Closed Bug 1130747 Opened 9 years ago Closed 9 years ago

crash in mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper(void*, bool*, bool*, _NPVariant*)

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
38 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox38 verified)

Status:
VERIFIED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- verified

People

(Reporter: vladan, Assigned: bugzilla)

References

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

Better error checking
1.21 KB, patch
jimm
: review+
bugzilla
: checkin+
Details | Diff | Splinter Review
hangStack.txt
3.23 KB, text/plain
Details
Check for null actor
1.26 KB, patch
jimm
: review+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-ad5cdf89-a443-4791-8968-654652150207.
=============================================================

This crash happens intermittently during page loading with dom.ipc.plugins.asyncInit set to true. A plugin is not being initialized in this stack, but I've only seen this crash happen in my profiles that have asyncInit enabled. Crash occurs both with e10s and non-e10s.

Maybe one of the plugin experts could help interpret this stack?
Are there any URLs that this occurs consistently with?
Flags: needinfo?(vdjeric)
(In reply to Aaron Klotz [:aklotz] (please use needinfo) from comment #2)
> Are there any URLs that this occurs consistently with?

I can't reproduce it reliably but I've had this crash happen two more times today. All 3 times I had the Plugin Hang UI appear, I then clicked "Stop plugin" and then got the crash.
Flags: needinfo?(vdjeric)
A call stack from the original hang that spawned the plugin hang ui would be very useful here.
Flags: needinfo?(vdjeric)
Ok i'll keep an eye out
The initial hang is still important to investigate for this bug, but this is a speculative fix that might help with the crashing.
Attachment #8561162 - Flags: review?(jmathies)
Attachment #8561162 - Flags: review?(jmathies) → review+
Attached file hangStack.txt 
I got another one of these hangs tonight. The Plugin Hang UI popped up, but then Firefox crashed before I could attach a debugger.

I was able to reproduce the hang a second time, and this time I captured this main-thread stack while the Plugin Hang UI was still active. Obviously, I can't be 100% sure this is the same hang.

When I resumed Firefox after a few minutes, it did not crash.
Flags: needinfo?(vdjeric)
Flags: needinfo?(aklotz)
I compared a crash report from yesterdays build against the binaries of the build itself. Based upon the state of the registers in that crash dump I was able to deduce that the crash is due to a null actor, presumably due to plugin-container termination.

This patch is not speculative; it will definitely eliminate the crashes for this signature.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Attachment #8563739 - Flags: review?(jmathies)
(In reply to Vladan Djeric (:vladan) -- please needinfo! from comment #10)
> Related crash signature?
> https://crash-stats.mozilla.com/report/index/d5f0c7c7-27a3-4fdc-89c2-
> 2a31c2150212

That looks like a content bug. There's a null pointer to the nsPluginInstanceOwner object. Please file separately.
Flags: needinfo?(aklotz)
Attachment #8563739 - Flags: review?(jmathies) → review+
https://hg.mozilla.org/mozilla-central/rev/edd04b167f47
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox38: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Socorro [1] shows zero crashes over the past 4 weeks.
Status: RESOLVED → VERIFIED
status-firefox38: fixedverified
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: