Closed Bug 201097 Opened 22 years ago Closed 22 years ago

[AxPlugin] activex Plugin performs illegal operation when active-x content opened

Categories

(Core Graveyard :: Embedding: ActiveX Wrapper, defect)

x86
Windows XP
defect
Not set
blocker

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: ashshbhatt, Assigned: adamlock)

References

Details

Attachments

(3 files)

Tested with 20030407 illegal operation dialog comes up when a page with active-x content is opened. Mozilla does not crash and the execution os the script on the page continues. Closing mozilla crashes it. Does not happen in mozilla debug build. Looks like pref issue since the crash happens in xppref32.dll Stack trace xppref32.dll!00c44332() xppref32.dll!00c4418c() xpcom.dll!100046e9() mozilla.exe!004102d1() mozilla.exe!00402f1e() kernel32.dll!77e814c7()
is this a dupe of bug 200680?
NO, this is something I only get in nightly builds. This does not happen in the debug build
Is there a specific URL that causes this?
This happens on any page which has Active-x content like <object> tag Testcase: <html> <head> </head> <body> <object ID="Player" height="10" width="10" CLASSID="CLSID:6BF52A52-394A-11d3-B153-00C04F79FAA6" foo="Foo()"> <param name="baseURL" value="file:///c:/m/activex_samples"> </object> </body> </html>
It seems to be any control. The plugin or something it calls crashes and the NPAPI and puts up a 'plugin has crashed' dialog. I can't find any way to stop it doing this so I can see a stack trace of talkback incident. Even setting a "plugin.dont_try_safe_calls" pref doesn't make any difference. I'll have to do an optimized build and see if I can reproduce it. Ashish if you can generate a talkback ID, can you attach it please? Thanks
Works until 2003-04-01-05-trunk_ax and crashes 2003-04-02-05-trunk_ax onwards. caused by somethig that was checked in on 04/01.
Attached file Stack of crash
This is the stack of a crash I get in the plugin code. Not entirely sure it's the same. pData looks bad, it's not null, but it's not a valid pointer either.
Well I've figured out how to use the pref. It seems to be read even before there is a user profile, so it has to go into the defaults\pref folder to be picked up, e.g. add this to activex.js: pref("plugin.dont_try_safe_calls", true); I have been unable to reproduce this with my own local optimized build this morning, but here is the (not very helpful) stack trace for a downloaded nightly version: NPMOZAX! 02112192() GKPLUGIN! 01a136c5() GKPLUGIN! 01a18935() GKLAYOUT! 00e77525() GKLAYOUT! 00e76b19() GKLAYOUT! 00e8f2ce() GKLAYOUT! 00e93c2e() GKLAYOUT! 00e93a8c() GKLAYOUT! 00e93915() GKLAYOUT! 00e937f9() GKLAYOUT! 00e92acb() GKLAYOUT! 00e925b3() GKLAYOUT! 00e916f3() GKLAYOUT! 00e9a81a() GKLAYOUT! 00e93471() GKLAYOUT! 00e928b7() GKLAYOUT! 00e925b3() GKLAYOUT! 00e916f3() GKLAYOUT! 00e84a7a() GKLAYOUT! 00e75160() GKLAYOUT! 00ef5a0f() GKLAYOUT! 00ef5746() GKLAYOUT! 00ed6cf4() GKLAYOUT! 00ed6cf4() GKLAYOUT! 0101ab85() GKLAYOUT! 0101abb0() GKLAYOUT! 00ed6cf4() GKLAYOUT! 0101a455() GKLAYOUT! 00e84a7a() GKLAYOUT! 01018fe3() GKLAYOUT! 00e65fcf() GKLAYOUT! 00e6d112() GKLAYOUT! 00e6cf05() XPCOM! 1002c30b() SHELL32! 778b0c24() The only change that has gone into the plugin recently is changes to the control param parsing code in LegacyPlugin.cpp on 2nd April for bug 199163. This fits in with the timetable but I don't see anything about it which would cause this crash.
I've tried a couple of combinations of flags to replicate the issue in my local build with no success. So far I have been testing with VC++ 7.0 but I'm now trying a build using VC++ 6.0 to see if that makes a difference. The only checkin that went into the plugin in the timeframe was this: http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=LegacyPlugin.cpp&root=/cvsroot&subdir=mozilla/embedding/browser/activex/src/plugin&command=DIFF_FRAMESET&rev1=1.35&rev2=1.36 Perhaps the CComVariant constructor in the call is confusing it or perhaps something else. I'm also trying to determine what build flags and other settings were used in producing the faulty build to see if it is a specific issue with the build environment.
Well, I've tried and tried again to reproduce this locally and have not managed it. I spoke to Loan Pham about the mozconfig settings being used, the compiler version, the clobber / incremental settings and as far as I know my local build configuration is identical yet I still can't reproduce the problem. I have just completed a clean fetch and build from scratch using the same mozconfig and have uploaded it to http://blues.netscape.com/users/adamlock/publish/mozilla_ax4.zip Ashish can you test this and see if it works better than the build machine? I'll attach the mozconfig to this bug next.
Attached file mozconfig
OK, so there is something wrong in the build machine, I do not get the illegal operation dialog with this build
Attached patch PatchSplinter Review
This patch works for Ashish. It fixes two potential issues, that may be tripping up compilers with certain headers or patch levels: 1. Moves the decl of CComVariant out of the call to AddNamedProperty 2. Renames variable 'i' to 'j' as there is another 'i' in the class.
Comment on attachment 120585 [details] [diff] [review] Patch Requesting r/sr on this simple patch that fixes some machines that build plugins that crash.
Attachment #120585 - Flags: superreview?(alecf)
Attachment #120585 - Flags: review?(dbradley)
Comment on attachment 120585 [details] [diff] [review] Patch r=dbradley Silly compilers.
Attachment #120585 - Flags: review?(dbradley) → review+
Comment on attachment 120585 [details] [diff] [review] Patch sr=alecf
Attachment #120585 - Flags: superreview?(alecf) → superreview+
Fix is checked in. Reopen the bug if the problem persists. Ashish, can you do me a favour and run this command from your DevStudio\VC98\ATL\Include directory? FOR %f IN (*.h) DO @md5sum %f My results are below: 9063104c36a02ece5c02abf8e4a90ced *ATLBASE.H 1430ed90f8c285d63f94350acfb7c50c *ATLCOM.H ed301bbfac602eafb573a82a08448fde *ATLCONV.H e574c4a9914e40e14287c6077b08aae2 *ATLCTL.H 1fbc47f696032f3018b8c7c9686dc9fc *ATLDB.H 68b4b5ac3f860de3407cf2fa12261919 *ATLDBCLI.H 6bb21abbf97689555ef0e919a2f15a59 *ATLDBSCH.H 201bce787c60c10bd87c440787503392 *ATLDEF.H ac5f243fe8c60355120c4e2c6e07d7c3 *ATLHOST.H 35692cf18c943ca79277a7c0fee89e69 *ATLIFACE.H cd44d8ffe983f6e8427c851f38a6ddaa *ATLSNAP.H e2c742f9ca1d1e79fcb29c003300605a *ATLWIN.H e405b717ddcf339d4fae6bb8ef24a26b *STATREG.H
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
From my machine Which has visual studio.net installed a28868d027a95a4475c178c7db511fd8 *ATLBASE.H a2bc73deb54e70f44b2dece511003231 *ATLCOM.H ed301bbfac602eafb573a82a08448fde *ATLCONV.H e574c4a9914e40e14287c6077b08aae2 *ATLCTL.H f17bb9261f1554a9d860c60651f04e13 *ATLDB.H 9d925415dd8d79b25777cef7de039251 *ATLDBCLI.H 05b42a7b4c311a067f140150aa908e49 *ATLDBSCH.H 201bce787c60c10bd87c440787503392 *ATLDEF.H ac5f243fe8c60355120c4e2c6e07d7c3 *ATLHOST.H 35692cf18c943ca79277a7c0fee89e69 *ATLIFACE.H cd44d8ffe983f6e8427c851f38a6ddaa *ATLSNAP.H e2c742f9ca1d1e79fcb29c003300605a *ATLWIN.H e405b717ddcf339d4fae6bb8ef24a26b *STATREG.H From the machine where I did the optimized build 9063104c36a02ece5c02abf8e4a90ced *ATLBASE.H 1430ed90f8c285d63f94350acfb7c50c *ATLCOM.H ed301bbfac602eafb573a82a08448fde *ATLCONV.H e574c4a9914e40e14287c6077b08aae2 *ATLCTL.H 1fbc47f696032f3018b8c7c9686dc9fc *ATLDB.H 68b4b5ac3f860de3407cf2fa12261919 *ATLDBCLI.H 6bb21abbf97689555ef0e919a2f15a59 *ATLDBSCH.H 201bce787c60c10bd87c440787503392 *ATLDEF.H ac5f243fe8c60355120c4e2c6e07d7c3 *ATLHOST.H 35692cf18c943ca79277a7c0fee89e69 *ATLIFACE.H cd44d8ffe983f6e8427c851f38a6ddaa *ATLSNAP.H e2c742f9ca1d1e79fcb29c003300605a *ATLWIN.H e405b717ddcf339d4fae6bb8ef24a26b *STATREG.H
Hmm, ATL headers seem the same. Loan sent me a list of checksums for the standard SDK headers and there were some minor differences to mine. Frankly I'm stumped as to the cause. We'll have to wait and see if the patch makes a difference.
Todays build seems to work, so I guess the problem has been solved. Ashish, can you verify please? Thanks
Verified on 2003-04-16
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: