Closed
Bug 1155241
Opened 10 years ago
Closed 10 years ago
crash in nsPluginInstanceOwner::SetFrame(nsPluginFrame*)
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox37 wontfix, firefox38 wontfix, firefox39+ fixed, firefox40 fixed)
RESOLVED
FIXED
mozilla40
People
(Reporter: bugzilla, Assigned: bugzilla)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.26 KB,
patch
|
smaug
:
review+
lmandel
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-3512fd28-e6fc-4b6b-8194-28cc32150415.
=============================================================
nsObjectLoadingContent's pointer to the plugin owner is nullptr by the time the crash notification occurs. This can happen in async init if content stopped the plugin while init was still running asynchronously.
|
Assignee | |
Comment 1•10 years ago
|
||
It is now possible for the owner to be nullptr under async plugin init, so we need to add a check for that.
Attachment #8594944 -
Flags: review?(bugs)
|
||
Updated•10 years ago
|
Attachment #8594944 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 2•10 years ago
|
||
Thanks for the quick review!
try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=2677ec44adba
|
|
Assignee | |
Comment 3•10 years ago
|
||
|
|
Assignee | |
Comment 4•10 years ago
|
||
Comment on attachment 8594944 [details] [diff] [review]
Add nullptr check
Approval Request Comment
[Feature/regressing bug #]: Async plugin init
[User impact if declined]: Instability. #2 topcrasher on aurora
[Describe test coverage new/current, TreeHerder]: Local, landing on m-c
[Risks and why]: None, trivial patch to eliminate nullptr dereference
[String/UUID change made/needed]: None
Attachment #8594944 -
Flags: approval-mozilla-aurora?
|
||
Comment 5•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
||
Comment 6•10 years ago
|
||
[Tracking Requested - why for this release]:
This is 10% of all Dev Edition browser crashes right now.
tracking-firefox39:
--- → ?
|
||
Comment 7•10 years ago
|
||
Interestingly, I see this crash signature in 35+. However, the volume is much lower in releases prior to 39. Tracking 39+
|
|
||
Comment 8•10 years ago
|
||
Comment on attachment 8594944 [details] [diff] [review]
Add nullptr check
Given that this is a fix for plug-in async init, which can't be tested in Nightly, and that it is a simple fix, I'm approving for Aurora. Aurora+
Attachment #8594944 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
||
Comment 9•10 years ago
|
||
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•