Closed
Bug 1359390
Opened 7 years ago
Closed 7 years ago
Crash in nsCOMPtr_base::assign_with_AddRef | nsBaseWidget::AddChild
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Tracking
(firefox-esr45 unaffected, firefox-esr52 unaffected, firefox53 wontfix, firefox54 wontfix, firefox55 affected, firefox56 fixed)
RESOLVED
DUPLICATE
of bug 1373220
Tracking | Status | |
---|---|---|
firefox-esr45 | --- | unaffected |
firefox-esr52 | --- | unaffected |
firefox53 | --- | wontfix |
firefox54 | --- | wontfix |
firefox55 | --- | affected |
firefox56 | --- | fixed |
People
(Reporter: philipp, Unassigned)
Details
(5 keywords, Whiteboard: [adv-main56-])
Crash Data
This bug was filed from the Socorro interface and is report bp-f3d73060-5763-4219-adfc-2981e0170425. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll nsCOMPtr_base::assign_with_AddRef(nsISupports*) xpcom/glue/nsCOMPtr.cpp:44 1 xul.dll nsBaseWidget::AddChild(nsIWidget*) widget/nsBaseWidget.cpp:627 2 xul.dll nsBaseWidget::BaseCreate(nsIWidget*, nsWidgetInitData*) widget/nsBaseWidget.cpp:437 3 xul.dll nsWindow::Create(nsIWidget*, void*, mozilla::gfx::IntRectTyped<mozilla::LayoutDevicePixel> const&, nsWidgetInitData*) widget/windows/nsWindow.cpp:769 4 xul.dll nsPluginInstanceOwner::CreateWidget() dom/plugins/base/nsPluginInstanceOwner.cpp:3401 5 xul.dll nsPluginHost::CreateWidget(nsPluginInstanceOwner*) dom/plugins/base/nsPluginHost.cpp:3483 6 xul.dll nsPluginHost::InstantiatePluginInstance(nsACString_internal const&, nsIURI*, nsObjectLoadingContent*, nsPluginInstanceOwner**) dom/plugins/base/nsPluginHost.cpp:851 7 xul.dll nsObjectLoadingContent::InstantiatePluginInstance(bool) dom/base/nsObjectLoadingContent.cpp:750 8 xul.dll nsObjectLoadingContent::SyncStartPluginInstance() dom/base/nsObjectLoadingContent.cpp:2976 9 xul.dll nsAsyncInstantiateEvent::Run() dom/base/nsObjectLoadingContent.cpp:183 10 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1240 11 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:96 12 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:231 13 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:211 14 xul.dll nsBaseAppShell::Run() widget/nsBaseAppShell.cpp:156 15 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp:262 16 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp:283 17 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp:4477 18 xul.dll XREMain::XRE_main(int, char** const, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4654 19 xul.dll XRE_main(int, char** const, mozilla::BootstrapConfig const&) toolkit/xre/nsAppRunner.cpp:4745 20 xul.dll mozilla::BootstrapImpl::XRE_main(int, char** const, mozilla::BootstrapConfig const&) toolkit/xre/Bootstrap.cpp:45 21 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:115 22 firefox.exe __scrt_common_main_seh f:/dd/vctools/crt/vcstartup/src/startup/exe_common.inl:253 23 kernel32.dll BaseThreadInitThunk 24 ntdll.dll __RtlUserThreadStart 25 ntdll.dll _RtlUserThreadStart this crash signature is showing up in volume since firefox 53 and later - so far the reports are coming from windows users with 32bit&64bit versions of firefox. Correlations for Firefox Beta (100.0% in signature vs 32.24% overall) top(none)/detached > 0 = null (100.0% in signature vs 33.23% overall) reason = EXCEPTION_ACCESS_VIOLATION_READ (97.73% in signature vs 31.48% overall) app_init_dlls = null (86.36% in signature vs 26.11% overall) Module "icm32.dll" = true [71.43% vs 22.01% if platform_pretty_version = Windows 7] (84.09% in signature vs 21.68% overall) Module "WindowsCodecs.dll" = true [80.00% vs 28.90% if platform_version = 10.0.14393] (43.18% in signature vs 00.48% overall) address = 0x14 (59.09% in signature vs 99.86% overall) graphics_startup_test = null (38.64% in signature vs 00.43% overall) address = 0xffffffffe5e5e5e5
Updated•7 years ago
|
Component: Untriaged → Plug-ins
Updated•7 years ago
|
Flags: needinfo?(jmathies)
Updated•7 years ago
|
Group: core-security → dom-core-security
Updated•7 years ago
|
Comment 1•7 years ago
|
||
This code could use some more death grips sprinkled around, it looks like.
Comment 2•7 years ago
|
||
Too late for a fix for 53.
Comment 3•7 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #1) > This code could use some more death grips sprinkled around, it looks like. Is this something you can take, or find someone to assign & treain in this? ;)
Flags: needinfo?(continuation)
Comment 4•7 years ago
|
||
I haven't looked this code before, though maybe it isn't really necessary for this kind of patch. It also would only be a speculative fix.
Flags: needinfo?(continuation)
Reporter | ||
Comment 6•7 years ago
|
||
oops, i've filed the same bug twice as it seems - the other one has a bit more information in it of the circumstance this might happen in.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(jmathies)
Resolution: --- → DUPLICATE
Comment 7•7 years ago
|
||
Per bug 1367686 & bug 1373220, mark 54 won't fix and 56 fixed.
status-firefox56:
--- → fixed
Updated•7 years ago
|
Whiteboard: [adv-main56-]
Updated•6 years ago
|
Group: dom-core-security
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•