Closed Bug 1308023 Opened 9 years ago Closed 9 years ago

Crash in strcmp | PluginInfoIsFlash

Tracking

(firefox49 unaffected, firefox50 unaffected, firefox51 unaffected, firefox52+ fixed)

Status:

RESOLVED FIXED

Milestone:

mozilla52

Tracking Flags:

Tracking

Status

firefox49

---

unaffected

firefox50

---

unaffected

firefox51

---

unaffected

firefox52

fixed

People

(Reporter: jchen, Assigned: arai)

References

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file, 1 obsolete file)

Null check info.fDescription in PluginInfoIsFlash. 9 years ago Tooru Fujisawa [:arai] 1015 bytes, patch		Details \| Diff \| Splinter Review
Null check info.fName in PluginInfoIsFlash. 9 years ago Tooru Fujisawa [:arai] 1023 bytes, patch	jimm : review+	Details \| Diff \| Splinter Review

(inactive) Jim Chen [:jchen] [:darchons]

Reporter

Description

•

9 years ago

This bug was filed from the Socorro interface and is report bp-55459599-2bc0-4878-924c-2aa142161005. ============================================================= Regression from bug 1269807. Looks like [1] needs a null check. [1] https://hg.mozilla.org/mozilla-central/annotate/ea104eeb14cc/dom/plugins/base/nsPluginHost.cpp#l2099

Flags: needinfo?(benjamin)

Tooru Fujisawa [:arai]

Assignee

Comment 1

•

9 years ago

Attached patch Null check info.fDescription in PluginInfoIsFlash. (obsolete) — Details — Splinter Review

For me, it crashes with the following plugin, that has no description. fName: Wacom Pressure Plug-In fDescription: (null) fVariantCount: 0 fFileName: WacomNetscape.plugin fFullPath: /Library/Internet Plug-Ins/WacomNetscape.plugin fVersion: 2.1.0-1 fSupportsAsyncRender: 0 https://crash-stats.mozilla.com/report/index/1995a541-790f-4ad6-a496-823f32161006 https://dxr.mozilla.org/mozilla-central/rev/e8fa13708c070d1fadf488ed9d951464745b4e17/dom/plugins/base/nsPluginsDirDarwin.cpp#453 > if (bundle) { > CFTypeRef description = ::CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("WebPluginDescription")); > if (description && ::CFGetTypeID(description) == ::CFStringGetTypeID()) > info.fDescription = CFStringRefToUTF8Buffer(static_cast<CFStringRef>(description)); > } According to the code, info.fDescription can be null. So just added null check before strcmp.

Assignee: nobody → arai.unmht

Attachment #8798370 - Flags: review?(benjamin)

Benjamin Smedberg

Comment 2

•

9 years ago

Will be fixed by bug 1307501: this should have been fName instead of fDescription anyway.

Depends on: 1307501

Flags: needinfo?(benjamin)

Benjamin Smedberg

Updated

•

9 years ago

Attachment #8798370 - Flags: review?(benjamin)

Tooru Fujisawa [:arai]

Assignee

Comment 3

•

9 years ago

nice to hear that :)

Assignee: arai.unmht → nobody

Marcia Knous [:marcia]

Comment 4

•

9 years ago

Adding the Mac signature - I filed Bug 1308182 but I guess it is a dupe of this bug.

Crash Signature: [@ strcmp | PluginInfoIsFlash] → [@ strcmp | PluginInfoIsFlash] [@ _platform_strcmp]

Justin [:JW_SoftvisionQA]

Updated

•

9 years ago

status-firefox49: --- → unaffected

status-firefox50: --- → unaffected

status-firefox51: --- → unaffected

status-firefox52: --- → affected

Version: unspecified → Trunk

Marcia Knous [:marcia]

Updated

•

9 years ago

Crash Signature: [@ strcmp | PluginInfoIsFlash] [@ _platform_strcmp] → [@ strcmp | PluginInfoIsFlash] [@ _platform_strcmp] [@ __platform_strcmp]

Marcia Knous [:marcia]

Updated

•

9 years ago

Crash Signature: [@ strcmp | PluginInfoIsFlash] [@ _platform_strcmp] [@ __platform_strcmp] → [@ strcmp | PluginInfoIsFlash] [@ PluginInfoIsFlash] [@ _platform_strcmp] [@ __platform_strcmp]

Benjamin Smedberg

Comment 6

•

9 years ago

Fixed by bug 1307501.

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → FIXED

Frank Burleigh

Comment 7

•

9 years ago

I continue to see this crash in startup of 10/9/2016 Nightly: _platform_strcmp. My most recent crash: https://crash-stats.mozilla.com/report/index/6a83e4a4-272a-4fb1-b50e-be14c2161009 I do have a bunch of plugins, including the latest Flash, a Shockwave, and the Wacom Pressure Plugin referenced above (all "Never activate" or "Ask to activate"). Creating a fresh profile doesn't help. Additionally, 10/6/2016 Nightly cannot open using fresh profiles made with Nightlies after it.

Tooru Fujisawa [:arai]

Assignee

Comment 8

•

9 years ago

reopening per comment #17, and bug 1308770. according to the code, info.fName is also not-guaranteed to be non-null, at least on windows and osx https://dxr.mozilla.org/mozilla-central/rev/d72cf6ecebaf707c159f6697d9f5f6f6a6feb7e1/dom/plugins/base/nsPluginsDirWin.cpp#375 > info.fName = GetKeyValue(verbuf, L"ProductName", lang, cp); https://dxr.mozilla.org/mozilla-central/source/dom/plugins/base/nsPluginsDirWin.cpp#69-110 > static char* GetKeyValue(void* verbuf, const WCHAR* key, > UINT language, UINT codepage) > { > WCHAR keybuf[64]; // plenty for the template below, with the longest key > // we use (currently "FileDescription") > const WCHAR keyFormat[] = L"\\StringFileInfo\\%04X%04X\\%ls"; > WCHAR *buf = nullptr; > UINT blen; > > if (_snwprintf_s(keybuf, ArrayLength(keybuf), _TRUNCATE, > keyFormat, language, codepage, key) < 0) > { > NS_NOTREACHED("plugin info key too long for buffer!"); > return nullptr; > } > > if (::VerQueryValueW(verbuf, keybuf, (void **)&buf, &blen) == 0 || > buf == nullptr || blen == 0) > { > return nullptr; > } > > return PL_strdup(NS_ConvertUTF16toUTF8(buf, blen).get()); > } https://dxr.mozilla.org/mozilla-central/rev/d72cf6ecebaf707c159f6697d9f5f6f6a6feb7e1/dom/plugins/base/nsPluginsDirDarwin.cpp#446 > // Get fName > if (bundle) { > CFTypeRef name = ::CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("WebPluginName")); > if (name && ::CFGetTypeID(name) == ::CFStringGetTypeID()) > info.fName = CFStringRefToUTF8Buffer(static_cast<CFStringRef>(name)); > } So, null-check should be there.

Status: RESOLVED → REOPENED

Resolution: FIXED → ---

Tooru Fujisawa [:arai]

Assignee

Updated

•

9 years ago

Comment 9

•

9 years ago

(In reply to Tooru Fujisawa [:arai] from comment #8) > reopening per comment #17, and bug 1308770. I meant comment #7

Tooru Fujisawa [:arai]

Assignee

Comment 10

•

9 years ago

Attached patch Null check info.fName in PluginInfoIsFlash. — Details — Splinter Review

Just same as previous patch, but now checking info.fName instead of info.fDescription.

Assignee: nobody → arai.unmht

Attachment #8798370 - Attachment is obsolete: true

Status: REOPENED → ASSIGNED

Attachment #8799299 - Flags: review?(benjamin)

Frank Burleigh

Comment 12

•

9 years ago

Since at least one of us experiences this startup crash on OS X, shouldn't "platform" be adjusted?

Tooru Fujisawa [:arai]

Assignee

Updated

•

9 years ago

OS: Windows 10 → All

Andrew McCreight [:mccr8]

Comment 13

•

9 years ago

[Tracking Requested - why for this release]: This is currently in the top 5 crashes for Nightly, and that's with another very frequent new regression.

tracking-firefox52: --- → ?

Keywords: topcrash

Andrew McCreight [:mccr8]

Comment 14

•

9 years ago

If bsmedberg can't get to this review right away, maybe jimm or somebody could review it instead? It would be nice to have this small patch to fix a Nightly top crash.

Jim Mathies [:jimm]

Updated

•

9 years ago

Attachment #8799299 - Flags: review?(benjamin) → review+

Tooru Fujisawa [:arai]

Assignee

Comment 15

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/0ca22c468bbe3be6f6e40b611893483f6b0ab0c7 Bug 1308023 - Null check info.fName in PluginInfoIsFlash. r=jimm

Marcia Knous [:marcia]

Comment 16

•

9 years ago

Tracking 52+ - top crash for nightly that will need to be addressed.

tracking-firefox52: ? → +

Carsten Book [:Tomcat]

Comment 17

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/0ca22c468bbe

Status: ASSIGNED → RESOLVED

Closed: 9 years ago → 9 years ago

status-firefox52: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla52

BMO Automation

Updated

•

3 years ago

Product: Core → Core Graveyard

You need to log in before you can comment on or make changes to this bug.