Closed Bug 195116 Opened 22 years ago Closed 21 years ago

Crash while starting plug-in - Trunk M140A [@ nsObjectFrame::GetBaseURL]

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: peterlubczynski-bugs, Assigned: peterlubczynski-bugs)

References

(
URL
)

Details

(4 keywords, Whiteboard: [adt2])

Crash Data

Attachments

(2 files)

debugger stack for comments
12.70 KB, text/plain
Details
talkback stack of actual crash
6.79 KB, text/plain
Details
While looking through talkback, I noticed this crash appeared on the top 10 list: http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=17477215 To reproduce have Flash installed and go to the test URL. Click on "Forums" on the left. You may have to do it more than once to crash. The direct cause of the crash is because mContent is NULL on the frame but this is caused because the frame is actually destroyed while the plugin is being started. Notice in the attached stack how |Reflow| causes |InstantiatePlugin| which cause |GetAttributes| which calls |nsIDOMNode::GetLength| which causes the |FlushPendingNotifications| to |WipeContainingBlock| ...and then we crash. This is similar to bug 136927.
Nominating
Keywords: nsbeta1
I don't see a simple "Forums" link. Do you mean click on "Swamp Gas Forums"? I tried that five times, and it WorksForMe using FizzillaMach/2003022103 and Flash 6.0 r67.
URL: http://www.gatorcountry.comhttp://www.gatorcountry.com/
Severity: normal → critical
Summary: Crash while starting plugin [@nsObjectFrame::GetBaseURL] → Crash while starting plug-in [@ nsObjectFrame::GetBaseURL]
Marking as topcrash for M130 10 nsObjectFrame::GetBaseURL 142 Source File : c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line : 1397 ==================================================================================================== Count Offset Real Signature [ 36 nsObjectFrame::GetBaseURL e8d724f9 - nsObjectFrame::GetBaseURL ] Crash date range: 2003-03-24 to 2003-04-01 Min/Max Seconds since last crash: 66 - 936087 Min/Max Runtime: 3067 - 1344273 Count Platform List 29 Windows NT 5.0 build 2195 4 Windows NT 5.1 build 2600 2 Windows 98 4.90 build 73010104 1 Windows 98 4.10 build 67766222 Count Build Id List 36 2003031211 No of Unique Users 12 Stack trace(Frame) nsObjectFrame::GetBaseURL [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 1397] nsObjectFrame::FixUpURLS [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 2903] nsPluginInstanceOwner::EnsureCachedAttrParamArrays [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 3082] nsPluginInstanceOwner::GetAttributes [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 2230] nsPluginInstancePeerImpl::GetAttributes [c:/builds/seamonkey/mozilla/modules/plugin/base/src/nsPluginInstancePeer.cpp line 288] ns4xPluginInstance::InitializePlugin [c:/builds/seamonkey/mozilla/modules/plugin/base/src/ns4xPluginInstance.cpp line 735] ns4xPluginInstance::Initialize [c:/builds/seamonkey/mozilla/modules/plugin/base/src/ns4xPluginInstance.cpp line 625] nsPluginHostImpl::TrySetUpPluginInstance [c:/builds/seamonkey/mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp line 3913] nsPluginHostImpl::SetUpPluginInstance [c:/builds/seamonkey/mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp line 3719] nsPluginHostImpl::InstantiateEmbededPlugin [c:/builds/seamonkey/mozilla/modules/plugin/base/src/nsPluginHostImpl.cpp line 3399] nsObjectFrame::InstantiatePlugin [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 1297] nsObjectFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsObjectFrame.cpp line 1154] nsLineLayout::ReflowFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsLineLayout.cpp line 1038] nsInlineFrame::ReflowInlineFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 743] nsInlineFrame::ReflowFrames [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 551] nsInlineFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 464] nsLineLayout::ReflowFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsLineLayout.cpp line 1038] nsInlineFrame::ReflowInlineFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 743] nsInlineFrame::ReflowFrames [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 551] nsInlineFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsInlineFrame.cpp line 464] nsLineLayout::ReflowFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsLineLayout.cpp line 1038] nsBlockFrame::ReflowInlineFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 3906] nsBlockFrame::DoReflowInlineFrames [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 3734] nsBlockFrame::DoReflowInlineFramesAuto [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 3636] nsBlockFrame::ReflowInlineFrames [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 3581] nsBlockFrame::ReflowLine [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 2672] nsBlockFrame::ReflowDirtyLines [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 2318] nsBlockFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 954] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableCellFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableCellFrame.cpp line 947] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableRowFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1316] nsTableRowFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1202] nsTableRowFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1470] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableRowGroupFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1748] nsTableRowGroupFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1417] nsTableRowGroupFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1326] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableFrame.cpp line 3042] nsTableFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableFrame.cpp line 2767] nsTableFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableFrame.cpp line 2023] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableOuterFrame::OuterReflowChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1343] nsTableOuterFrame::IR_InnerTableReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1708] nsTableOuterFrame::IR_TargetIsInnerTableFrame [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1469] nsTableOuterFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1459] nsTableOuterFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1421] nsTableOuterFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableOuterFrame.cpp line 1954] nsBlockReflowContext::ReflowBlock [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockReflowContext.cpp line 547] nsBlockFrame::ReflowBlockFrame [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 3339] nsBlockFrame::ReflowLine [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 2540] nsBlockFrame::ReflowDirtyLines [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 2318] nsBlockFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 954] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableCellFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableCellFrame.cpp line 947] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableRowFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1316] nsTableRowFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1202] nsTableRowFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowFrame.cpp line 1470] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] nsTableRowGroupFrame::IR_TargetIsChild [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1748] nsTableRowGroupFrame::IncrementalReflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1417] nsTableRowGroupFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/table/src/nsTableRowGroupFrame.cpp line 1326] (18674791) URL: http://www.clavister.org (18458675) URL: http://www.battle.net/forums/board.aspx?ForumName=opensupport (18458672) URL: http://www.battle.net/forums/board.aspx?ForumName=opensupport (18458672) Comments: Viewing forum posts. (18455229) URL: www.battle.net (18439951) URL: http://www.battle.net/forums/ (18439951) Comments: i was viewing battle.nets diablo 2 forums (18429683) URL: www.battle.net (18429683) Comments: clicked on a link in the forums (18429657) URL: www.blizzard.com (18429657) Comments: Just clicked on a link (18508769) Comments: wqwqwq (18472270) URL: http://www.pconline.com.cn/news/gjyj/10303/145273.html (18472270) Comments: In this site "pconline.com.cn" When I visit it It "must" crash (18587599) URL: http://www.telegraaf.nl/portal/teksten/portaal.html (18587599) Comments: just connected and the browser was terminated by windows because of some error a second attempt was succesfull (18477201) URL: www.dhnet.be (18476464) URL: www.dhnet.be (18623421) Comments: i just started mozilla (18576815) URL: http://www.pconline.com.cn/news/gnyj/10303/143922.html (18576815) Comments: open web links from one this first web page to other tabs. (18437507) URL: http://www.pconline.com.cn (18437341) URL: http://www.pconline.com.cn (18437341) Comments: Open the link with new tab. (18420878) URL: http://www.pconline.com.cn/news/gnyj/10303/143922.html (18420878) Comments: i open this link from http://www.pconline.com.cn/news/ web page then it crashed (18418377) URL: http://www.pconline.com.cn/news/ (18418377) Comments: one window open links to 3~4 tabs. then game over~ (18550700) URL: www.hevre.co.il (18550700) Comments: loading that web-page (18370608) URL: www.expressen.se (18612712) URL: www.picpost.com (18612712) Comments: www.picpost.com makes it crash (18605061) URL: http://www.gamespy.com (18605044) URL: http://www.gamespy.com (18577599) URL: www.iht.com (18577589) URL: www.iht.com (18639531) Comments: watching annonces' pages at http://wp.pl. No particular URL can be given they are in HASH format.
Keywords: topcrash
Summary: Crash while starting plug-in [@ nsObjectFrame::GetBaseURL] → Crash while starting plug-in; topcrash M130 [@ nsObjectFrame::GetBaseURL]
the problem appears to be the same as the older bug, which concluded that it wanted to be solved by the plugin branch (bug 90268) see: bug 136927 comment 28
*** Bug 201757 has been marked as a duplicate of this bug. ***
Updating summary with Trunk M140A since this continues to be a topcrasher with Mozilla 1.4 Alpha and the MozillaTrunk. But from looking at bug 90268 and bug 136927, it looks like this isn't going to be fixed anytime soon, right?
Keywords: qawanted
Summary: Crash while starting plug-in; topcrash M130 [@ nsObjectFrame::GetBaseURL] → Crash while starting plug-in - Trunk M140A [@ nsObjectFrame::GetBaseURL]
It'll be fixed as soon as someone invests a few weeks of work and testing in it...
Updated QA contact to bmartin@netscape.com
QA Contact: shrir → bmartin
Seems related to bug 185357. (Same URL as in duplicate bug 185705.)
adt: nsbeta1+/adt2
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt2]
Flags: blocking1.4?
big architectural changes required. not a regression from 1.0. Not for 1.4.
Flags: blocking1.4? → blocking1.4-
No reported crashed in may builds for this stack sig. Marking topcrash-
Keywords: topcrashtopcrash-
ADT: Nominating topembed
Keywords: topembed
Minusing for topembed per Asa's comment. Renominate with explanation if appropriate.
Keywords: topembedtopembed-
*** Bug 211232 has been marked as a duplicate of this bug. ***
bug 211735 has a reduced testcase crashing in nsObjectFrame::FixUpURLS
Depends on: 136927
Blocks: 211735
*** Bug 210923 has been marked as a duplicate of this bug. ***
*** Bug 203060 has been marked as a duplicate of this bug. ***
I don't see any crashes like this in current Talkback data for the Trunk or Mozilla 1.7 branch. Marking worksforme. If anyone can reproduce this, please feel free to reopen.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Crash Signature: [@ nsObjectFrame::GetBaseURL]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: