Closed Bug 1170676 Opened 6 years ago Closed 6 years ago

crash in mozilla::plugins::PluginModuleParent::StreamCast(_NPP*, _NPStream*, mozilla::plugins::PluginAsyncSurrogate**)

Categories

(Core :: Plug-ins, defect)

x86
Windows NT
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla41
Tracking Status
firefox39 + fixed
firefox40 + fixed
firefox41 --- fixed

People

(Reporter: kairo, Assigned: aklotz)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

[Tracking Requested - why for this release]:

This bug was filed from the Socorro interface and is 
report bp-dcef83ed-19c4-41b5-87e0-4723b2150531.
=============================================================

Stack:
0 	xul.dll 	mozilla::plugins::PluginModuleParent::StreamCast(_NPP*, _NPStream*, mozilla::plugins::PluginAsyncSurrogate**) 	dom/plugins/ipc/PluginModuleParent.cpp
1 	xul.dll 	mozilla::plugins::PluginModuleParent::NPP_WriteReady(_NPP*, _NPStream*) 	dom/plugins/ipc/PluginModuleParent.cpp
2 	xul.dll 	nsNPAPIPluginStreamListener::OnDataAvailable(nsPluginStreamListenerPeer*, nsIInputStream*, unsigned int) 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp
3 	xul.dll 	nsNPAPIPluginStreamListener::Notify(nsITimer*) 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp
4 	xul.dll 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
5 	xul.dll 	nsTimerEvent::Run() 	xpcom/threads/nsTimerImpl.cpp

This is a new browser crash we are seeing in 39.0b1 (right now 0.9% of all browser crashes), but it's in plugin code, the reports seem to all be EXCEPTION_ACCESS_VIOLATION_READ at 0x20 (32bit, see report linked above) or 0x38 (64bit, e.g. bp-6158001c-0f4f-41d4-a67d-258762150530), spread across all Windows versions from XP to Win10, on both 32bit and 64bit builds.

Aaron, given that your async plugin init code is new in 39, can you take a look?
Flags: needinfo?(aklotz)
Tracked for 39.
Attached patch FixSplinter Review
We should only be doing sanity checks if the BrowserStreamParent is not null.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Flags: needinfo?(aklotz)
Attachment #8617068 - Flags: review?(jmathies)
Attachment #8617068 - Flags: review?(jmathies) → review+
#4 crash on 39.0b
Keywords: topcrash
https://hg.mozilla.org/mozilla-central/rev/91bb0d44384a
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Comment on attachment 8617068 [details] [diff] [review]
Fix

Approval Request Comment
[Feature/regressing bug #]: Async plugin init
[User impact if declined]: Crashes
[Describe test coverage new/current, TreeHerder]: On m-c, plugin test suite
[Risks and why]: None, trivial patch adding a null pointer check.
[String/UUID change made/needed]: None
Attachment #8617068 - Flags: approval-mozilla-beta?
Attachment #8617068 - Flags: approval-mozilla-aurora?
RyanVM, if this looks good on m-c in the morning can you uplift it to aurora and beta? (Since you will likely wake up before me.)  Thanks!
Flags: needinfo?(ryanvm)
Comment on attachment 8617068 [details] [diff] [review]
Fix

Approved for uplift to beta and aurora
Attachment #8617068 - Flags: approval-mozilla-beta?
Attachment #8617068 - Flags: approval-mozilla-beta+
Attachment #8617068 - Flags: approval-mozilla-aurora?
Attachment #8617068 - Flags: approval-mozilla-aurora+
Flags: needinfo?(ryanvm)
You need to log in before you can comment on or make changes to this bug.