Closed Bug 328675 Opened 19 years ago Closed 17 years ago

Clicking Play on Realplayer plugin silently crashes browser [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]

Categories

(Core Graveyard :: Plug-ins, defect, P4)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: mmortal03, Assigned: jst)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

testcase
404 bytes, text/html
Details
patch?
1.08 KB, patch
emaijala+moz
: review+
jst
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1 Warning, it will close your browser. Go to this guy's myspace, scroll down to the realplayer plugin showing up a little down the page on the left. Click on the play button. The browser silently crashes. Here is the link: http://www.myspace.com/jsmitty2005 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060224 Firefox/1.6a1 Also, Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060225 Firefox/1.6a1 Talkback ID: TB15641144Z Reproducible: Always Steps to Reproduce:
Bug 192914 might be relevent.
Keywords: crash
Summary: Clicking Play on Realplayer plugin silently crashes browser → Clicking Play on Realplayer plugin silently crashes browser [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]
Component: General → Plug-ins
Product: Firefox → Core
QA Contact: general → plugins
Version: unspecified → Trunk
Incident ID: 15641144 Stack Signature pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e Product ID FirefoxTrunk Build ID 2006022504 Trigger Time 2006-02-26 03:49:16.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module pngu3267.dll + (00007d7d) URL visited User Comments Since Last Crash 50307 sec Total Uptime 52165 sec Trigger Reason Stack overflow Source File, Line No. N/A Stack Trace pngu3267.dll + 0x7d7d (0x158e7d7d) embd3260.dll + 0x11dc (0x626311dc) pngu3267.dll + 0x7cec (0x158e7cec) pngu3267.dll + 0x63f3 (0x158e63f3) USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) PluginWndProc USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) pngu3267.dll + 0x7d66 (0x158e7d66) pngu3267.dll + 0x7d00 (0x158e7d00) pngu3267.dll + 0x63f3 (0x158e63f3) USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) PluginWndProc USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) pngu3267.dll + 0x7d66 (0x158e7d66) pngu3267.dll + 0x7d00 (0x158e7d00) pngu3267.dll + 0x63f3 (0x158e63f3) USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) PluginWndProc USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) pngu3267.dll + 0x7d66 (0x158e7d66) pngu3267.dll + 0x7d00 (0x158e7d00) pngu3267.dll + 0x63f3 (0x158e63f3) USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) PluginWndProc USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) pngu3267.dll + 0x7d66 (0x158e7d66) pngu3267.dll + 0x7d00 (0x158e7d00) pngu3267.dll + 0x63f3 (0x158e63f3) USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) PluginWndProc USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0xc63f (0x77d4c63f) USER32.dll + 0xe905 (0x77d4e905) pngu3267.dll + 0x7d66 (0x158e7d66) pngu3267.dll + 0x7d00 (0x158e7d00) pngu3267.dll + 0x63f3 (0x158e63f3)
I can reproduce this bug on Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060625 Minefield/3.0a1 ID:2006062504 [cairo]
Status: UNCONFIRMED → NEW
Ever confirmed: true
This bug is still alive and well in Seamonkey with the Realplayer Plugin on Windows XP: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070512 SeaMonkey/1.5a I've stopped using RealPlayer on Linux, probably because of it.
Another page that triggers this is: http://www.inf.fu-berlin.de/inst/zdm/livecasting/demo_test/real-emb-playstop.html (just keep trying; you'll eventually hit it). Indeed, this still *does* happen, as I've demonstrated with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b1) Gecko/2007110703 Firefox/3.0b1
Flags: blocking1.9?
+'ing this but setting priority to P3.
Flags: blocking1.9? → blocking1.9+
Priority: -- → P3
Attached file testcase
I think this is the same crash as mentioned in the bug. I didn't minimized this from one of the mentioned sites, though.
Assignee: nobody → jst
Priority: P3 → P4
Given the age of this bug, lack of dups, and lack of motion moving off blocking list
Flags: blocking1.9+ → blocking1.9-
The original test case doesn't crash for me anymore, however, the example case in comment #7 still does. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3pre) Gecko/2008012204 Firefox/3.0a6pre
This regressed between 2005-12-04 and 2005-12-05: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-12-04+04&maxdate=2005-12-05+06&cvsroot=%2Fcvsroot It seems to have somehow been regressed from bug 317486. Backing out the relevant parts of that patch seems to make the crash go away.
Blocks: 317486
Attached patch patch?Splinter Review
Is this an acceptable workaround for the crash? Btw, this seems perhaps related to bug 192914 to me.
Re-nominating since this is a regression on the 1.9 branch with a regression range, regardless of how old it is.
Flags: blocking1.9- → blocking1.9?
Keywords: regression
Attachment #301478 - Flags: superreview?(jst)
Attachment #301478 - Flags: review?(emaijala)
Would be great to have this fixed. Lets try to get this patch reviewed at least.
Flags: blocking1.9? → blocking1.9+
(In reply to comment #11) > Is this an acceptable workaround for the crash? Martijn, I think this is the correct approach here, yes. Do you know whether we're recursing to death on a WM_SETFOCUS or WM_KILLFOCUS? It might make sense to have this protection for only the one real is having problems with just in case it depends on this in some other oddball cases.
Apparently, the recursing to death happens on WM_SETFOCUS and WM_KILLFOCUS. Just doing it for one of the events doesn't fix the crash, it seems.
Comment on attachment 301478 [details] [diff] [review] patch? Fair enough. sr=jst
Attachment #301478 - Flags: superreview?(jst) → superreview+
Whiteboard: [HAVE FIX]
Attachment #301478 - Flags: review?(emaijala) → review+
Fix checked in. Thank you Martijn for the fix! Oh, and I just noticed that Ere reviewed this, I said in the checkin comment that this was r+sr=jst :( Sorry about that...
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: [HAVE FIX]
Sorry, I missed Ere reviewing this. I guess I need to readjust my bugmail settings. Verified fixed, using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b4pre) Gecko/2008022704 Minefield/3.0b4pre
Status: RESOLVED → VERIFIED
Crash Signature: [@ pngu3267.dll + 0x7d7d (0x158e7d7d) bfe3872e]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: