If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

from talkback reports [@ nsPluginStreamListenerPeer::OnDataAvailable]

VERIFIED FIXED in mozilla0.9.9

Status

()

Core
Plug-ins
VERIFIED FIXED
16 years ago
16 years ago

People

(Reporter: serge (gone), Assigned: serge (gone))

Tracking

Trunk
mozilla0.9.9
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

546 bytes, patch
Peter Lubczynski
: review+
Patrick C. Beard
: superreview+
Details | Diff | Splinter Review
(Assignee)

Description

16 years ago
From the trunk (-0.9.9)
Crash data range: 2002-02-20 to 2002-02-25 Build ID range: 2002021918 to 
2002022509 
     Stack Trace: 
     nsPluginStreamListenerPeer::OnDataAvailable
     [d:\builds\seamonkey\mozilla\modules\plugin\base\src\nsPluginHostImpl.cpp 
line 2146] 
     nsImapCacheStreamListener::OnDataAvailable
     [d:\builds\seamonkey\mozilla\mailnews\imap\src\nsImapProtocol.cpp line 
6977] 
     nsStorageTransport::nsReadRequest::OnDataAvailable
     [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStorageTransport.cpp line 
628] 
     XPTC_InvokeByIndex 
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp 
line 106] 
     EventHandler [d:\builds\seamonkey\mozilla\xpcom\proxy\src\nsProxyEvent.cpp 
line 516] 
     PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 
591] 
     PL_ProcessPendingEvents 
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c line 524] 
     _md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c 
line 1072] 
     nsAppShellService::Run 
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp line 308] 
     netscp6.exe + 0x1f95 (0x00401f95) 
     netscp6.exe + 0x1b45 (0x00401b45) 
     netscp6.exe + 0x3254 (0x00403254) 
     KERNEL32.DLL + 0xd326 (0x77e8d326) 

     Source File : 
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/plugin/base/src/nsPl
uginHostImpl.cpp line :
     2146

     Incident 3162860 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3162860
         Email: momoi@netscape.com
         Comments: 2002-02-19 Win32 trunk build.I clicked on a specific message 
and it crashed the above.I have not
     looked at what that message contains yet.
     Incident 3352730 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3352730
         Email: janc@netscape.com
         Comments: email...
     Incident 3359935 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3359935
     Incident 3361981 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3361981
         Email: janc@netscape.com
         Comments: email...
     Incident 3362098 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3362098
     Incident 3362116 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3362116
---
From 098
nsPluginStreamListenerPeer::OnDataAvailable  (1 crashes)
Source File : 
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/plugin/base/src/nsPl
uginHostImpl.cpp line :
     2065
     Incident 3250538 - Stacktrace: 
http://climate/reports/stackcommentemail.cfm?dynamicBBID=3250538

All incidents have similar code around pc:
x86 Registers:
EAX: 00000000 
EBX: 60e82ba0
ECX: 0012fcc4
 Code Around the PC: 
 604e5dcf 8b08             mov     ecx,[eax]
 604e5dd1 ff510c           call    dword ptr [ecx+0xc]
 604e5dd4 ff75e8           push    dword ptr [ebp-0x18]
which looks like we are dereferencing a null ptr in 
mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp (1.362) line 2146
2141 amusil          1.37    if(!mPStreamListener)
2142 peterlubczynski 1.287     return NS_ERROR_FAILURE;
2143 sudu            1.23  
2144 warren          1.54    char* urlString;
2145 amusil          1.37    aURL->GetSpec(&urlString);
2146                         mPluginStreamInfo->SetURL(urlString);

The fix could be a simple bulletproofing on line 2141
if(!mPStreamListener && !mPluginStreamInfo)
But the bad thing is there is no testcase to reproduce this crash.
however, according to stack trace 
d:\builds\seamonkey\mozilla\mailnews\imap\src\nsImapProtocol.cpp line 6977
the crash happened when imap protocol was involved, it can give us a clue:
mail message with embed tag.
(Assignee)

Comment 1

16 years ago
Created attachment 71563 [details] [diff] [review]
bulletproofing patch

Comment 2

16 years ago
Comment on attachment 71563 [details] [diff] [review]
bulletproofing patch

r=peterl
Attachment #71563 - Flags: review+

Updated

16 years ago
Keywords: nsbeta1

Comment 3

16 years ago
Comment on attachment 71563 [details] [diff] [review]
bulletproofing patch

Fix the logic.
Attachment #71563 - Flags: review+ → needs-work+
(Assignee)

Comment 4

16 years ago
Created attachment 71570 [details] [diff] [review]
it should be logical OR
(Assignee)

Updated

16 years ago
Attachment #71563 - Attachment is obsolete: true

Comment 5

16 years ago
Comment on attachment 71570 [details] [diff] [review]
it should be logical OR

OR is better ;)

r=peterl
Attachment #71570 - Flags: review+

Comment 6

16 years ago
Comment on attachment 71570 [details] [diff] [review]
it should be logical OR

sr=beard (much better)
Attachment #71570 - Flags: superreview+

Comment 7

16 years ago
nominating to nsbeta1+ as per adt triage.  serge already has the patch for it.
Keywords: nsbeta1 → mozilla0.9.9, nsbeta1+
Target Milestone: --- → mozilla0.9.9

Comment 8

16 years ago
Comment on attachment 71570 [details] [diff] [review]
it should be logical OR

a=asa (on behalf of drivers) for checkin to 0.9.9 and the mozilla trunk.
Attachment #71570 - Flags: approval+
(Assignee)

Comment 9

16 years ago
checked into the trunk
mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp,v
new revision: 1.364; previous revision: 1.363
---
checked into MOZILLA_0_9_9_BRANCH
mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp,v 
new revision: 1.363.2.1; previous revision: 1.363
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED

Comment 10

16 years ago
momoi, janc ...is there any way you could try to reproduce this crash in a
recent build? I know it's difficult..but we don't have a testcase here to test
this one out.:(

Comment 11

16 years ago
(stamp) marking this verified. Talkbak team, pls reopen if u see the same trace 
again.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.