Closed Bug 1126570 Opened 9 years ago Closed 7 years ago

Flash hangs (for some users) when both protected mode and the Firefox sandbox are used

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
36 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: johan.charlez, Unassigned)

References

Details

Since https://hg.mozilla.org/releases/mozilla-aurora/rev/8f49a2fc3f0c was pushed to Aurora, navigating to a youtube video will cause flash to crash, and in turn the unresponsive script warning is looped. (Note: navigating to "youtube.com" is enough in my case for Firefox to ask whether I want to allow Flash or not.)

Three Flash processes are started when navigating to Youtube, two instances of "FlashPlayerPlugin_16_0_0_296.exe" and one instance of "plugin-container.exe". The "Stop Plugin" button will kill all three Flash processes, but they will immediately restart and flash again becomes unresponsive. Rince repeat.

I suppose this could've been caused by bug 1125891 landing, please correct me if I'm wrong.
This is indeed caused by bug 1125891, setting "dom.ipc.plugins.sandbox.flash" to false will fix this.
To correct comment 0, this bug also affects Nightly.
Blocks: 1123245
Summary: Firefox is stuck in unresponsive plugin warning loop. → Firefox becomes stuck in a "Warning: Unresponsive plugin"-loop with dom.ipc.plugins.sandbox.flash set to true.
(In reply to Johan C from comment #0)
> Since https://hg.mozilla.org/releases/mozilla-aurora/rev/8f49a2fc3f0c was
> pushed to Aurora, navigating to a youtube video will cause flash to crash,
> and in turn the unresponsive script warning is looped. (Note: navigating to
> "youtube.com" is enough in my case for Firefox to ask whether I want to
> allow Flash or not.)
> 
> Three Flash processes are started when navigating to Youtube, two instances
> of "FlashPlayerPlugin_16_0_0_296.exe" and one instance of
> "plugin-container.exe". The "Stop Plugin" button will kill all three Flash
> processes, but they will immediately restart and flash again becomes
> unresponsive. Rince repeat.

This is odd, flash is still starting in protected mode (the two FlashPlayerPlugin_16_0_0_296.exe processes).

Do you have the flash protected mode pref set to false?:
dom.ipc.plugins.flash.disable-protected-mode

Or perhaps you have ProtectedMode=1 in your mms.cfg file (in C:\Windows\SysWOW64\Macromed\Flash)

Either way, it still shouldn't be causing a problem even with flash protected mode.

Is it a particular video that causes the problem or all?

Have you tried with a clean profile?


(Sorry about all the questions.)
Flags: needinfo?(johan.charlez)
(In reply to Bob Owen (:bobowen) from comment #4)
> Do you have the flash protected mode pref set to false?:
> dom.ipc.plugins.flash.disable-protected-mode
No, "dom.ipc.plugins.flash.disable-protected-mode" is set to "true".

> Or perhaps you have ProtectedMode=1 in your mms.cfg file (in
> C:\Windows\SysWOW64\Macromed\Flash)
Yes, unfortunately with "ProtectedMode=0" I run into bug 949121.

> Is it a particular video that causes the problem or all?
No, this doesn't appear to be specific to youtube either. Visiting http://youtube.com is enough, but I can also reproduce the bug on http://get.adobe.com/flashplayer/.

> Have you tried with a clean profile?
Yep, crash report from clean profile:
https://crash-stats.mozilla.com/report/index/34271ed6-abb8-4818-9e78-450b52150128

> (Sorry about all the questions.)
No problem. :)
Flags: needinfo?(johan.charlez)
Thanks Johan.
Another couple of questions. :)

(In reply to Johan C from comment #5)
> (In reply to Bob Owen (:bobowen) from comment #4)

> > Or perhaps you have ProtectedMode=1 in your mms.cfg file (in
> > C:\Windows\SysWOW64\Macromed\Flash)
> Yes, unfortunately with "ProtectedMode=0" I run into bug 949121.

Do you get the problem in this bug if you disable protected mode (remove this line or set to 0), but have dom.ipc.plugins.sandbox.flash set to true?

If you don't get the problem in this bug, do you still get the problem in bug 949121?

I hope that makes sense.
(In reply to Bob Owen (:bobowen) from comment #6)
> Do you get the problem in this bug if you disable protected mode (remove
> this line or set to 0), but have dom.ipc.plugins.sandbox.flash set to true?
Doh, I should have tried this first, sorry. After removing the line in mms.cfg I can't reproduce the hang any more.

> If you don't get the problem in this bug, do you still get the problem in
> bug 949121?
With the ProtectedMode line removed from mms.cfg, I can no longer reproduce this bug.
Interesting. Do you know why ProtectedMode=1 was in your mms.cfg? Did you add it yourself?

I'm primarily worried about this for the following possible reasons:

* an unknown set of users will have the setting in mms.cfg
* we turn protected mode back on if Flash is known-vulnerable, bug 1126450.

I tried to reproduce this but couldn't locally. This looks like a classic deadlock (the Flash sandboxed process is stuck at MsgWaitForMultipleObjects probably waiting on an attached event queue which is blocked on another process), but I really don't understand why our minimal sandbox would be changing the behavior.
Summary: Firefox becomes stuck in a "Warning: Unresponsive plugin"-loop with dom.ipc.plugins.sandbox.flash set to true. → Flash hangs (for some users) when both protected mode and the Firefox sandbox are used
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #8)
> Interesting. Do you know why ProtectedMode=1 was in your mms.cfg? Did you
> add it yourself?
Yes.
 
> I'm primarily worried about this for the following possible reasons:
> 
> * an unknown set of users will have the setting in mms.cfg
> * we turn protected mode back on if Flash is known-vulnerable, bug 1126450.
I did some further testing and disabled protected mode through about:config.
  * With the "ProtectedMode=" line removed from mms.cfg
  * "dom.ipc.plugins.flash.disable-protected-mode" set to true
This will also trigger this bug.
> > I'm primarily worried about this for the following possible reasons:
> > 
> > * an unknown set of users will have the setting in mms.cfg
> > * we turn protected mode back on if Flash is known-vulnerable, bug 1126450.
> I did some further testing and disabled protected mode through about:config.
>   * With the "ProtectedMode=" line removed from mms.cfg
>   * "dom.ipc.plugins.flash.disable-protected-mode" set to true
> This will also trigger this bug.
Doh, I meant "dom.ipc.plugins.flash.disable-protected-mode" set to false.
Even with some better symbols, I can't figure out what's going on here. It looks like Flash code in plugin-container is not dispatching something correctly, but I can't figure out what or why not.

I can't reproduce this, but I'm hoping perhaps we can on some of our QA hardware. Syd, I'm looking for testing where dom.ipc.plugins.flash.disable-protected-mode is false, but dom.ipc.plugins.sandbox.flash is still true. Could you try this (with 36.0b5 or newer) and see if you can reproduce these hangs? The bug here is reported on Windows 7 SP1.
Flags: needinfo?(spolk)
I need to disable MSE for this to fall back to Flash, right? I am not sure how to set this up where MSE is not triggered and Flash would be unless I run on the "N" version of Windows 7.
Flags: needinfo?(spolk)
Since this isn't specific to youtube, any site that uses Flash should be sufficient.
I am running Windows 7 SP 1 with latest Flash Player. I set those settings, and then went both Facebook and www.addictinggames.com, and nothing hung or froze. Wasn't particularly fast, but still...
Right, I can't reproduce this, but I've seen this report plus bug 1127586 which is very similar. I'd like to see if we can test with a variety of systems and find one which can reproduce.
I wonder if the hook to turn off protected mode and the sandbox filesystem interceptions are interfering with each other.
Not sure why that would only present itself when Protected Mode is forced on via the mms.cfg file though.
You should ask Marcia to help. She has a lot more configs than I do.
Flags: needinfo?(mozillamarcia.knous)
I haven't been able to reproduce this yet on 2 different lab systems - both are running Windows 7 Pro SP1 with the latest flash version (Version: 16.0.0.305).

Tried with a variety of flash sites including various flash game sites. Do you want about:support information on these machines?
Flags: needinfo?(mozillamarcia.knous)
Clint, perhaps this is a good candidate for our 3rd party partners to test this on a wide variety of configs?
Flags: needinfo?(ctalbert)
Don't need the config of machines which can't reproduce. Maybe this is something we can do as part of the testday or on one-and-done?
(In reply to Syd Polk :sydpolk from comment #19)
> Clint, perhaps this is a good candidate for our 3rd party partners to test
> this on a wide variety of configs?

I can put this on the list for future runs of the graphics lab team. But there is no run underway at the moment. We do these per run, so we likely won't do another on 36 given that this configuration is not shipping in 36, I don't think it makes financial sense to run this there.  I think running it as a one and done or a test day task would help if we can offer the steps out into the community and get some feedback that would be excellent. We could try posting on dev-quality and/or on beta-testers etc.

When we do another graphics run for 37/38, I can certainly add this to the list.
Flags: needinfo?(ctalbert)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.