Closed
Bug 1405267
Opened 7 years ago
Closed 7 years ago
Right clicking on Flash content crashes plugin process
Categories
(Core :: Widget: Gtk, defect, P1)
Core
Widget: Gtk
Tracking
()
RESOLVED
FIXED
mozilla58
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox56 | --- | wontfix |
| firefox57 | --- | fixed |
| firefox58 | --- | fixed |
People
(Reporter: chrisccoulson, Assigned: chrisccoulson)
References
Details
(Keywords: regression)
Attachments
(1 file)
|
1.31 KB,
patch
|
karlt
:
review+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Right clicking on Flash content crashes the plugin process, because the Flash player calls in to gdk_window_get_window_type which is stubbed in mozgtk2.
See stacktrace:
Thread 1 "plugin-containe" received signal SIGSEGV, Segmentation fault.
gdk_window_get_window_type () at /build/firefox-hFMlsu/firefox-56.0+build6/widget/gtk/mozgtk/mozgtk.c:523
523 /build/firefox-hFMlsu/firefox-56.0+build6/widget/gtk/mozgtk/mozgtk.c: No such file or directory.
(gdb) bt
#0 gdk_window_get_window_type () at /build/firefox-hFMlsu/firefox-56.0+build6/widget/gtk/mozgtk/mozgtk.c:523
#1 0x00007f7c4e0cd753 in gtk_grab_add () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#2 0x00007f7c4e0d8d40 in gtk_menu_popup () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#3 0x00007f7c40653cbf in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#4 0x00007f7c40653d4b in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#5 0x00007f7c40653e6f in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#6 0x00007f7c40653f05 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#7 0x00007f7c4058e3b6 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#8 0x00007f7c40615b6a in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#9 0x00007f7c4061d66e in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#10 0x00007f7c40617f79 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#11 0x00007f7c56ad45ca in mozilla::plugins::PluginInstanceChild::AnswerNPP_HandleEvent (this=0x7f7c44683000, event=..., handled=0x7ffd99aee280)
at /build/firefox-hFMlsu/firefox-56.0+build6/dom/plugins/ipc/PluginInstanceChild.cpp:872
#12 0x00007f7c554e5b64 in mozilla::plugins::PPluginInstanceChild::OnCallReceived (this=0x7f7c44683000, msg__=..., reply__=@0x7ffd99aee4e0: 0x0)
at /build/firefox-hFMlsu/firefox-56.0+build6/obj-x86_64-linux-gnu/ipc/ipdl/PPluginInstanceChild.cpp:2888
#13 0x00007f7c554f15ab in mozilla::plugins::PPluginModuleChild::OnCallReceived (this=0x7f7c446af000, msg__=..., reply__=@0x7ffd99aee4e0: 0x0)
at /build/firefox-hFMlsu/firefox-56.0+build6/obj-x86_64-linux-gnu/ipc/ipdl/PPluginModuleChild.cpp:1137
#14 0x00007f7c553d814f in mozilla::ipc::MessageChannel::DispatchInterruptMessage(IPC::Message&&, unsigned long) (this=this@entry=0x7f7c446af100,
aMsg=aMsg@entry=<unknown type in /usr/lib/debug/usr/lib/firefox/libxul.so, CU 0x3258380, DIE 0x32d3723>, stackDepth=stackDepth@entry=0)
at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/glue/MessageChannel.cpp:2124
#15 0x00007f7c553dbf4e in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) (this=0x7f7c446af100, aMsg=<unknown type in /usr/lib/debug/usr/lib/firefox/libxul.so, CU 0x3258380, DIE 0x32d3723>)
at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/glue/MessageChannel.cpp:2016
#16 0x00007f7c553dd9f9 in mozilla::ipc::MessageChannel::RunMessage (this=<optimised out>, aTask=...) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/glue/MessageChannel.cpp:1887
#17 0x00007f7c553ddb2d in mozilla::ipc::MessageChannel::MessageTask::Run (this=0x7f7c4977dd50) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/glue/MessageChannel.cpp:1920
#18 0x00007f7c553ab22d in MessageLoop::RunTask (aTask=..., this=0x7ffd99aee8e0) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:452
#19 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) (this=this@entry=0x7ffd99aee8e0,
pending_task=pending_task@entry=<unknown type in /usr/lib/debug/usr/lib/firefox/libxul.so, CU 0x2f0db28, DIE 0x2f565e9>)
at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:460
#20 0x00007f7c553ab7ef in MessageLoop::DoWork (this=0x7ffd99aee8e0) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:535
#21 0x00007f7c5539df09 in base::MessagePumpForUI::HandleDispatch (this=0x7f7c49773630) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_pump_glib.cc:266
#22 0x00007f7c5539df4d in (anonymous namespace)::WorkSourceDispatch (source=<optimised out>, unused_func=<optimised out>, unused_data=<optimised out>)
at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_pump_glib.cc:108
#23 0x00007f7c50558377 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007f7c505585e0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007f7c5055868c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007f7c5539da02 in base::MessagePumpForUI::RunWithDispatcher (this=0x7f7c49773630, delegate=<optimised out>, dispatcher=<optimised out>)
at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_pump_glib.cc:195
#27 0x00007f7c553a2a1d in MessageLoop::RunInternal (this=0x7ffd99aee8e0) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:326
#28 MessageLoop::RunHandler (this=0x7ffd99aee8e0) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:319
#29 MessageLoop::Run (this=this@entry=0x7ffd99aee8e0) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/chromium/src/base/message_loop.cc:299
#30 0x00007f7c57efcaea in XRE_InitChildProcess (aArgc=8, aArgv=0x7ffd99aeec28, aChildData=<optimised out>) at /build/firefox-hFMlsu/firefox-56.0+build6/toolkit/xre/nsEmbedFunctions.cpp:699
#31 0x000055ac90fcdfa1 in content_process_main (bootstrap=0x7f7c49703098, argc=10, argv=0x7ffd99aeec28) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/app/../contentproc/plugin-container.cpp:64
#32 0x000055ac90fcdbd7 in content_process_main (argv=0x7ffd99aeec28, argc=11, bootstrap=<optimised out>) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/app/MozillaRuntimeMain.cpp:26
#33 main (argc=11, argv=0x7ffd99aeec28) at /build/firefox-hFMlsu/firefox-56.0+build6/ipc/app/MozillaRuntimeMain.cpp:25
|
Assignee | |
Comment 1•7 years ago
|
||
I assume this is probably the right fix.
Attachment #8914698 -
Flags: review?(karlt)
|
||
Updated•7 years ago
|
Blocks: 1364355
status-firefox56:
--- → affected
status-firefox57:
--- → affected
status-firefox-esr52:
--- → unaffected
Keywords: regression
Priority: -- → P1
|
|
||
Comment 2•7 years ago
|
||
Comment on attachment 8914698 [details] [diff] [review] dont-stub-gdk_window_get_window_type-in-mozgtk2.patch Thank you, Chris.
Attachment #8914698 -
Flags: review?(karlt) → review+
|
||
Comment 4•7 years ago
|
||
Hey Chris, can we land this?
Assignee: nobody → chrisccoulson
Flags: needinfo?(chrisccoulson)
|
|
Assignee | |
Comment 5•7 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #4) > Hey Chris, can we land this? I can't, but yes, sure.
Flags: needinfo?(chrisccoulson)
|
||
Updated•7 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d06512adfab5 Don't stub gdk_window_get_window_type in mozgtk2. r=karlt
Keywords: checkin-needed
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/d06512adfab5
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
|
|
||
Comment 8•7 years ago
|
||
This seems safe enough to warrant an uplift to 57, doesn't it?
Flags: needinfo?(karlt)
|
|
||
Comment 9•7 years ago
|
||
Comment on attachment 8914698 [details] [diff] [review] dont-stub-gdk_window_get_window_type-in-mozgtk2.patch Approval Request Comment [Feature/Bug causing the regression]: Bug 1364355 [User impact if declined]: Crashes when opening Flash Player context menu [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: No [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None. [Is the change risky?]: No [Why is the change risky/not risky?]: It removes a definition of a function accidentally interposing the definition in GTK. (It was intended to satisfy run-time linker requirements when running the plugin container against GTK versions without that function, but these versions have the function and Flash Player uses it.) The effect of the code change is limited to plugin processes. [String changes made/needed]: None.
Flags: needinfo?(karlt)
Attachment #8914698 -
Flags: approval-mozilla-beta?
Comment on attachment 8914698 [details] [diff] [review] dont-stub-gdk_window_get_window_type-in-mozgtk2.patch Crash fix, beta57+
Attachment #8914698 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 11•7 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/48052fefc77e
|
||
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•