[Tips]Firefox 2.x ietab插件的一个小bug
by axis
2007-08-17
http://www.ph4nt0m.org
最近用支付宝买东西时总是会crash firefox,今天花了点时间跟了一下,发现是firefox的ietab插件解析招行专业版的一个activex控件的问题。
测试版本:
招商银行专业版,升级到最新版本:
C:\windows\system32\PersonalBankMain.ocx 版本为: 5.1.4.1
Firefox 版本:2.0.0.2
Firefox目录下的 js3250.dll 版本为:4.0.0.0 (就是这个dll的问题)
测试过程,使用firefox的ietab打开以下html文件:
<html>
<object ID="CMBPB_OCX" classid="clsid:F2EB8999-766E-4BF6-AAAD-188D398C0D0B" width="0" height="0">
</object>
</html>
<object ID="CMBPB_OCX" classid="clsid:F2EB8999-766E-4BF6-AAAD-188D398C0D0B" width="0" height="0">
</object>
</html>
你马上就可以看到firefox crash了!
简单跟了一下:
(12d0.1584): Unknown exception - code c0000090 (first chance)
(12d0.1584): Unknown exception - code c0000090 (!!! second chance !!!)
eax=00001f72 ebx=0213dab0 ecx=0013bf48 edx=42700000 esi=01808230 edi=01808230
eip=1004b98f esp=0013bea0 ebp=0013c008 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
js3250!JSLL_MinInt+0x15af:
1004b98f d96c2410 fldcw word ptr [esp+10h] ss:0023:0013beb0=1372
(12d0.1584): Unknown exception - code c0000090 (!!! second chance !!!)
eax=00001f72 ebx=0213dab0 ecx=0013bf48 edx=42700000 esi=01808230 edi=01808230
eip=1004b98f esp=0013bea0 ebp=0013c008 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
js3250!JSLL_MinInt+0x15af:
1004b98f d96c2410 fldcw word ptr [esp+10h] ss:0023:0013beb0=1372
异常的地方:
1004b961 7508 jne js3250!JSLL_MinInt+0x158b (1004b96b)
1004b963 8b542438 mov edx,dword ptr [esp+38h]
1004b967 85d2 test edx,edx
1004b969 7441 je js3250!JSLL_MinInt+0x15cc (1004b9ac)
1004b96b dd442438 fld qword ptr [esp+38h]
1004b96f dd442438 fld qword ptr [esp+38h]
1004b973 d9c9 fxch st(1)
1004b975 d97c2410 fnstcw word ptr [esp+10h]
1004b979 0fb7442410 movzx eax,word ptr [esp+10h]
1004b97e 0d000c0000 or eax,0C00h
1004b983 89442418 mov dword ptr [esp+18h],eax
1004b987 d96c2418 fldcw word ptr [esp+18h]
1004b98b db5c241c fistp dword ptr [esp+1Ch]
1004b98f d96c2410 fldcw word ptr [esp+10h] ss:0023:0013beb0=1372 ; 异常了
1004b993 db44241c fild dword ptr [esp+1Ch]
1004b997 8b54241c mov edx,dword ptr [esp+1Ch]
1004b99b dd5c2424 fstp qword ptr [esp+24h]
1004b99f dd442424 fld qword ptr [esp+24h]
1004b9a3 dae9 fucompp
1004b9a5 dfe0 fnstsw ax
1004b9a7 9e sahf
1004b9a8 7a02 jp js3250!JSLL_MinInt+0x15cc (1004b9ac)
1004b9aa 7422 je js3250!JSLL_MinInt+0x15ee (1004b9ce)
1004b9ac dd442438 fld qword ptr [esp+38h]
1004b9b0 8bc6 mov eax,esi
1004b9b2 8bd1 mov edx,ecx
1004b963 8b542438 mov edx,dword ptr [esp+38h]
1004b967 85d2 test edx,edx
1004b969 7441 je js3250!JSLL_MinInt+0x15cc (1004b9ac)
1004b96b dd442438 fld qword ptr [esp+38h]
1004b96f dd442438 fld qword ptr [esp+38h]
1004b973 d9c9 fxch st(1)
1004b975 d97c2410 fnstcw word ptr [esp+10h]
1004b979 0fb7442410 movzx eax,word ptr [esp+10h]
1004b97e 0d000c0000 or eax,0C00h
1004b983 89442418 mov dword ptr [esp+18h],eax
1004b987 d96c2418 fldcw word ptr [esp+18h]
1004b98b db5c241c fistp dword ptr [esp+1Ch]
1004b98f d96c2410 fldcw word ptr [esp+10h] ss:0023:0013beb0=1372 ; 异常了
1004b993 db44241c fild dword ptr [esp+1Ch]
1004b997 8b54241c mov edx,dword ptr [esp+1Ch]
1004b99b dd5c2424 fstp qword ptr [esp+24h]
1004b99f dd442424 fld qword ptr [esp+24h]
1004b9a3 dae9 fucompp
1004b9a5 dfe0 fnstsw ax
1004b9a7 9e sahf
1004b9a8 7a02 jp js3250!JSLL_MinInt+0x15cc (1004b9ac)
1004b9aa 7422 je js3250!JSLL_MinInt+0x15ee (1004b9ce)
1004b9ac dd442438 fld qword ptr [esp+38h]
1004b9b0 8bc6 mov eax,esi
1004b9b2 8bd1 mov edx,ecx
堆栈调用:
WARNING: Stack unwind information not available. Following frames may be wrong.
js3250!JSLL_MinInt+0x15af
js3250!js_FreeStack+0xf269
ntdll!RtlImageRvaToVa+0x3e7
ntdll!RtlAllocateHeap+0x117
SHLWAPI!PathAppendW+0x3a
SHELL32!SHGetFolderPathA+0x5de
js3250!js_AllocRawStack+0x83
js3250!js_AllocStack+0x10e
firefox!NS_RegistryGetFactory+0x2b1e9
SHELL32!Ordinal78+0x77c
0x3c830013
0x3c9f034f
js3250!JSLL_MinInt+0x15af
js3250!js_FreeStack+0xf269
ntdll!RtlImageRvaToVa+0x3e7
ntdll!RtlAllocateHeap+0x117
SHLWAPI!PathAppendW+0x3a
SHELL32!SHGetFolderPathA+0x5de
js3250!js_AllocRawStack+0x83
js3250!js_AllocStack+0x10e
firefox!NS_RegistryGetFactory+0x2b1e9
SHELL32!Ordinal78+0x77c
0x3c830013
0x3c9f034f
Firefox还有很长的路要走,最好好还是改改这种bug,希望它越做越好吧。
没有评论:
发表评论