crash in mozilla::plugins::PluginModuleParent::StreamCast(_NPP*, _NPStream*, mozilla::plugins::PluginAsyncSurrogate**)

RESOLVED FIXED in Firefox 39

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Robert Kaiser, Assigned: aklotz)

Tracking

({crash, topcrash})

Trunk
mozilla41
x86
Windows NT
crash, topcrash
Points:
---

Firefox Tracking Flags

(firefox39+ fixed, firefox40+ fixed, firefox41 fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
[Tracking Requested - why for this release]:

This bug was filed from the Socorro interface and is 
report bp-dcef83ed-19c4-41b5-87e0-4723b2150531.
=============================================================

Stack:
0 	xul.dll 	mozilla::plugins::PluginModuleParent::StreamCast(_NPP*, _NPStream*, mozilla::plugins::PluginAsyncSurrogate**) 	dom/plugins/ipc/PluginModuleParent.cpp
1 	xul.dll 	mozilla::plugins::PluginModuleParent::NPP_WriteReady(_NPP*, _NPStream*) 	dom/plugins/ipc/PluginModuleParent.cpp
2 	xul.dll 	nsNPAPIPluginStreamListener::OnDataAvailable(nsPluginStreamListenerPeer*, nsIInputStream*, unsigned int) 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp
3 	xul.dll 	nsNPAPIPluginStreamListener::Notify(nsITimer*) 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp
4 	xul.dll 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
5 	xul.dll 	nsTimerEvent::Run() 	xpcom/threads/nsTimerImpl.cpp

This is a new browser crash we are seeing in 39.0b1 (right now 0.9% of all browser crashes), but it's in plugin code, the reports seem to all be EXCEPTION_ACCESS_VIOLATION_READ at 0x20 (32bit, see report linked above) or 0x38 (64bit, e.g. bp-6158001c-0f4f-41d4-a67d-258762150530), spread across all Windows versions from XP to Win10, on both 32bit and 64bit builds.

Aaron, given that your async plugin init code is new in 39, can you take a look?
Flags: needinfo?(aklotz)
Tracked for 39.
tracking-firefox39: ? → +
Created attachment 8617068 [details] [diff] [review]
Fix

We should only be doing sanity checks if the BrowserStreamParent is not null.
Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Flags: needinfo?(aklotz)
Attachment #8617068 - Flags: review?(jmathies)

Updated

2 years ago
Attachment #8617068 - Flags: review?(jmathies) → review+

Comment 3

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/91bb0d44384a
Blocks: 1116806

Comment 4

2 years ago
#4 crash on 39.0b
Keywords: topcrash
https://hg.mozilla.org/mozilla-central/rev/91bb0d44384a
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox41: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Comment on attachment 8617068 [details] [diff] [review]
Fix

Approval Request Comment
[Feature/regressing bug #]: Async plugin init
[User impact if declined]: Crashes
[Describe test coverage new/current, TreeHerder]: On m-c, plugin test suite
[Risks and why]: None, trivial patch adding a null pointer check.
[String/UUID change made/needed]: None
Attachment #8617068 - Flags: approval-mozilla-beta?
Attachment #8617068 - Flags: approval-mozilla-aurora?
RyanVM, if this looks good on m-c in the morning can you uplift it to aurora and beta? (Since you will likely wake up before me.)  Thanks!
Flags: needinfo?(ryanvm)
status-firefox40: --- → affected
tracking-firefox40: --- → +
Comment on attachment 8617068 [details] [diff] [review]
Fix

Approved for uplift to beta and aurora
Attachment #8617068 - Flags: approval-mozilla-beta?
Attachment #8617068 - Flags: approval-mozilla-beta+
Attachment #8617068 - Flags: approval-mozilla-aurora?
Attachment #8617068 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/68a514413550
status-firefox40: affected → fixed
https://hg.mozilla.org/releases/mozilla-beta/rev/b41419fa52bb
status-firefox39: affected → fixed
Flags: needinfo?(ryanvm)
You need to log in before you can comment on or make changes to this bug.