Clicking Play on Realplayer plugin silently crashes browser [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]

VERIFIED FIXED

Status

()

Core
Plug-ins
P4
critical
VERIFIED FIXED
12 years ago
7 years ago

People

(Reporter: mmortal03, Assigned: jst)

Tracking

({crash, regression})

Trunk
x86
Windows XP
crash, regression
Points:
---
Bug Flags:
blocking1.9 +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(2 attachments)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1

Warning, it will close your browser. Go to this guy's myspace, scroll down to the realplayer plugin showing up a little down the page on the left. Click on the play button. The browser silently crashes. Here is the link: http://www.myspace.com/jsmitty2005

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1

Also,
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060225 Firefox/1.6a1

Talkback ID: TB15641144Z

Reproducible: Always

Steps to Reproduce:
Bug 192914 might be relevent.
Keywords: crash
Summary: Clicking Play on Realplayer plugin silently crashes browser → Clicking Play on Realplayer plugin silently crashes browser [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]

Updated

12 years ago
Component: General → Plug-ins
Product: Firefox → Core
QA Contact: general → plugins
Version: unspecified → Trunk

Comment 2

12 years ago
Incident ID: 15641144
Stack Signature	pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e
Product ID	FirefoxTrunk
Build ID	2006022504
Trigger Time	2006-02-26 03:49:16.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	pngu3267.dll + (00007d7d)
URL visited	
User Comments	
Since Last Crash	50307 sec
Total Uptime	52165 sec
Trigger Reason	Stack overflow
Source File, Line No.	N/A
Stack Trace 	
pngu3267.dll + 0x7d7d (0x158e7d7d)
embd3260.dll + 0x11dc (0x626311dc)
pngu3267.dll + 0x7cec (0x158e7cec)
pngu3267.dll + 0x63f3 (0x158e63f3)
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
PluginWndProc   USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
pngu3267.dll + 0x7d66 (0x158e7d66)
pngu3267.dll + 0x7d00 (0x158e7d00)
pngu3267.dll + 0x63f3 (0x158e63f3)
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
PluginWndProc   USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
pngu3267.dll + 0x7d66 (0x158e7d66)
pngu3267.dll + 0x7d00 (0x158e7d00)
pngu3267.dll + 0x63f3 (0x158e63f3)
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
PluginWndProc   USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
pngu3267.dll + 0x7d66 (0x158e7d66)
pngu3267.dll + 0x7d00 (0x158e7d00)
pngu3267.dll + 0x63f3 (0x158e63f3)
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
PluginWndProc   USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
pngu3267.dll + 0x7d66 (0x158e7d66)
pngu3267.dll + 0x7d00 (0x158e7d00)
pngu3267.dll + 0x63f3 (0x158e63f3)
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
PluginWndProc   USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0xc63f (0x77d4c63f)
USER32.dll + 0xe905 (0x77d4e905)
pngu3267.dll + 0x7d66 (0x158e7d66)
pngu3267.dll + 0x7d00 (0x158e7d00)
pngu3267.dll + 0x63f3 (0x158e63f3)

Comment 3

12 years ago
I can reproduce this bug on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060625 Minefield/3.0a1 ID:2006062504 [cairo]
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 4

11 years ago
This bug is still alive and well in Seamonkey with the Realplayer Plugin on Windows XP:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070512 SeaMonkey/1.5a

I've stopped using RealPlayer on Linux, probably because of it.
Another page that triggers this is: http://www.inf.fu-berlin.de/inst/zdm/livecasting/demo_test/real-emb-playstop.html (just keep trying; you'll eventually hit it).

Indeed, this still *does* happen, as I've demonstrated with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110703 Firefox/3.0b1
Flags: blocking1.9?
+'ing this but setting priority to P3.  
Flags: blocking1.9? → blocking1.9+
Priority: -- → P3
Created attachment 288515 [details]
testcase

I think this is the same crash as mentioned in the bug. I didn't minimized this from one of the mentioned sites, though.
Assignee: nobody → jst
Priority: P3 → P4

Comment 8

10 years ago
Given the age of this bug, lack of dups, and lack of motion moving off blocking list
Flags: blocking1.9+ → blocking1.9-
(Reporter)

Comment 9

10 years ago
The original test case doesn't crash for me anymore, however, the example case in comment #7 still does.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012204 Firefox/3.0a6pre
This regressed between 2005-12-04 and 2005-12-05:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-12-04+04&maxdate=2005-12-05+06&cvsroot=%2Fcvsroot
It seems to have somehow been regressed from bug 317486.
Backing out the relevant parts of that patch seems to make the crash go away.
Blocks: 317486
Created attachment 301478 [details] [diff] [review]
patch?

Is this an acceptable workaround for the crash?
Btw, this seems perhaps related to bug 192914 to me.
Re-nominating since this is a regression on the 1.9 branch with a regression range, regardless of how old it is.
Flags: blocking1.9- → blocking1.9?
Keywords: regression
Attachment #301478 - Flags: superreview?(jst)
Attachment #301478 - Flags: review?(emaijala)
Would be great to have this fixed. Lets try to get this patch reviewed at least.
Flags: blocking1.9? → blocking1.9+
(Assignee)

Comment 14

10 years ago
(In reply to comment #11)
> Is this an acceptable workaround for the crash?

Martijn, I think this is the correct approach here, yes. Do you know whether we're recursing to death on a WM_SETFOCUS or WM_KILLFOCUS? It might make sense to have this protection for only the one real is having problems with just in case it depends on this in some other oddball cases.
Apparently, the recursing to death happens on WM_SETFOCUS and WM_KILLFOCUS. Just doing it for one of the events doesn't fix the crash, it seems.
(Assignee)

Comment 16

10 years ago
Comment on attachment 301478 [details] [diff] [review]
patch?

Fair enough. sr=jst
Attachment #301478 - Flags: superreview?(jst) → superreview+
(Assignee)

Updated

10 years ago
Whiteboard: [HAVE FIX]

Updated

10 years ago
Attachment #301478 - Flags: review?(emaijala) → review+
(Assignee)

Comment 17

10 years ago
Fix checked in. Thank you Martijn for the fix! Oh, and I just noticed that Ere reviewed this, I said in the checkin comment that this was r+sr=jst :( Sorry about that...
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Updated

10 years ago
Whiteboard: [HAVE FIX]
Sorry, I missed Ere reviewing this.
I guess I need to readjust my bugmail settings.

Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008022704 Minefield/3.0b4pre
Status: RESOLVED → VERIFIED

Updated

10 years ago
Duplicate of this bug: 418780
Crash Signature: [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]
You need to log in before you can comment on or make changes to this bug.