How to remove error code  0xc0000005 on Windows 10

Error Code 0xc0000005, which occurs when you try to use programs within Windows 10 can be very frustrating. While it is associated mostly with Windows 10, this error has also been seen in previous versions of the Windows Operating System. This error works in the same ways and is normally caused for same reasons in all the cases.

Common symptoms include:

Ø  You cannot run programs as designed

Ø  You cannot start any programs

While Error Code 0xc0000005 might cause you a big problem, there are three strategies available for solving these problems. However, if you aren’t sure you can do this all by your own, please contact a professional PC repairman familiar with Windows OS to help you solve this problem.

Related: Step By Step Guide to Fixing Regsvr32.exe Error On Windows

Solution and Manual Repair of Error Code 0xc0000005

Three main methods are available for you to try to solve Error Code 0xc0000005 on your Windows machine. Considering the extent of your technical know-how and confidence, it may be easy to somewhat tough to follow these steps. Again, if you aren’t confident enough to complete the methods all by yourself, contact a qualified computer repairman to help you in the process.

Best ways to resolve Error Code 0xc0000005 on your Windows machine are given below:

Method One:  Disable Any Anti-Virus Processes

In some instances, your programs might be interfered by an antivirus. If you think that to be the primary cause, try to disable the antivirus software temporarily to see if that resolves the problem and you are able to use the program without any error.

Make sure you always have on other security software, such as built-in Windows Defender, when you disable the antivirus software. This will protect your computer from malicious software. Generally, this is normally the best security tool on your computer that doesn’t interfere with other programs.

Method Two:  Run a Registry Cleaner

In some instances, Error Code 0xc0000005 might appear when a registry entry is faulty or missing from the system. If you believe this to be the case, use a registry cleaning software you trust to scan the files and let the software automatically fix the problem.

Make sure always to check the registry cleaning tool provider you are using, because not every tool you download from the internet is safe. Whenever possible, use the registry tools that are available directly from the Microsoft website, rather than the ones you find with a simple search.

Once you completed your registry scan, take time to restart your machine to make sure that every change made in the computer can be recognized and applied by your OS and devices.

Would you love to view more ways to resolve error code 0xc0000005 when it appears on your Windows PC? Please visit the full article and learn how to completely repair error code 0xc0000005

Application Error 0xc0000005 can stop you from accessing to an application. Article showing how to fix the 0xc0000005 Error Detailed description.

Pada artikel ini, admin akan memberikan kepada kalian beberapa metode cara mengatasi error code 0xc0000005 di Windows 10.

application was unable to start correctly 0xc00005, the application was unable to start correctly 0xc00000e5, What is 0xc00005 means?, When 0xc00005 error occures?, How do I fix error code 0xc00005?, How do I fix the application was unable to start correctly?, How do I fix file system error?, Will chkdsk fix corrupt files?, How do I find the event log?, error code 0xc0000005 windows 8, Fix 0xc00005 windows 10 update error?, windows update error 0xc0000005

One of the problems you might face on windows 10 is the error code 0xc0000005. It can occur due to multiple of reasons, like corrupted files, malware hardware or damaged RAM. Such errors are not much infrequent on windows based operating systems. So you can easily get rid of them.

SlimPDF Reader - NULL Pointer Dereference

Vulnerability: NULL Pointer Dereference Product: SlimPDF Reader - (SlimPDF Reader.exe) Tested on: Windows 10 Reference: https://cwe.mitre.org/data/definitions/476.html Impact: Denial of Service (can be achieved via Remote) Reported: https://support.investintech.com/hc/en-us/requests/14369

Summary A vulnerability in SlimPDF Reader could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper processing of certain PDF documents by the affected system. An attacker could exploit this vulnerability by persuading a trusted user to open a malicious PDF document using the affected application. When the application processes the malicious document, it may dereference a NULL pointer. The error could cause the application to crash, resulting in a DoS condition.

Vulnerability Description NULL Pointer in SlimPDF Reader.exe in Investintech SlimPDF Reader 1.0.12 allows attacker to locally and remotely trigger Denial-of-Service. SlimPDF does not contained any other components except its own EXE file. The affected components on the executable itself (SlimPDF Reader.exe) failed to parse stream objects in PDF file.

Initial analysis To trigger the NULL pointer, open PDF with SlimPDF Reader. Upon opening the PDF, an exception occured.

(f84.cdc): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. *** WARNING: Unable to verify checksum for C:\Program Files (x86)\Investintech.com Inc\SlimPDF Reader 1.0\SlimPDF Reader.exe *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\Investintech.com Inc\SlimPDF Reader 1.0\SlimPDF Reader.exe SlimPDF_Reader+0x3457c: 0043457c 394608 cmp dword ptr [esi+8],eax ds:002b:00000008=????????

Looking at the exception code c0000005, it is a code for an access violation. That means that the program is accessing a memory address to which hasn't right to do.

0:000:x86> .exr -1 ExceptionAddress: 0043457c (SlimPDF_Reader+0x0003457c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000008 Attempt to read from address 00000008 0:000:x86> r eax=00000002 ebx=023274a8 ecx=04357020 edx=00000005 esi=00000000 edi=0231e928 eip=0043457c esp=0019f6e0 ebp=0019f860 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246 SlimPDF_Reader+0x3457c: 0043457c 394608 cmp dword ptr [esi+8],eax ds:002b:00000008=???????? If we see the registers above, we can see ESI contained NULL value. We can see this via memory: 0:000:x86> dc esi 00000000 ???????? ???????? ???????? ???????? ???????????????? 00000010 ???????? ???????? ???????? ???????? ???????????????? 00000020 ???????? ???????? ???????? ???????? ???????????????? 00000030 ???????? ???????? ???????? ???????? ???????????????? 00000040 ???????? ???????? ???????? ???????? ???????????????? 00000050 ???????? ???????? ???????? ???????? ???????????????? 00000060 ???????? ???????? ???????? ???????? ???????????????? 00000070 ???????? ???????? ???????? ???????? ????????????????

Root Cause Inspecting the issue leads to the failure parsing the stream object thus causing NULL pointer dereference.

.text:0043456D mov eax, [ebx+8] ; [ebx+8] is already containing invalid value .text:00434570 cmp eax, 2 ; .text:00434573 mov esi, [ebx+28h] ; [ebx+28h] containing our PDF stream (invalid value), pointer to .text:00434576 jnz loc_434826 ; zero flag set here, so no jump .text:0043457C cmp [esi+8], eax ; continue executing and crash

We can see the object stream in EBX as in following:

0:000:x86> dps 023274a8 023274a8 ffffffff 023274ac ffffffff 023274b0 00000002 023274b4 41414141 023274b8 41410033 023274bc 41414141 023274c0 41414141 023274c4 41414141 023274c8 00000001 023274cc 0000000f 023274d0 00000000 023274d4 00000000 023274d8 00000000 023274dc 41414141 023274e0 bdd3747d 023274e4 80002241 023274e8 ffffffff 023274ec ffffffff 023274f0 00000000 023274f4 41414141 023274f8 41414100 023274fc 41414141 02327500 41414141 02327504 41414141 02327508 00000000 0232750c 0000000f 02327510 00000000 02327514 00000000 02327518 00000000 0232751c 41414141 02327520 bddb7445 02327524 80002341

EAX containing pointer to an invalid memory:

0:000:x86> db poi (ebx+8) 00000002 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000012 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000022 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000032 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000042 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000052 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000062 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ???????????????? 00000072 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????

Result from !analyze:

0:000:x86> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* GetUrlPageData2 (WinHttp) failed: 12002. KEY_VALUES_STRING: 1 TIMELINE_ANALYSIS: 1 Timeline: !analyze.Start Name: <blank> Time: 2018-05-28T05:55:00.250Z Diff: 250 mSec Timeline: Dump.Current Name: <blank> Time: 2018-05-28T05:55:00.0Z Diff: 0 mSec Timeline: Process.Start Name: <blank> Time: 2018-05-28T04:16:48.0Z Diff: 5892000 mSec Timeline: OS.Boot Name: <blank> Time: 2018-05-26T16:13:30.0Z Diff: 135690000 mSec DUMP_CLASS: 2 DUMP_QUALIFIER: 0 FAULTING_IP: SlimPDF_Reader+3457c 0043457c 394608 cmp dword ptr [esi+8],eax EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 0043457c (SlimPDF_Reader+0x0003457c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000008 Attempt to read from address 00000008 FAULTING_THREAD: 00000cdc DEFAULT_BUCKET_ID: NULL_CLASS_PTR_READ PROCESS_NAME: SlimPDF Reader.exe FOLLOWUP_IP: SlimPDF_Reader+3457c 0043457c 394608 cmp dword ptr [esi+8],eax READ_ADDRESS: 00000008 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000008 WATSON_BKT_PROCSTAMP: 4ecd831a WATSON_BKT_PROCVER: 1.0.1.12 PROCESS_VER_PRODUCT: SlimPDF Reader WATSON_BKT_MODULE: SlimPDF Reader.exe WATSON_BKT_MODSTAMP: 4ecd831a WATSON_BKT_MODOFFSET: 3457c WATSON_BKT_MODVER: 1.0.1.12 MODULE_VER_PRODUCT: SlimPDF Reader BUILD_VERSION_STRING: 10240.17443.amd64fre.th1.170602-2340 MODLIST_WITH_TSCHKSUM_HASH: 2b36701f96731def5752c269357e7e5a2679befb MODLIST_SHA1_HASH: d231aecbd4b1f32bc2f593851f16d87c2da75c72 NTGLOBALFLAG: 400 PROCESS_BAM_CURRENT_THROTTLED: 0 PROCESS_BAM_PREVIOUS_THROTTLED: 0 APPLICATION_VERIFIER_FLAGS: 0 PRODUCT_TYPE: 1 SUITE_MASK: 272 DUMP_TYPE: fe ANALYSIS_SESSION_HOST: DESKTOP-1IBEKMI ANALYSIS_SESSION_TIME: 05-28-2018 13:55:00.0250 ANALYSIS_VERSION: 10.0.17134.1 amd64fre THREAD_ATTRIBUTES: OS_LOCALE: ENU PROBLEM_CLASSES: ID: [0n309] Type: [@ACCESS_VIOLATION] Class: Addendum Scope: BUCKET_ID Name: Omit Data: Omit PID: [Unspecified] TID: [0xcdc] Frame: [0] : SlimPDF_Reader ID: [0n281] Type: [INVALID_POINTER_READ] Class: Primary Scope: BUCKET_ID Name: Add Data: Omit PID: [Unspecified] TID: [0xcdc] Frame: [0] : SlimPDF_Reader ID: [0n306] Type: [NULL_CLASS_PTR_READ] Class: Primary Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID: [0xf84] TID: [0xcdc] Frame: [0] : SlimPDF_Reader ID: [0n156] Type: [ZEROED_STACK] Class: Addendum Scope: BUCKET_ID Name: Add Data: Omit PID: [0xf84] TID: [0xcdc] Frame: [0] : SlimPDF_Reader BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_INVALID_POINTER_READ_ZEROED_STACK PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT LAST_CONTROL_TRANSFER: from 0044211b to 0043457c STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 0019f860 0044211b 0231d3b0 0231deb8 00000000 SlimPDF_Reader+0x3457c 0019f8e4 00443702 0231d270 022f7ef8 022f7f28 SlimPDF_Reader+0x4211b 0019f914 0041be0d 00000001 00000000 0231d3b0 SlimPDF_Reader+0x43702 0019f984 0041d20b 00000001 022df730 3f0119b6 SlimPDF_Reader+0x1be0d 0019f9d4 0045fbf0 00000001 00000001 3f0119b6 SlimPDF_Reader+0x1d20b 0019fa78 004cee26 0000007c 004cdea8 022b5340 SlimPDF_Reader+0x5fbf0 0019fb60 004afa7e 52fbf7b5 0000000f 022e1c38 SlimPDF_Reader+0xcee26 0019fbf4 004ab964 0000000f 00000000 0052df50 SlimPDF_Reader+0xafa7e 0019fc14 004ae035 0000000f 00000000 00000000 SlimPDF_Reader+0xab964 0019fc7c 004ae0c2 00000000 0003084a 0000000f SlimPDF_Reader+0xae035 0019fc9c 74904923 0003084a 0000000f 00000000 SlimPDF_Reader+0xae0c2 0019fcc8 748e4790 004ae08e 0003084a 0000000f USER32!_InternalCallWinProc+0x2b 0019fd70 748e4370 004ae08e 00000000 0000000f USER32!UserCallWinProcCheckWow+0x1f0 0019fdd0 748eb179 00eed8f0 00000000 0000000f USER32!DispatchClientMessage+0xf0 0019fe10 777fad66 0019fe2c 00000020 0019fe90 USER32!__fnDWORD+0x49 0019fe48 7490509c 748e419b 008aafd0 787b6351 ntdll_77790000!KiUserCallbackDispatcher+0x36 0019fe4c 748e419b 008aafd0 787b6351 008aafa0 USER32!NtUserDispatchMessage+0xc 0019fea0 748e3e50 78629df1 00000000 004b1d6c USER32!DispatchMessageWorker+0x33b 0019feac 004b1d6c 008aafd0 008aafd0 00599b10 USER32!DispatchMessageW+0x10 00000000 00000000 00000000 00000000 00000000 SlimPDF_Reader+0xb1d6c STACK_COMMAND: ~0s ; .cxr ; kb THREAD_SHA1_HASH_MOD_FUNC: 23c6551acd70e2ee68c3fe17230a519c8d2edbd8 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: c0fb1c21cd18236bfb477e6f4ab150f37a3c72a8 THREAD_SHA1_HASH_MOD: fca436a783f277e0e687fc89df0c8a6506b6fcd9 FAULT_INSTR_CODE: 75084639 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: SlimPDF_Reader+3457c FOLLOWUP_NAME: MachineOwner MODULE_NAME: SlimPDF_Reader IMAGE_NAME: SlimPDF_Reader.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4ecd831a FAILURE_BUCKET_ID: NULL_CLASS_PTR_READ_c0000005_SlimPDF_Reader.exe!Unknown BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_READ_INVALID_POINTER_READ_ZEROED_STACK_SlimPDF_Reader+3457c FAILURE_EXCEPTION_CODE: c0000005 FAILURE_IMAGE_NAME: SlimPDF_Reader.exe BUCKET_ID_IMAGE_STR: SlimPDF_Reader.exe FAILURE_MODULE_NAME: SlimPDF_Reader BUCKET_ID_MODULE_STR: SlimPDF_Reader FAILURE_FUNCTION_NAME: Unknown BUCKET_ID_FUNCTION_STR: Unknown BUCKET_ID_OFFSET: 3457c BUCKET_ID_MODTIMEDATESTAMP: 4ecd831a BUCKET_ID_MODCHECKSUM: 0 BUCKET_ID_MODVER_STR: 1.0.1.12 BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_NULL_CLASS_PTR_READ_INVALID_POINTER_READ_ZEROED_STACK_ FAILURE_PROBLEM_CLASS: APPLICATION_FAULT FAILURE_SYMBOL_NAME: SlimPDF_Reader.exe!Unknown WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/SlimPDF Reader.exe/1.0.1.12/4ecd831a/SlimPDF Reader.exe/1.0.1.12/4ecd831a/c0000005/0003457c.htm?Retriage=1 TARGET_TIME: 2018-05-28T05:55:11.000Z OSBUILD: 10240 OSSERVICEPACK: 17113 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt SingleUserTS USER_LCID: 0 OSBUILD_TIMESTAMP: 2016-09-07 11:54:11 BUILDDATESTAMP_STR: 170602-2340 BUILDLAB_STR: th1 BUILDOSVER_STR: 10.0.10240.17443.amd64fre.th1.170602-2340 ANALYSIS_SESSION_ELAPSED_TIME: 81ce ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:null_class_ptr_read_c0000005_slimpdf_reader.exe!unknown FAILURE_ID_HASH: {46980e42-0101-b5c8-decb-c547562bd18a} Followup: MachineOwner ---------

The error is very common issues on your computer all, the day we are facing Error but some Error may be dangerous it would damage your computer and laptop. So short out the entire problem if you are facing. In this article, we give you all the solution about ERROR CODE 0XC0000005 FIXED ON WINDOWS 7 & 10 and How to fix ERROR CODE 0XC0000005 WINDOWS 10 & 7. One single Error may stop your computer and laptop and create a critical situation.

windows 10 error code 0xc0000005

windows 10 error code 0xc0000005

[et_pb_section bb_built=”1″ admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” custom_padding=”|0px||0px” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off”][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on”…

View On WordPress

CVE-2014-1543 Firefox Heap buffer overflow by Gamepad API

Summary

Simply calling a Gamepad API navigator.getGamepads() can trigger a heap memory corruption in Firefox browser. No user interaction with gamepad. However,  there must be either some physical game pad attached to user’s machine or virtual gampad driver (e.g. vJoy) installed on user’s machine.

Affected version:  Firefox 29 , Firefox 30 , Firefox 31

OS: Windows

Proof Of Concept 

<script> navigator.getGamepads(); </script>

 Root Cause Analysis

I built the firefox code with Visual Studio. Initially when running the Proof Of Concept test case, Windows heap reported a heap memory corruption:

Critical error detected c0000374 firefox.exe has triggered a breakpoint. First-chance exception at 0x7771AA3C (ntdll.dll) in firefox.exe: 0xC0000374: A heap has been corrupted (parameters: 0x7772FE38). Unhandled exception at 0x7771AA3C (ntdll.dll) in firefox.exe: 0xC0000374: A heap has been corrupted (parameters: 0x7772FE38).

Call Stack:

ntdll.dll!_RtlReportCriticalFailure@8() Unknown ntdll.dll!_RtlpReportHeapFailure@4() Unknown ntdll.dll!_RtlpLogHeapFailure@24() Unknown ntdll.dll!@RtlpLowFragHeapAllocFromContext@16() Unknown ntdll.dll!_RtlAllocateHeap@12() Unknown msvcr120.dll!malloc(unsigned int size) Line 92 C > mozalloc.dll!moz_xmalloc(unsigned int size) Line 52 C++ xul.dll!nsTArray_base<nsTArrayInfallibleAllocator,nsTArray_CopyWithMemutils>::EnsureCapacity(unsigned int capacity, unsigned int elemSize) Line 119 C++ xul.dll!mozilla::dom::Gamepad::Gamepad(nsISupports * aParent, const nsAString_internal & aID, unsigned int aIndex, mozilla::dom::GamepadMappingType aMapping, unsigned int aNumButtons, unsigned int aNumAxes) Line 36 C++ xul.dll!mozilla::dom::Gamepad::Clone(nsISupports * aParent) Line 101 C++ xul.dll!mozilla::dom::GamepadService::SetWindowHasSeenGamepad(nsGlobalWindow * aWindow, unsigned int aIndex, bool aHasSeen) Line 457 C++ xul.dll!mozilla::dom::GamepadService::NewAxisMoveEvent(unsigned int aIndex, unsigned int aAxis, double aValue) Line 287 C++ xul.dll!`anonymous namespace'::GamepadEvent::Run() Line 278 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait, bool * result) Line 715 C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread, bool mayWait) Line 263 C++ xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 136 C++ xul.dll!MessageLoop::RunHandler() Line 223 C++ xul.dll!MessageLoop::Run() Line 197 C++ xul.dll!nsBaseAppShell::Run() Line 166 C++ xul.dll!nsAppShell::Run() Line 188 C++ xul.dll!nsAppStartup::Run() Line 279 C++ xul.dll!XREMain::XRE_mainRun() Line 4019 C++ xul.dll!NS_TableDrivenQI(void * aThis, const nsID & aIID, void * * aInstancePtr, const QITableEntry * entries) Line 17 C++ xul.dll!nsComponentManagerImpl::QueryInterface(const nsID & aIID, void * * aInstancePtr) Line 823 C++ xul.dll!nsQueryInterface::operator()(const nsID & aIID, void * * answer) Line 19 C++ xul.dll!nsCOMPtr_base::assign_from_qi(const nsQueryInterface qi, const nsID & iid) Line 56 C++

However, the memory corruption was not reported at the very first time of illegal memory write, but instead the next memory allocation or memory free operation for some other unrelated object was requested. So I got different stack trace each time running the test case.

Fortunately, Windows has another awesome built in heap debugging tool - Page Heap.

After enabling page heap (gflags.exe /p /enable firefox.exe /full), which inserts inaccessible memory page after each heap buffer, the first buffer overflow was caught. I got:

Unhandled exception at 0x0FB2759D (xul.dll) in firefox.exe: 0xC0000005: Access violation reading location 0xABA8F000.

Faulty code: :

  Gamepad::SetAxis(uint32_t aAxis, double aValue)   {     MOZ_ASSERT(aAxis < mAxes.Length()); -->  if (mAxes[aAxis] != aValue) { -->    mAxes[aAxis] = aValue;       GamepadBinding::ClearCachedAxesValue(this);     }   }

Stack Trace:

> xul.dll!mozilla::dom::Gamepad::SetAxis(unsigned int aAxis, double aValue) Line 67 C++ xul.dll!mozilla::dom::GamepadService::NewAxisMoveEvent(unsigned int aIndex, unsigned int aAxis, double aValue) Line 271 C++ xul.dll!`anonymous namespace'::GamepadEvent::Run() Line 278 C++ xul.dll!nsThread::ProcessNextEvent(bool mayWait, bool * result) Line 715 C++ xul.dll!NS_ProcessNextEvent(nsIThread * thread, bool mayWait) Line 263 C++ xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 95 C++ xul.dll!MessageLoop::RunHandler() Line 223 C++ xul.dll!MessageLoop::Run() Line 197 C++ xul.dll!nsBaseAppShell::Run() Line 166 C++ xul.dll!nsAppShell::Run() Line 188 C++ xul.dll!nsAppStartup::Run() Line 279 C++ xul.dll!XREMain::XRE_mainRun() Line 4019 C++ xul.dll!NS_TableDrivenQI(void * aThis, const nsID & aIID, void * * aInstancePtr, const QITableEntry * entries) Line 17 C++ xul.dll!nsComponentManagerImpl::QueryInterface(const nsID & aIID, void * * aInstancePtr) Line 823 C++ xul.dll!nsQueryInterface::operator()(const nsID & aIID, void * * answer) Line 19 C++ xul.dll!nsCOMPtr_base::assign_from_qi(const nsQueryInterface qi, const nsID & iid) Line 56 C++

The root cause is that the gamepad code was based on a wrong assumption about axe index. The code assumes that the axes are 0..numAxes, but the axis indices may actually be higher than numAxes because of Devices can present non-contiguous axes.  So it got a out of bound write in Gamepad::SetAxis().

Timeline:

2014-05-17. This bug was reported to Mozilla as Bug 1011859  .

2014-05-22. Mozilla developer fixed this bug in Firefox 30 and Firefox 31.

2014-06-10. Mozilla published Advisory MFSA 2014-54.