEX (buffer overflow exception), which was caught by the DEP feature of windows
Code: Select all
P1: firefox.exe P2: 1.9.2.3674 P3: 4b59d248 P4: imgicon.dll P5: 1.9.2.3674 P6: 4b59cd1c P7: 00002eb4 P8: c0000409 --> STATUS_STACK_BUFFER_OVERRUN P9: 00000000 P10:
/GS Exceptions /GS (0xc0000409=STATUS_STACK_BUFFER_OVERRUN) exceptions are those Windows will throw whenever it detects that the security cookie protecting the return address has been tampered with. Since the goal of /GS is to turn buffer overruns that lead to code execution into denial of service attacks, whenever such a crash is detected you can be certain you have a security bug.
http://msdn.microsoft.com/en-us/magazin ... 11.aspx#S4 So there might be a bug in the code?
part from the build log
Code: Select all
make[6]: Entering directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/win' nsIconChannel.cpp Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp cl -FonsIconChannel.obj -c -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I. -I../../../../../dist/include -I../../../../../dist/include/nsprpub -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\" -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp nsIconChannel.cpp d:/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp(603) : warning C4244: '=': Konvertierung von 'LONG' in 'PRInt8', m”glicher Datenverlust d:/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp(604) : warning C4244: '=': Konvertierung von 'LONG' in 'PRInt8', m”glicher Datenverlust rm -f imgiconwin_s.lib lib -NOLOGO -LTCG -OUT:"imgiconwin_s.lib" nsIconChannel.obj echo not_ranlib imgiconwin_s.lib not_ranlib imgiconwin_s.lib make[6]: Leaving directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/win' make[6]: Entering directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon' nsIconURI.cpp Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconURI.cpp cl -FonsIconURI.obj -c -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\" -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconURI.cpp nsIconURI.cpp nsIconModule.cpp Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconModule.cpp cl -FonsIconModule.obj -c -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\" -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconModule.cpp nsIconModule.cpp nsIconProtocolHandler.cpp Building deps for /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconProtocolHandler.cpp cl -FonsIconProtocolHandler.obj -c -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss -GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -O2 -GA -GL -GT -arch:SSE2 -fp:fast -MP -MD -D_CRT_SECURE_NO_WARNINGS=1 -D_CRT_NONSTDC_NO_WARNINGS=1 -DHAVE_WINSDKVER_H=1 -DWINVER=0x500 -D_WIN32_WINNT=0x500 -D_WIN32_IE=0x0500 -DMOZ_WINSDK_TARGETVER=0x06010000 -DMOZ_NTDDI_WS03=0x05020000 -DMOZ_NTDDI_LONGHORN=0x06000000 -DMOZ_NTDDI_WIN7=0x06010000 -DHAVE_IO_H=1 -DHAVE_SETBUF=1 -DHAVE_ISATTY=1 -DX_DISPLAY_MISSING=1 -DMOZILLA_VERSION=\"1.9.2pre\" -DMOZILLA_VERSION_U=1.9.2pre -DHAVE_SNPRINTF=1 -D_WINDOWS=1 -DWIN32=1 -DXP_WIN=1 -DXP_WIN32=1 -DHW_THREADS=1 -DSTDC_HEADERS=1 -DWIN32_LEAN_AND_MEAN=1 -DNO_X11=1 -DHAVE_MMINTRIN_H=1 -DHAVE_OLEACC_IDL=1 -DHAVE_ATLBASE_H=1 -DHAVE_WPCAPI_H=1 -D_X86_=1 -DD_INO=d_ino -DMOZ_EMBEDDING_LEVEL_DEFAULT=1 -DMOZ_EMBEDDING_LEVEL_BASIC=1 -DMOZ_EMBEDDING_LEVEL_MINIMAL=1 -DMOZ_PHOENIX=1 -DMOZ_BUILD_APP=browser -DMOZ_DEFAULT_TOOLKIT=\"cairo-windows\" -DMOZ_OFFICIAL_BRANDING=1 -DMOZ_DISTRIBUTION_ID=\"org.mozilla\" -DIBMBIDI=1 -DMOZ_VIEW_SOURCE=1 -DACCESSIBILITY=1 -DMOZ_XPINSTALL=1 -DMOZ_JSLOADER=1 -DNS_PRINTING=1 -DNS_PRINT_PREVIEW=1 -DMOZ_NO_XPCOM_OBSOLETE=1 -DMOZ_OGG=1 -DMOZ_WAVE=1 -DMOZ_SYDNEYAUDIO=1 -DMOZ_MEDIA=1 -DMOZ_XTF=1 -DMOZ_CRASHREPORTER_ENABLE_PERCENT=100 -DMOZ_MATHML=1 -DMOZ_ENABLE_CANVAS=1 -DMOZ_SVG=1 -DMOZ_UPDATE_CHANNEL=default -DMOZ_PLACES=1 -DMOZ_FEEDS=1 -DMOZ_STORAGE=1 -DMOZ_SAFE_BROWSING=1 -DMOZ_URL_CLASSIFIER=1 -DMOZ_LOGGING=1 -DMOZ_USER_DIR=\"Mozilla\" -DMOZ_TREE_CAIRO=1 -DHAVE_UINT64_T=1 -DMOZ_XUL=1 -DMOZ_PROFILELOCKING=1 -DMOZ_RDF=1 -DBUILD_CTYPES=1 -DMOZ_MORKREADER=1 -DMOZ_DLL_SUFFIX=\".dll\" -D_MOZILLA_CONFIG_H_ -DMOZILLA_CLIENT /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIconProtocolHandler.cpp nsIconProtocolHandler.cpp D:/Building_Mozilla/apps/mozilla-build/msys/bin/perl.exe /d/Building_Mozilla/source/hg/192src/config/version_win.pl -QUIET 1 -DEPTH ../../../.. -TOPSRCDIR /d/Building_Mozilla/source/hg/192src -OBJDIR . -SRCDIR /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -DISPNAME Firefox -APPVERSION 3.6pre -OFFICIAL 1 -MODNAME imgicon Creating Resource file: module.res rc.exe -r -DMOZILLA_INTERNAL_API -DOSTYPE=\"WINNT6.1\" -DOSARCH=WINNT -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/win -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I. -I../../../../dist/include -I../../../../dist/include/nsprpub -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nspr -Id:/Building_Mozilla/source/hg/firefox_vc9_192/dist/include/nss -Fomodule.res /d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon/module.rc Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385 Copyright (C) Microsoft Corporation. All rights reserved. link -NOLOGO -DLL -OUT:imgicon.dll -PDB:imgicon.pdb -SUBSYSTEM:WINDOWS nsIconURI.obj nsIconModule.obj nsIconProtocolHandler.obj ./module.res -LTCG -MANIFESTUAC:NO -NXCOMPAT -SAFESEH -DYNAMICBASE -OPT:REF -OPT:ICF -IMPLIB:fake.lib win/imgiconwin_s.lib ../../../../dist/lib/gkgfx.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/xpcom.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/xpcom_core.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/nspr4.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/plc4.lib d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/lib/plds4.lib kernel32.lib user32.lib gdi32.lib winmm.lib wsock32.lib advapi32.lib shell32.lib gdi32.lib comctl32.lib Bibliothek "fake.lib" und Objekt "fake.exp" werden erstellt. Code wird generiert. Codegenerierung ist abgeschlossen. chmod +x imgicon.dll echo not_strip imgicon.dll not_strip imgicon.dll d:/Building_Mozilla/source/hg/firefox_vc9_192/config/nsinstall.exe -m 755 imgicon.dll ../../../../dist/bin/components : ../../../../dist/bin/components/imgicon.dll nsIIconURI.idl d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/bin/xpidl.exe -m typelib -w -I/d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon -I../../../../dist/idl -e _xpidlgen/nsIIconURI.xpt -d .deps/nsIIconURI.pp /d/Building_Mozilla/source/hg/192src/modules/libpr0n/decoders/icon/nsIIconURI.idl d:/Building_Mozilla/source/hg/firefox_vc9_192/dist/bin/xpt_link.exe _xpidlgen/imgicon.xpt _xpidlgen/nsIIconURI.xpt d:/Building_Mozilla/source/hg/firefox_vc9_192/config/nsinstall.exe -m 644 _xpidlgen/imgicon.xpt ../../../../dist/bin/components make[6]: Leaving directory `/d/Building_Mozilla/source/hg/firefox_vc9_192/modules/libpr0n/decoders/icon'
stack trace
Code: Select all
0:000:x86> kb ChildEBP RetAddr Args to Child 0014c0a0 6c8a3587 6c8a41ac bd3640cb 42c9bf34 KERNEL32!UnhandledExceptionFilter+0x5f WARNING: Stack unwind information not available. Following frames may be wrong. 0014c3d4 6c8a2eb4 00000000 076315a0 00ca09fd imgicon!NSGetModule+0x1897 0014c5ac 6cdcf4cd 00000001 72013090 bc2f41b3 imgicon!NSGetModule+0x11c4 00000000 00000000 00000000 00000000 00000000 gklayout!NSGetModule+0xab03d
roytam1
Posts: 341 Joined: August 7th, 2003, 3:52 am
Post
by roytam1 » January 23rd, 2010, 9:57 am
workaround: add "-GS-" to your optimize flags.
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"
Sephirot
Posts: 247 Joined: June 15th, 2004, 7:56 am
Post
by Sephirot » January 25th, 2010, 2:53 pm
I'm getting closer ... the stack trace from a build with symbol files enabled gives me an function nsIconChannel::MakeInputStream()
Code: Select all
0:000:x86> kb *** WARNING: Unable to verify checksum for imgicon.dll ChildEBP RetAddr Args to Child 0024cfa0 74413587 744141d0 4e34b4cb b1cb4b34 KERNEL32!UnhandledExceptionFilter+0x5f 0024d2d4 74412eb4 00000000 05cb1168 0ada07a3 imgicon!__report_gsfailure+0xe1 [f:\dd\vctools\crt_bld\self_x86\crt\src\gs_report.c @ 313] *** WARNING: Unable to verify checksum for gklayout.dll 0024d494 6c7d3157 0024d530 6c82f4b6 74842fde imgicon!nsIconChannel::MakeInputStream+0x404 0024d5c4 6c8af5a5 00000000 009925cc 4e136dad gklayout!NS_NewURI+0x47 0024d608 6c7a5184 05dd6d98 00000001 05ed0cf0 gklayout!nsImageBoxFrame::Init+0xa5 0024d6b0 6c7acc43 0024e030 0024d6d4 085937a8 gklayout!nsCSSFrameConstructor::ConstructFrameFromItemInternal+0x134 0024d6dc 6c7acfc8 0024e030 0024d758 0024d940 gklayout!nsCSSFrameConstructor::ConstructFramesFromItemList+0x43 0024d8e0 6c7a52eb 0024e030 08629228 082c7558 gklayout!nsCSSFrameConstructor::ProcessChildren+0x358
according to the assembly, it happens near the end of the function
wolfbeast71
Posts: 57 Joined: June 15th, 2008, 7:53 am
Post
by wolfbeast71 » January 27th, 2010, 5:15 pm
I've actually been running into this issue without using /GL (I don't have the ram to do that to begin with, it eats up everything and then borks when linking because it runs out of heap space), when using a combination of anything other than VC8SP1 and the Win7SDK - it's been consistent in 3.6 for any other combination of compiler and SDK I tried, causing issues in 3 specific areas: - crashes in xul.dll like you described - bookmarks/bookmarks toolbar remaining empty - history not working / menu empty I guess these would all use the function in question, having site/file icons? It seems people also have trouble with officially built firefox 3.6 browsers on occasion - if it's caused by a buffer overflow exception that goes unchecked, I guess that would make sense. Using /GS- IMHO wouldn't be a very smart thing to do, if you do get an overflow, it might be a bigger problem than having the browser crash...
Mozilla's record-time unfixed stack overflow: 8 years and counting!
(CVE-2009-1232)
roytam1
Posts: 341 Joined: August 7th, 2003, 3:52 am
Post
by roytam1 » January 27th, 2010, 8:24 pm
VC7.1 overeats RAM when doing /GL, it was fixed in VC8. (from my observed)
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"
wolfbeast71
Posts: 57 Joined: June 15th, 2008, 7:53 am
Post
by wolfbeast71 » January 28th, 2010, 2:27 am
roytam1 wrote: VC7.1 overeats RAM when doing /GL, it was fixed in VC8. (from my observed)
That would be nice, I can give that a try then - I still haven't been able to figure out though why I would need VC8 + Win7 SDK to make a build that works. The 2003 SDK certainly doesn't work (problems described above, including these crashes) and I prefer to use that.
Mozilla's record-time unfixed stack overflow: 8 years and counting!
(CVE-2009-1232)
wolfbeast71
Posts: 57 Joined: June 15th, 2008, 7:53 am
Post
by wolfbeast71 » January 28th, 2010, 5:33 am
I made a compile with GL on VC8 now, and lo and behold, yes, the same crash Sephirot has - hereby confirmed. Nothing else changed, without GL with the same config works fine.
Mozilla's record-time unfixed stack overflow: 8 years and counting!
(CVE-2009-1232)
wolfbeast71
Posts: 57 Joined: June 15th, 2008, 7:53 am
Post
by wolfbeast71 » January 29th, 2010, 1:06 pm
roytam1 wrote: workaround: add "-GS-" to your optimize flags.
This doesn't seem to work for me, actually. Then again, DEP is switched off on my machine to begin with, so it wouldn't trigger anyway, would it? It still crashes, though, even with this flag when using -GL
Mozilla's record-time unfixed stack overflow: 8 years and counting!
(CVE-2009-1232)
roytam1
Posts: 341 Joined: August 7th, 2003, 3:52 am
Post
by roytam1 » January 29th, 2010, 9:23 pm
wolfbeast71 wrote: roytam1 wrote: workaround: add "-GS-" to your optimize flags.
This doesn't seem to work for me, actually. Then again, DEP is switched off on my machine to begin with, so it wouldn't trigger anyway, would it? It still crashes, though, even with this flag when using -GL
with "/GS-"("-GS-") you will not have 0xC0000409, but you may have 0xC0000005 instead.
and my builds with "-GS-" works fine here.
I am the bone of my firefox.Source is my body,and library is my blood.I've created over a thousand of builds.Unaware of notice.Nor aware of warning.With stood pain to create binaries.Waiting for one's download.I have no regrets.This is the only path.My whole life was "Unlimited build works"
hATrayflood
Posts: 2 Joined: March 24th, 2010, 11:02 am
Contact:
Post
by hATrayflood » March 24th, 2010, 11:42 am
memcpy() is dangerous.
Code: Select all
diff -urN --strip-trailing-cr -x CVS -x '*.pyc' -x '*.stackdump' mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/Makefile.in mozilla-1.9.2/modules/libpr0n/decoders/icon/win/Makefile.in --- mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/Makefile.in 2010-03-16 18:56:46 +0900 +++ mozilla-1.9.2/modules/libpr0n/decoders/icon/win/Makefile.in 2010-03-24 02:36:11 +0900 @@ -45,6 +45,7 @@ MODULE = imgicon LIBRARY_NAME = imgiconwin_s LIBXUL_LIBRARY = 1 +NO_PROFILE_GUIDED_OPTIMIZE = 1 REQUIRES = xpcom \ string \ diff -urN --strip-trailing-cr -x CVS -x '*.pyc' -x '*.stackdump' mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp mozilla-1.9.2/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp --- mozilla-1.9.2.orig/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp 2010-03-16 18:56:46 +0900 +++ mozilla-1.9.2/modules/libpr0n/decoders/icon/win/nsIconChannel.cpp 2010-03-25 01:43:22 +0900 @@ -595,7 +595,7 @@ iconHeader.ifhType = 1; iconHeader.ifhCount = 1; howMuch = sizeof(ICONFILEHEADER); - memcpy(whereTo, &iconHeader, howMuch); + memmove(whereTo, &iconHeader, howMuch); whereTo += howMuch; // followed by the single icon entry @@ -611,7 +611,7 @@ maskInfo.bmiHeader.biSizeImage; iconEntry.ieFileOffset = sizeof(ICONFILEHEADER) + sizeof(ICONENTRY); howMuch = sizeof(ICONENTRY); - memcpy(whereTo, &iconEntry, howMuch); + memmove(whereTo, &iconEntry, howMuch); whereTo += howMuch; // followed by the bitmap info header @@ -619,7 +619,7 @@ colorInfo.bmiHeader.biHeight *= 2; colorInfo.bmiHeader.biSizeImage += maskInfo.bmiHeader.biSizeImage; howMuch = sizeof(BITMAPINFOHEADER); - memcpy(whereTo, &colorInfo.bmiHeader, howMuch); + memmove(whereTo, &colorInfo.bmiHeader, howMuch); whereTo += howMuch; colorInfo.bmiHeader.biHeight /= 2; colorInfo.bmiHeader.biSizeImage -= maskInfo.bmiHeader.biSizeImage;
hATrayflood
Posts: 2 Joined: March 24th, 2010, 11:02 am
Contact:
Post
by hATrayflood » March 25th, 2010, 6:11 am
Sorry, NO_PROFILE_GUIDED_OPTIMIZE was not necessary.
I posted
Bug 526038 .