Closed Bug 1279340 Opened 9 years ago Closed 9 years ago

PPluginSurfaceChild tries to send a delete message from PluginInstanceChild::ActorDestroy()

Categories

(Core Graveyard :: Plug-ins, defect, P2)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows 10
Type:
defect

Tracking

(firefox48 affected, firefox49 affected, firefox50 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla50
Tracking Flags:
Tracking Status
firefox48 --- affected
firefox49 --- affected
firefox50 --- fixed

People

(Reporter: mccr8, Assigned: dvander)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

patch
748 bytes, patch
benjamin
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-46bd127f-056b-47f1-ae3b-1dc652160608. =============================================================
PluginInstanceChild::ClearAllSurfaces() calls PPluginSurfaceChild::Send__delete__(), but I think it fails because we're already in some kind of shutdown or error state.
I see 195 crash reports with this signature.
This should only be for the new async drawing mode which is in Flash betas but not Flash release. dvander?
Flags: needinfo?(dvander)
Priority: -- → P2
72% of these crashes are with Flash version 21.0.0.242, which looks like the current version you can download. (Another 17% are on 21.0.0.213.)
Attached patch patchSplinter Review
It looks like this predates direct drawing. We're trying to send a __delete__ message over IPDL, but sending anything after an ActorDestroy will trigger a MOZ_CRASH. I think we can just set these actors to null so PluginInstanceChild doesn't try to access them again.
Assignee: nobody → dvander
Status: NEW → ASSIGNED
Flags: needinfo?(dvander)
Attachment #8765600 - Flags: review?(benjamin)
Attachment #8765600 - Flags: review?(benjamin) → review+
Pushed by danderson@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/971c1ee26cad Don't try to send PPluginSurface::__delete__ within ActorDestroy. (bug 1279340, r=bsmedberg)
https://hg.mozilla.org/mozilla-central/rev/971c1ee26cad
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox50: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
Crash volume for signature 'mozalloc_abort | NS_DebugBreak | mozilla::ipc::FatalError | mozilla::plugins::PPluginSurfaceChild::FatalError | mozilla::plugins::PPluginSurfaceChild::Write': - nightly (version 50): 202 crashes from 2016-06-06. - aurora (version 49): 2565 crashes from 2016-06-07. - beta (version 48): 10 crashes from 2016-06-06. - release (version 47): 0 crash from 2016-05-31. - esr (version 45): 0 crash from 2016-04-07. Crash volume on the last weeks: Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7 - nightly 0 6 5 44 40 68 37 - aurora 353 389 420 428 419 332 51 - beta 0 5 2 0 1 0 0 - release 0 0 0 0 0 0 0 - esr 0 0 0 0 0 0 0 Affected platform: Windows
status-firefox48: --- → affected
status-firefox49: --- → affected
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: