This is a topcrash for PR2 build 2000080712 according to talkback, but i am not able to reproduce. Data shows this occurring on Win95 and Win98. The stack traces point to this location: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/extensions/psm-glue/src/nsSe cureBrowserUIImpl.cpp&rev=SeaMonkey_M17_BRANCH&mark=366#356 Here is a stack trace and a couple of talkback entries for this crash: Incident ID 16059741 MSVCRT.DLL + 0x10f8d (0x78010f8d) nsSecureBrowserUIImpl::OnStateChange [d:\builds\seamonkey\mozilla\extensions\psm-glue\src\nsSecureBrowserUIImpl.cpp, line 368] nsDocLoaderImpl::FireOnStateChange [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 1256] nsDocLoaderImpl::doStopDocumentLoad [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 711] nsDocLoaderImpl::DocLoaderIsEmpty [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 615] nsDocLoaderImpl::OnStopRequest [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 545] nsLoadGroup::RemoveChannel [d:\builds\seamonkey\mozilla\netwerk\base\src\nsLoadGroup.cpp, line 552] nsHTTPChannel::ResponseCompleted [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPChannel.cpp, line 1838] nsHTTPServerListener::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHTTPResponseListener.cp p, line 720] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 302] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 106] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 588] PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 547] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 1045] KERNEL32.DLL + 0x363b (0xbff7363b) KERNEL32.DLL + 0x24407 (0xbff94407) 0x00688b42 MSVCRT.DLL + 0x12b83 (0x78012b83) 774bbea7 line Build: 2000080712 CrashDate: 2000-08-20 UptimeMinutes: 8 Total: 8 OS: Windows 95 4.0 build 67306684 URL: www.hotmail.com Comment: While logging into hotmail Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16049674 MSVCRT.DLL + 0x10f8d (0x78010f8d) 069b7a4c line Build: 2000080712 CrashDate: 2000-08-21 UptimeMinutes: 24 Total: 29 OS: Windows 98 4.10 build 67766446 URL: hotmail Comment: Attempting to log into my hotmail account. Had a problem with Passport Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16059741

adding topcrash keyword.

Do we have a test hotmail account that I can use to repro? My guess is that pickledResource.len is some ridiculous number, thus causing memcpy to stomp on memory

Not specific to hotmail: MSVCRT.DLL + 0x1648 (0x78001648) d0622927 line Build: 2000082208 CrashDate: 2000-08-24 UptimeMinutes: 311 Total: 323 OS: Windows 98 4.10 build 67766446 URL: https://freemail.web.de Comment: Entering secure site Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16232549 http://cyclone/reports/incidenttemplate.cfm?bbid=16232549

Adding crash keyword

nav triage team: nsbeta3+, this is exactly what talkback is for.

I cannot reproduce on my Win2k box using commercial build 2000090110 loggin on to hotmail or etrade. Anybody got others?

win98 200009108 with m17 psm, i tried everything on hotmail, could not crash. scrolling using a scrollmouse sometimes causes some jerkiness, but no crash. Is the psm on pr2 different from the mozilla version on iplanet?

Working with M18. I try to log on hotmail and the reply is "The connection was refused while attempting to contact lc5.law5.hotmail.passport.com". However, with IE5 the connection works. It seems like Hotmail servers refuse connections with "unknown" browsers like Mozilla!?

Andrew (goaran@hotmail.com) - did you install PSM? If not, then you cannot access hotmail.

PDT agrees P1 if reproducible, but let's find the steps soon.

Tried with 2000090704 Win32 build on Win2K and my Mac build from this morning 9/8/00, and I can't get a crash on either machine logging in to hotmail. I will try today's build on Win98 to see if that might be the issue.

Tried out build 2000090808 Win32 on Win98, logging into hotmail works fine. I am completely baffled by this one. The only thing I can think of is a psm bug that was fixed right after PR2 went out that might have fixed this.

I am stumped. I just downloaded win32 PR2, build 2000080712, running under win98, and I can't reproduce this crash.

Does anyone have a Win2000 machine? Maybe it will be worth while trying to reproduce this crash with Win2000. The latest talkback data still shows a few of these crashes. Below is the latest stack trace and the talkback entries. Hope this helps: Incident ID 16996326 MSVCRT.DLL + 0x11ce (0x780011ce) nsSecureBrowserUIImpl::OnStateChange [d:\builds\seamonkey\mozilla\extensions\psm-glue\src\nsSecureBrowserUIImpl.cpp, line 369] nsDocLoaderImpl::FireOnStateChange [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 1245] nsDocLoaderImpl::doStopDocumentLoad [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 704] nsDocLoaderImpl::DocLoaderIsEmpty [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 609] nsDocLoaderImpl::DocLoaderIsEmpty [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 614] nsDocLoaderImpl::OnStopRequest [d:\builds\seamonkey\mozilla\uriloader\base\nsDocLoader.cpp, line 554] nsLoadGroup::RemoveChannel [d:\builds\seamonkey\mozilla\netwerk\base\src\nsLoadGroup.cpp, line 573] nsStreamIOChannel::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\base\src\nsInputStreamChannel.cpp, line 627] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 302] nsStreamListenerEvent::HandlePLEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsAsyncStreamListener.cpp, line 106] PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 590] _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 1061] USER32.DLL + 0x48dc (0x77e148dc) USER32.DLL + 0x4aa7 (0x77e14aa7) USER32.DLL + 0x166fd (0x77e266fd) nsAppShellService::Run [d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 379] main1 [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp, line 965] main [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp, line 1142] WinMain [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp, line 1160] WinMainCRTStartup() KERNEL32.DLL + 0x192a6 (0x77e992a6) MSVCRT.DLL + 0x11ce (0x780011ce) 5d1bf8a2 line Build: 2000090608 CrashDate: 2000-09-06 UptimeMinutes: 21 Total: 21 OS: Windows NT 5.0 build 2195 URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16996326 MSVCRT.DLL + 0x126a (0x7800126a) b3c7237d line Build: 2000091209 CrashDate: 2000-09-12 UptimeMinutes: 36 Total: 57 OS: Windows NT 5.0 build 2195 URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17297856 MSVCRT.dll + 0x10a45 (0x78010a45) 818294d9 line Build: 2000090508 CrashDate: 2000-09-06 UptimeMinutes: 589 Total: 589 OS: Windows NT 4.0 build 1381 URL: lw4fd.law4.hotmail.msn.com/cgi-bin/HoTMaiL?n=11549&fti=yes Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16993818 MSVCRT.dll + 0x10f8d (0x78010f8d) 213d97de line Build: 2000090706 CrashDate: 2000-09-08 UptimeMinutes: 2 Total: 2 OS: Windows NT 4.0 build 1381 URL: Comment: Trying to use ssl Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17089923 MSVCRT.dll + 0x10a45 (0x78010a45) 818294d9 line Build: 2000090808 CrashDate: 2000-09-08 UptimeMinutes: 158 Total: 158 OS: Windows NT 4.0 build 1381 URL: www.hotmail.com Comment: trying to login Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17114053 MSVCRT.dll + 0x1648 (0x78001648) 6f9c0a5e line Build: 2000091108 CrashDate: 2000-09-11 UptimeMinutes: 1 Total: 1 OS: Windows NT 4.0 build 1381 URL: https://sourceforge.net/account/register.php Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17263696

adding qa wanted, we need win20000 tests. jpatel - are these all ns6 pr2 crash reports? Are there any similar reports from m18 nightly builds?

Yes, we need reproducible test cases. Talkbalk reports are not helping. I have tried to reproduce this one on Win2k, Win98, and MacOS 9 with PR2 and more recent builds.

My original description contains a stacktrace and entries from the PR2 build. The new comments added yesterday pertain to the M18 nightly builds. The new stacktrace and entries are from the latest Talkback report (9/14) on nightly builds.

I also just checked today's PR2 Talkback report, and there are still plenty of crashes with PR2 build 2000080712. The stack trace is the same as the one in my original description. Here are some entries from the PR2 Talkback report: MSVCRT.DLL + 0x10f8d (0x78010f8d) 069b7a4c line Build: 2000080712 CrashDate: 2000-09-13 UptimeMinutes: 537 Total: 1223 OS: Windows 98 4.10 build 67766446 URL: www.labf.com Comment: Opening secure page to place an order. Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17375582 MSVCRT.DLL + 0x10f8d (0x78010f8d) 8777b185 line Build: 2000080712 CrashDate: 2000-09-13 UptimeMinutes: 3 Total: 159 OS: Windows 98 4.10 build 67766222 URL: http://www.classicgarage.com/classicgarage/he-73712ion70.html Comment: I was about to order thr product....I press the order button Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17383153 MSVCRT.DLL + 0x10f8d (0x78010f8d) 71c44136 line Build: 2000080712 CrashDate: 2000-09-14 UptimeMinutes: 26 Total: 26 OS: Windows 98 4.10 build 67766222 URL: https://www.tipp24.de/ Comment: I clicked on a ad banner to tipp24.de where I got redirected to a secure connection which seemed to crash Netscape 6 Preview Release 2 English. Operatingsystem: Windows 98 German Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=17409816

is there any way to check if the user has PSM isntalled on the m18 nigthly crashes?

jay, the process list in the talkback database might have this info. we know that pr2 has psm installed if that helps, but it might not be relivant if I understand the stack correctly. We never enter the PSM code. last thing on the stack is the PSM glue code... then again that might be the problem. if by chance the psm installation has failed for some reason and users are hitting these sites maybe the glue code gets confused???? maybe someone could try a test case where they install and then remove psm, or install an old version of psm and hit the same sites to see if we can get a crash with this stack. also adding dougt and dveditz to the cc list.

Jay, These are seperate crashes and do not look related. The stack crawl that you posted on 9-14, is that reproduceable and really from a current build? If so, please file a new bug against me since I am the one that touched that area last. As for the first bug. How reproducable is this will current builds? Also, why are we using a NS_REINTERPRET_POINTER_CAST? Seams to me a static cast would be fine. For both of these code paths, the only way they can be reached is if cartman has been installed and a secure page has finished loaded from the network.

My 9/14 comments were a result of seeing this crash in talkback data for the latest builds. I am still unable to reproduce with the nighlty builds. My 9/15 comments pertain to the latest talkback data on PR2 build 2000080712. I am unable to reproduce that crash as well. If you are confident that my comments on those two dates are not related, please let me know and I will log a separate bug, but it looks like the stack traces are similar (just row numbers in the code are different, probably due to changes made between PR2 and now). I will look deeper into the talkback database to find the process list that chris mentioned...i will post it here if i find it.

the talkback incidents i looked at for this crash did not have any process lists available.

What's the status on this? Should I just log a new bug for the crash occuring on the latest builds?

cc: paw. Paul, can we try to see if anyone in QA can reproduce this?

jpatel - better log a new bug. It should go into security:crypto, unless these crashes are due to NOT having PSM installed on m18 builds.

Let's fix this in RTM. Paul, is this really our bug?

Mac and linux crashed. Look up talkbacks on cyclone for junruh@netscape.com on 9/26 about 9:45. Win95, 98, and NT all work OK for me. This is reproducible at http://junruh.mcom.com/tests.html. Click on "insecure to secure to insecure" in the top right section of the page. That is the sequence of events that occur when logging into www.hotmail.com.

Okay, just tried my NS6 optimized build from yesterday (9/25) and the nightly build 2000092512 on my mac, and I can't reproduce the crash. Let me try some more builds

I just tried this on my Mac build from yesterday and I don't see the crash using junruh's link.

OK, sorry for the confusion. I originally logged this bug because it was a topcrasher for the PR2 build 2000080712. From what I know, this crash is probably still occurring for people that are using our PR2 release. I have not yet been able to reproduce...and if noone else can reproduce with the PR2 build (2000080712), then perhaps we can just mark this worksforme? I will log a separate bug for the latest crashes on M18 builds.

OK, marking WORKSFORME on reccommendation from jpatel.

The new bug I logged is bug 54230. Please go there for any comments regarding a crash with the latest builds.

OK, I'm _really_ marking this WORKSFORME this time.

I just crashed on the branch PR3 candidate build 2000092909 for linux. I find it amusing that the day before PR2 was released hotmail did not crash, but on the day PR2 was released hotmail.com crashed using the same browser that did not crash the day before. :) Maybe we should get rid of the crash keyword from all our bugs so websites that want to crash Mozilla aren't able to find crashers so easily. :( I've failed to get a stack trace so far, talkback servers are down and my local build is not in a happy state.

*** Bug 54790 has been marked as a duplicate of this bug. ***

From talkback report, http://climate/reports/incidenttemplate.CFM?reportID=124&style=0&tc=38&cp=1&ck1=SUser+email+address&cd1=%25jelwell%40netscape%2Ecom%25&co1=like&bbid=18419703 Call Stack: (Signature = nsHTTPResponse::GetContentLength() 5c147c14) nsHTTPResponse::GetContentLength() nsHTTPServerListener::OnDataAvailable() nsOnDataAvailableEvent::HandleEvent() nsStreamListenerEvent::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xeafa (0x40898afa) libglib-1.2.so.0 + 0x101b6 (0x4089a1b6) libglib-1.2.so.0 + 0x10781 (0x4089a781) libglib-1.2.so.0 + 0x10921 (0x4089a921) libgtk-1.2.so.0 + 0x8c919 (0x407bf919) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x189cb (0x402609cb)

Marking "needinfo". This seems like a bad thing, but we need a patch, review and super review to clear for checkin.

Joseph Elwell, you're stack trace is completely different than the one originally in this bug. In fact, it looks very similar to the one for bug 52628. Please take a look at that one. This is a bug in nsSecureBrowserUIImpl.cpp. Logging on to hotmail.com still works for me using Mac PR3 build (2000092911). Marking as worksforme.

The bug has disappeared on Linux as well, build 2000100713.

Reopening. There are still talkback reports of this crash in 10-07, 10-11 and 10-12 builds, on Windows, mentioning various secure sites. See http://www.mozilla.org/projects/seamonkey/reports/ns6analysis.html . (These show up with stack signatureof MSVCRT.DLL since you crash in the memcpy here: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/extensions/psm-glue/src/nsSecureBrowserUIImpl.cpp&rev=1.34&mark=390#380

I'm marking this rtm-. Feel free to clear this if someone can get us a reproducible case. Right now, we're getting nowhere with the talkback data.

I'm pretty certain the crash in memcpy is because we're giving it a screwy length. That length comes from the PSM code via a call to CMT_GetStringAttribute (). However, I have not been able to reproduce the crash ever since this bug has been opened, so the world may never know how many licks it takes to get to the tootsie roll center of a tootsie pop.

Adding the status "Difficult to reproduce" to stop a lynching.

Bug still occurs with M18 and with Netscape 6 when loggon into hotmail account. Symptoms are mozilla or netscape process gobbles more and more memory unitil virtual memory is exhausted. On Windows NT4

so, it sounds like this might need to go on the memory leak/footprint radar. curt, can you have a look using the waterson mem analysis tools and see if we can quantify the size of the leak?

with both NS6 and a recent mozilla debug build, I am unable to log into hotmail. In the released version of NS6, the browser hangs, with the throbber slowly throbbing, and VM quickly disappearing. In a 12/27 debug build of mozilla, the submit button on the logon page does nothing. cc-ing pollmann in case there is a form submission problem here.

set severity to blocker, and milestone to mozilla0.8. This is important.

Bugzilla QA talking, I swear to say the truth only the truth. Seriously now, there is only one dup of this bug, and in the few monthes i've done this job the only problems about hotmail i've heard of were with a bad PSM installation. Even better, since mozilla0.7 was launched, I'm not hearing any report about Hotmail anymore, everything seems to work fine. I log in there quite often and never crashed, on win95. Are there still talkback reports about it?

Marking down from blocker to major. Buster, this is a specific bug about crashing in nsSecureBrowserUIImpl, which has been very hard to reproduce with a debug build so that it can get debugged and fixed. I have seen what you describe, especially under Linux, and I believe you should file a seperate bug, if there isn't already one logged.

ooops, no, really, marking as major, ;-)

There are actually 2 bugs on this crash (filed by the same person, no less :-). I'm not quite sure how that happened. But anyway, a few days ago I checked in a patch that may have fixed this crash. See bug 54230. I'm waiting to see if it disappears from the talkback data.

Oh, it happened because I reopened this one after the other one was filed. Anyway, I guess I'll just mark as a duplicate. Reopen if you disagree... *** This bug has been marked as a duplicate of 54230 ***