Closed
Bug 1093330
Opened 10 years ago
Closed 7 years ago
Delayed plugin input events sometimes crash when handled
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: smichaud, Unassigned, Mentored)
Details
(Whiteboard: [lang=objc])
Crash Data
The NPCocoaEvent structure contains a number of fields for input events that (under the hood) are reference counted native objects: NPNSString *NPCocoaEvent.data.key.characters NPNSString *NPCocoaEvent.data.key.charactersIgnoringModifiers NPNSString *NPCocoaEvent.data.text.text (An NSNSString* is basically an NSString* or a CFStringRef.) The processing of any input event (including plugin events) can be delayed, in either of these two locations: https://hg.mozilla.org/mozilla-central/annotate/a458860efad7/layout/base/nsPresShell.cpp#l7340 https://hg.mozilla.org/mozilla-central/annotate/a458860efad7/layout/base/nsPresShell.cpp#l7606 No provision is made for incrementing or decrementing the reference counts of these native objects when the handling of an input event is delayed. As a result we sometimes crash. Here are a few examples: https://crash-stats.mozilla.com/report/list?signature=objc_msgSend+%7C+IPC%3A%3AParamTraits%3C_NPNSString%2A%3E%3A%3AWrite%28IPC%3A%3AMessage%2A%2C+_NPNSString%2A+const%26%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&hang_type=any&date=2014-11-03+22%3A00%3A00&range_value=4#reports https://crash-stats.mozilla.com/report/list?signature=libobjc.A.dylib%400x10dd&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&platform=mac&version=Firefox%3A34.0b5&hang_type=any&date=2014-11-03+22%3A00%3A00&range_value=1#reports Due to longstanding bugs and design flaws in Socorro, it's exceedingly difficult to tell how many of these crashes we have, or when they started. The bug itself (actually a design flaw) is old -- it goes back to our first implementation of delayed input events. But I don't think we've seen many crashes. At least they haven't come to my attention before. They have now, though. And there's some evidence they have increased recently.
Reporter | ||
Updated•10 years ago
|
Crash Signature: [@ objc_msgSend | IPC::ParamTraits<_NPNSString*>::Write(IPC::Message*, _NPNSString* const&) ]
[@ libobjc.A.dylib@0x10dd ]
Reporter | ||
Comment 1•10 years ago
|
||
I'll get to this eventually. But I won't cry if someone else takes it away from me.
Assignee: nobody → smichaud
Comment 2•10 years ago
|
||
I just ran into this crash while uploading a file to Jenkins: https://crash-stats.mozilla.com/report/index/2cc51b83-16fb-4caa-8872-8bc4b2141201
Updated•10 years ago
|
Assignee: smichaud → nobody
Mentor: smichaud
Whiteboard: [lang=objc]
Updated•9 years ago
|
Crash Signature: [@ objc_msgSend | IPC::ParamTraits<_NPNSString*>::Write(IPC::Message*, _NPNSString* const&) ]
[@ libobjc.A.dylib@0x10dd ] → [@ objc_msgSend | IPC::ParamTraits<_NPNSString*>::Write(IPC::Message*, _NPNSString* const&) ]
[@ libobjc.A.dylib@0x10dd ]
[@ objc_msgSend | IPC::ParamTraits<T>::Write ]
Comment 3•7 years ago
|
||
Resolving old bugs which are likely not relevant any more, since NPAPI plugins are deprecated.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•