Closed Bug 166713 Opened 23 years ago Closed 23 years ago

crash in [@ PluginViewerImpl::StartLoad] Trunk

Categories

(Core Graveyard :: Plug-ins, defect, P2)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.2beta

People

(Reporter: srgchrpv, Assigned: srgchrpv)

References

Details

(Keywords: crash, testcase, topcrash+, Whiteboard: [PL2:NA])

Crash Data

Attachments

(1 file)

patch v1
804 bytes, patch
serhunt
: review+
beard
: superreview+
Details | Diff | Splinter Review
here is some reports with comments http://climate.mcom.com/reports/singleincidentinfo.cfm?dynamicBBID=9894802 Email: janderk@digitaldutch.com URL: http://www.arcanatech.com Comments: Go to http://www.arcanatech.com Click on NCF-Framework. Crashes all the time for me http://climate.mcom.com/reports/singleincidentinfo.cfm?dynamicBBID=9894620 Email: janderk@digitaldutch.com URL: forum.rackshack.net http://climate.mcom.com/reports/singleincidentinfo.cfm?dynamicBBID=10196837 Email: Dirk.Fischbach@hotmail.com URL: www.google.de;www.telekom.de Comments: trying to open an Adobe Acrobat document with Acrobat Reader 5.0 -
could not repro crash on http://www.arcanatech.com with 0823 branch on my NT. still trying...
unfortunately I cannot reproduce the crash too, but the disassembly code from TB reports shows we are dereferencing null ptr in nsPluginViewer.cpp, line 343 EAX: 00000000 EBX: 60ec96b8 ECX: 0281d730 EDX: 0064fa24 Code Around the PC: 605100f0 8b08 mov ecx,[eax] <== HERE eax == 0 605100f2 52 push edx 605100f3 50 push eax so I did some debugging and figured out that if by some reason initialization of mWindow fails here http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/plugin/base/src/nsPluginViewer.cpp&rev=1.123&root=/cvsroot#531 nsDocShell::Embed() http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/docshell/base/nsDocShell.cpp&rev=1.468&root=/cvsroot#3940 does not check return code and eventually we'll hit up here http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/modules/plugin/base/src/nsPluginViewer.cpp&rev=1.123&root=/cvsroot#343 with mWindow == 0
Attached patch patch v1Splinter Review
simple check for !mWindow & mNextStream = 0 to prevent possible crashes.
Comment on attachment 97864 [details] [diff] [review] patch v1 r=av
Attachment #97864 - Flags: review+
Patrick, could you sr=, please?
serge / shrirang, FWIW, I just reproduced this one twice at the arcanatech.com site. Using 20020909 build on Win2K: 1) Goto the site. 2) click on the "Arcana Technologies" header 3) crash.
Keywords: crash, testcase, topcrash+
Summary: crash in [@PluginViewerImpl::StartLoad] 29 TB reports → crash in [@ PluginViewerImpl::StartLoad] 29 TB reports
Yes,Greer, I just tried the TRUNK and could easily reproduce this. Thx for the steps...the branch seemed fine tho, I could not crash the canditate build.
no kidding, I was thinking this is a topcrash from the branch...which is not the case.
No crashes currently on the branch, and only 2 in the N700 final (from Gecko1.0 branch). I'll put Trunk in the summary.
Summary: crash in [@ PluginViewerImpl::StartLoad] 29 TB reports → crash in [@ PluginViewerImpl::StartLoad] Trunk
crash -> critical
Severity: normal → critical
Priority: -- → P2
Whiteboard: [PL2:NA]
Target Milestone: --- → mozilla1.2beta
Comment on attachment 97864 [details] [diff] [review] patch v1 sr=beard
Attachment #97864 - Flags: superreview+
on the trunk <-- nsPluginViewer.cpp new revision: 1.126; previous revision: 1.125 thanks to all.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
*** Bug 168754 has been marked as a duplicate of this bug. ***
does not crash on 0916 trunk build anymore. used greer's steps.
Status: RESOLVED → VERIFIED
Crash Signature: [@ PluginViewerImpl::StartLoad]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: