Closed Bug 1197803 Opened 9 years ago Closed 9 years ago

Firefox 40.0.2 - Flash externalinterface.call from contexmenu crash the browser

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: j.devos, Unassigned)

References

Details

Attachments

(2 files)

2015-08-24 15_36_44-Vue Schématique.png
56.80 KB, image/png
Details
Firefox40_JS_Call.zip
309.89 KB, application/zip
Details 
User Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)

Steps to reproduce:

I have flash(flex) application compiled with sdk 3.6a.
Since Firefox 40, the browser crash when I call JS function from context menu.
The JS function is never called, I use ExternalInterface.call to call the JS function.


Actual results:

The Browser freeze and not responding.


Expected results:

With previous version of Firefox, my application work properly and JS functions was properly called.
Severity: normal → blocker
Is it possible to provide a testcase (public URL to the Flash app)? It'll help to test and debug.

If not, could you on your side:
1) type about:crashes in the location bar and copy some crash IDs (bp-...).
2) set about:config > dom.ipc.plugins.asyncInit =false (restart FF to apply) and test your Flash app.
Severity: blocker → normal
Component: Untriaged → Plug-ins
Flags: needinfo?(j.devos)
Product: Firefox → Core
It's not possible because the application data is confidential.

Since the update to Firefox 40, I had 2 problems with my flash application :

1) When I loaded my data from xml, the flash player crashed, I solved this solution by setting the value to false for the parameter dom.ipc.plugins.asyncInit

2) The second problem is calling a js function from the context menu of my flash app => Firefox not responding and I must kill the process.

Here a crash report : 
https://crash-stats.mozilla.com/report/index/b902ebd3-6ee6-4367-8dde-d8c602150825
Flags: needinfo?(j.devos)
The 1st issue (about loading the Flash app) is known, it's 1196000.

About the 2nd issue, it would be nice to have a minimal testcase to debug. Do you have a testing server to host a small testcase (like displaying an image with your js function embedded)?
Blocks: asyncplugininit-compat
Jerry, I tried the following code and it worked fine. Can you provide code similar to this that reproduces the issue?

var cm:ContextMenu = new ContextMenu();
var cmi:ContextMenuItem = new ContextMenuItem('ExternalInterface test');
cmi.addEventListener(ContextMenuEvent.MENU_ITEM_SELECT, function(event:Event):void {
    trace('2+2 =',ExternalInterface.call("function(){ return 2+2; }"));
});
cm.customItems = [cmi];
this.contextMenu = cm;
Thank you, tomorrow I'll try to make you a small application to reproduce the problem and give you the URL to test
Keywords: testcase-wanted
Summary: Firefox 40 - Flash externalinterface.call from contexmenu crash the browser → Firefox 40.0.2 - Flash externalinterface.call from contexmenu crash the browser
Hello,
I found the solution, the problem occurs with the 40.0.2 release and not the 40.
When I call in my html page my flash application with the tag <object, Firefox crashes.
If I call my flash application in javascript with AC_FL_RunContent (AC_OETags.js), Firefox responding successfully.

In attachment you will find a small application to reproduce the problem.
I used the sample code of Andy except I call a js function in my page: 
ExternalInterface.call ("testCallJs");

In bin-debug directory, you have 2 pages: test_crashed.html and test_success.html

Thanks for your help.
Attached file Firefox40_JS_Call.zip 

    
    

    
  
When I run your sample code with the Flash debug player I see this:

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller file:///<redacted>/Firefox40_JS_Call/bin-debug/Firefox40_JS_Call.swf cannot access file:///<redacted>/Firefox40_JS_Call/bin-debug/test_crashed.html.
	at flash.external::ExternalInterface$/_initJS()
	at flash.external::ExternalInterface$/call()
	at Function/<anonymous>()[D:\ADOBE\FLEX\_EXEMPLES\Firefox40_JS_Call\src\Firefox40_JS_Call.mxml:16]


Are you sure that it is really Firefox 40 that is the problem, or could it be a Flash security update that was installed around the same time? A quick Google search is suggesting to me that some recent updates have tightened up some security restrictions.
Flags: needinfo?(j.devos)

    
    

    
  
Aaron, there is no security sandbox error when you put the files behind a web server like Tomcat.

Jerry, my Firefox crashes when calling JS alert() immediately from a Flash context menu item, and I'm not surprised, since alert() should not be used in production code anyway. Do you have an example that doesn't use alert()?

I tried the following:

Crashes:
ExternalInterface.call("function(){ alert('testCallJs'); }");

Succeeds:
ExternalInterface.call("function(){ setTimeout(function(){ alert('testCallJs'); }, 0); }");

    
    

    
  
Is CrashReporter catching any of your crashes? Can you go to about:crashes and paste a URL here?
Flags: needinfo?(andy.dufilie)

    
    

    
  
No, it just freezes and I have to kill the process.
Flags: needinfo?(andy.dufilie)

    
    

    
  
Actually, false alarm. The crash does not occur for me with the latest Flash Player.

    
    

    
  
I have the latest version of Flash Player (18.0.0.232) installed on Firefox and the browser always crash with test_crashed.html
Flags: needinfo?(j.devos)

    
    

    
  
Ok, I can reproduce the crash using Jerry's code. I've uploaded it here:

http://demo.oicweave.org/test-firefox/test_crashed.html

Firefox 40.0.3 hangs and does not create a crash report.  I have to kill the process.

    
    

    
  
It's weird, with the previous link, the bug is reproducible in FF40.
But I found a regression in FF42, not 40...
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=d57abbdc0c0b18274adbabd600c628e70fbc2c96&tochange=f290fbb44af6c60614866deeef5e7cb4a53b3d56
Aaron Klotz — Bug 1185639 - Allow deferred message processing to happen between consecutive IPC message dispatches. r=jimm

But this bug has not been backported into FF40, so maybe another bugfix triggers the bug in FF40.

    
    

    
  
With the testcase in comment 14, I can reproduce the hang in Firefox 41, but not with a recent beta of Firefox 42 or a current nightly build.

Jerry, can you try a Firefox 42 beta and see if that works as expected with your application?
https://www.mozilla.org/en-US/firefox/channel/
Flags: needinfo?(j.devos)
Keywords: testcase-wanted

    
    

    
  
Hello Ryan, with Firefox 42 beta (42.0b8), it works perfectly.
Thanks
Flags: needinfo?(j.devos)

    
    

    
  
WFM with Beta.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: