Closed Bug 546766 Opened 14 years ago Closed 14 years ago

Crash in [@ mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&) ]

Categories

(Core Graveyard :: Plug-ins, defect)

x86
Windows Vista
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: marcia, Assigned: jimm)

References

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

Seen while reviewing the Windows trunk crash reports and currently the #7 top crash on Windows. Some are startup crashes while a few seem to have significant uptime. No comments in the reports so far.

Signature	mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&)
UUID	1d785f00-0aee-4f6a-b939-517fb2100217
Process Type	plugin Version: Filename: NPSWF32.dll
Time 	2010-02-17 08:05:30.466238
Uptime	387
Product	Firefox
Version	3.7a2pre
Build ID	20100211050928
Branch	1.9.3
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 15 model 4 stepping 9
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0xffffffffff00c3fc
Email Address	
URL	
User Comments	
Processor Notes 	
Crashing Thread

Frame  	Module  	Signature [Expand]  	Source
0 		@0xc3fc84 	
1 	xul.dll 	mozilla::plugins::PPluginModuleChild::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginModuleChild.cpp:378
2 	xul.dll 	mozilla::ipc::RPCChannel::DispatchIncall 	ipc/glue/RPCChannel.cpp:372
3 	xul.dll 	mozilla::ipc::RPCChannel::Incall 	ipc/glue/RPCChannel.cpp:357
4 	xul.dll 	mozilla::ipc::RPCChannel::OnMaybeDequeueOne 	ipc/glue/RPCChannel.cpp:292
5 	xul.dll 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:326
6 	xul.dll 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:334
7 	xul.dll 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:434
8 	xul.dll 	base::MessagePumpForUI::DoRunLoop 	ipc/chromium/src/base/message_pump_win.cc:209
9 	xul.dll 	base::MessagePumpWin::RunWithDispatcher 	ipc/chromium/src/base/message_pump_win.cc:52
10 	xul.dll 	base::MessagePumpWin::Run 	ipc/chromium/src/base/message_pump_win.h:78
11 	xul.dll 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:211
12 	xul.dll 	MessageLoop::RunHandler 	
13 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:168
14 	xul.dll 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:165
15 	xul.dll 	`anonymous namespace'::ThreadFunc 	ipc/chromium/src/base/platform_thread_win.cc:26
16 	kernel32.dll 	BaseThreadStart
It's a plugin-process crash so it's not going to have comments (and is less important than browser-process crashes).
Blocks: OOPP
In almost all cases, the plugin for these crashes is
npFoxitReaderPlugin.dll
Yeah... I couldn't reproduce locally because foxit doesn't work at all (IPP or OOPP). It's really strange.
Assignee: nobody → jmathies
Attached file crash when closing tab
Attached patch fixSplinter Review
Don't trust plugin return values for getvalue calls.
Attachment #432173 - Flags: review?
Attachment #432173 - Flags: review? → review?(benjamin)
Attachment #432173 - Flags: review?(benjamin) → review+
http://hg.mozilla.org/mozilla-central/rev/0ab4f3a39bb9

lets see how crashstats look in a few days.
Thank you! I can view pdfs again in Foxit Reader
Going to go ahead and close this out. We had ~150 crashes on the build from the 13th, the build on the 14th has yet to report a single crash with this signature. If we see one this week we can re-open this up.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Here are a few other crash bugs worth keeping an eye on which appear to be fixed by this patch as well:

bug 544058 - 
mozilla::plugins::PluginModuleChild::UnregisterActorForNPObject(NPObject*)

bug 551508 - 
mozilla::ipc::RPCChannel::RPCListener::OnEnteredCxxStack()

bug 552305 - 
mozilla::plugins::PluginScriptableObjectChild::Unprotect()

A few other signatures that have no bugs that look promising:
 
mozilla::plugins::PluginInstanceChild::GetActorForNPObject(NPObject*)

mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&)

mozilla::plugins::PPluginModuleChild::OnMessageReceived(IPC::Message const&)

mozilla::plugins::PPluginScriptableObjectChild::OnCallReceived(IPC::Message const&, IPC::Message*&)
Crash Signature: [@ mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&) ]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: