Closed Bug 1171532 Opened 9 years ago Closed 9 years ago

crash in mozilla::plugins::PluginAsyncSurrogate::ScriptableInvalidate(NPObject*)

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
39 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1171453

People

(Reporter: away, Unassigned)

Details

(Keywords: crash, sec-high)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-3483ef09-69f8-49f0-9c74-def1c2150602.
=============================================================

This has the #5 crash score on 39 beta. The signature is only seen on the 39 train.

CheckPluginStopEvent is right next to RunSyncSectionsInternal, so I want to say this can be fixed by uplifting bug 1158761. Aaron can you confirm?

Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::plugins::PluginAsyncSurrogate::ScriptableInvalidate(NPObject*) 	dom/plugins/ipc/PluginAsyncSurrogate.cpp
1 	xul.dll 	NPObjWrapperPluginDestroyedCallback 	dom/plugins/base/nsJSNPRuntime.cpp
2 	xul.dll 	nsJSNPRuntime::OnPluginDestroy(_NPP*) 	dom/plugins/base/nsJSNPRuntime.cpp
3 	xul.dll 	nsNPAPIPluginInstance::Stop() 	dom/plugins/base/nsNPAPIPluginInstance.cpp
Ø 4 	msmpeg2vdec.dll 	msmpeg2vdec.dll@0x2a8ebf 	
5 	xul.dll 	nsPluginHost::StopPluginInstance(nsNPAPIPluginInstance*) 	dom/plugins/base/nsPluginHost.cpp
6 	xul.dll 	nsObjectLoadingContent::DoStopPlugin(nsPluginInstanceOwner*, bool, bool) 	dom/base/nsObjectLoadingContent.cpp
7 	xul.dll 	nsObjectLoadingContent::StopPluginInstance() 	dom/base/nsObjectLoadingContent.cpp
8 	xul.dll 	CheckPluginStopEvent::Run() 	dom/base/nsObjectLoadingContent.cpp
9 	xul.dll 	nsBaseAppShell::RunSyncSectionsInternal(bool, unsigned int) 	widget/nsBaseAppShell.cpp
10 	xul.dll 	nsBaseAppShell::AfterProcessNextEvent(nsIThreadInternal*, unsigned int, bool) 	widget/nsBaseAppShell.cpp
11 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
12 	xul.dll 	_SEH_epilog4 	f:/dd/vctools/crt/crtw32/misc/i386/sehprolg4.asm:123
Flags: needinfo?
Oops, flag didn't stick:

> CheckPluginStopEvent is right next to RunSyncSectionsInternal, so I want to
> say this can be fixed by uplifting bug 1158761. Aaron can you confirm?
Flags: needinfo? → needinfo?(aklotz)
Forgot to mention: most of the crashes are derefs on the jemalloc poison value.

Almost all the URLs are on secureserver.net. One user says:

"Firefox has been crashing everytime I send an email from serversecure.net, Godaddy's Web based email server.I tried the safe restart and the reinstall. Firefox worked for the first two emails I sent, but then crashed again after that."
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(aklotz)
Resolution: --- → DUPLICATE
Group: core-security → core-security-release
Group: core-security-release
Keywords: sec-high
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.