Closed Bug 147392 Opened 22 years ago Closed 22 years ago

Reloading page containing flash object results in crash [@ CopyRgn]

Categories

(Camino Graveyard :: Page Layout, defect)

Product:
Camino Graveyard
Component:
Page Layout
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: chrispetersen, Assigned: beard)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Build: 0.2.7
Platform: OS X 10.1.4
Expected Results: Page should be reflowed
What I got: After reload, App crashs.

Steps to reproduce:

1) Go to url
2) After page loads, press the reload button
3) Page should start to reflow then crash. 

This problem seems to be related displaying the page in a frameset. If I load
the flash content page directly (http://static.elderscrolls.com/flash/top.htm) ,
I can't crash the app even after many reloads.
Stack trace of crash:

Command:    Navigator
PID:        510

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x30018a84

Thread 0 Crashed:
 #0   0x734fb1d8 in CopyRgn
 #1   0x7351be30 in GetPortClipRegion
 #2   0x03651510 in nsPluginInstanceOwner::FixUpPluginWindow(void)
 #3   0x03650548 in nsPluginInstanceOwner::Notify(nsITimer *)
 #4   0x00231ac0 in nsTimerImpl::Fire(void)
 #5   0x00231bfc in handleTimerEvent(TimerEventType *)
 #6   0x0022cd74 in PL_HandleEvent
 #7   0x0022cc5c in PL_ProcessPendingEvents
 #8   0x0022dc24 in nsEventQueueImpl::ProcessPendingEvents(void)
 #9   0x025bbd98 in -[EventQueueHandler eventTimer:]
 #10  0x708d06e8 in __NSFireTimer
 #11  0x70196cd0 in __CFRunLoopDoTimer
 #12  0x7017c258 in __CFRunLoopRun
 #13  0x701b7100 in CFRunLoopRunSpecific
 #14  0x7017b8e0 in CFRunLoopRunInMode
 #15  0x7312d8f4 in RunEventLoopInModeUntilEventArrives
 #16  0x73140808 in ReceiveNextEventCommon
 #17  0x731715ec in BlockUntilNextEventMatchingListInMode
 #18  0x70bd70b8 in _DPSNextEvent
 #19  0x70bfe5d8 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
 #20  0x70c23468 in -[NSApplication run]
 #21  0x70c91ed0 in NSApplicationMain
 #22  0x0000214c in _start
 #23  0x00001f7c in start

Thread 1:
 #0   0x700252fc in select
 #1   0x0015b758 in poll
 #2   0x00157e70 in _pr_poll_with_poll
 #3   0x0203b30c in nsSocketTransportService::Run(void)
 #4   0x0022f7e4 in nsThread::Main(void *)
 #5   0x0015932c in _pt_root
 #6   0x7002054c in _pthread_body

Thread 2:
 #0   0x7003f4c8 in semaphore_wait_signal_trap
 #1   0x7003f2c8 in _pthread_cond_wait
 #2   0x00154418 in PR_WaitCondVar
 #3   0x020454a0 in nsDNSService::DequeuePendingQ(void)
 #4   0x02044ea8 in nsDNSService::Run(void)
 #5   0x0022f7e4 in nsThread::Main(void *)
 #6   0x0015932c in _pt_root
 #7   0x7002054c in _pthread_body

Thread 3:
 #0   0x70044cf8 in semaphore_timedwait_signal_trap
 #1   0x70044cd8 in semaphore_timedwait_signal
 #2   0x7003f2b8 in _pthread_cond_wait
 #3   0x001541b4 in pt_TimedWait
 #4   0x0015442c in PR_WaitCondVar
 #5   0x0023326c in TimerThread::Run(void)
 #6   0x0022f7e4 in nsThread::Main(void *)
 #7   0x0015932c in _pt_root
 #8   0x7002054c in _pthread_body

Thread 4:
 #0   0x70000978 in mach_msg_overwrite_trap
 #1   0x70005a04 in mach_msg
 #2   0x70026a2c in _pthread_become_available
 #3   0x70026724 in pthread_exit
 #4   0x70020550 in _pthread_body

Thread 5:
 #0   0x70013ed8 in syscall_thread_switch
 #1   0x70814cf8 in +[NSThread sleepUntilDate:]
 #2   0x70ba1680 in -[NSUIHeartBeat _heartBeatThread:]
 #3   0x70842358 in forkThreadForFunction
 #4   0x7002054c in _pthread_body

Thread 6:
 #0   0x7003f4c8 in semaphore_wait_signal_trap
 #1   0x7003f2c8 in _pthread_cond_wait
 #2   0x00154418 in PR_WaitCondVar
 #3   0x00230904 in nsThreadPool::GetRequest(nsIThread *)
 #4   0x00231258 in nsThreadPoolRunnable::Run(void)
 #5   0x0022f7e4 in nsThread::Main(void *)
 #6   0x0015932c in _pt_root
 #7   0x7002054c in _pthread_body

PPC Thread State:
  srr0: 0x734fb1d8 srr1: 0x0200f030                vrsave: 0x00000000
   xer: 0x0000000b   lr: 0x734fb19c  ctr: 0x7351be0c   mq: 0x00000000
    r0: 0x00000000   r1: 0xbfffe950   r2: 0xbfffe9d8   r3: 0x30018a84
    r4: 0x024ff810   r5: 0x0000000e   r6: 0x00000001   r7: 0x8ab4ce05
    r8: 0x00000018   r9: 0x834e058c  r10: 0x03d32010  r11: 0x037ef288
   r12: 0x7351be0c  r13: 0x00000000  r14: 0x00000000  r15: 0x00000000
   r16: 0x00000001  r17: 0x00000001  r18: 0x00000000  r19: 0x0000560b
   r20: 0xbffff118  r21: 0x00000000  r22: 0x00000000  r23: 0x1d12d668
   r24: 0x000fc870  r25: 0x00000001  r26: 0x00000276  r27: 0x0482aff0
   r28: 0x00000000  r29: 0x024ff810  r30: 0x30018a84  r31: 0x734fb19c

**********
Blocks: 147975
*** Bug 149376 has been marked as a duplicate of this bug. ***
*** Bug 151058 has been marked as a duplicate of this bug. ***
->beard
Assignee: saari → beard
Severity: major → critical
Keywords: crash
Summary: Reloading page containing flash object results in crash → Reloading page containing flash object results in crash [@ CopyRgn]
beard sez this could be fixed
WorksForMe using Chimera/20020619.
marking WFM for QA to verify
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
Yes, I can no longer reproduce in the 2002-06-19-05 NB. Tested with Shockwave
Flash 6.0 r29.
Status: RESOLVED → VERIFIED
No longer blocks: 147975
Crash Signature: [@ CopyRgn]
You need to log in before you can comment on or make changes to this bug.