Closed Bug 420259 Opened 16 years ago Closed 7 years ago

Browser hangs if Flash triggers onerror handler that alerts

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mozilla, Unassigned)

References

(
URL
)

Details

(Keywords: hang)

Attachments

(4 files)

Crash report
33.73 KB, text/plain
Details
gdb trace made before clicking OK
20.77 KB, text/plain
Details
gdb trace made after clicking OK
20.77 KB, text/plain
Details
Source code of SWF file
132 bytes, text/plain
Details 
Embedding a Flash movie (regardless of its content) into a cross-domain iframe generates an error: "Permission denied to call Location.toString()". I don't know why this is, but it is annoying but relatively harmless in itself. However, if the page sets a window.onerror handler and that handler displays an alert dialog box, the browser hangs and cannot be closed.

Steps to reproduce:
1) On a Mac, visit http://crypto.stanford.edu/~collinj/test/ff3freeze
2) Try to click the "OK" button

Expected results:
Dialog is dismissed.

Actual results:
Alert dialog cannot be dismissed.

We've only been able to reproduce this on the Mac so far. I tested Firefox 3 beta 3, and the latest nightly; both had the same behavior. I also tested Gran Paradiso alpha 1, which crashed. Firefox 2 does not appear to have this bug.
could you please provide a sampler.app profiled stack trace, or use kill -4 {firefox-pid} to trick a crash report?
Component: OS Integration → Plug-ins
Keywords: hang
Product: Firefox → Core
QA Contact: os.integration → plugins
Attached file Crash report 
(In reply to comment #1)
> could you please provide a sampler.app profiled stack trace, or use kill -4
> {firefox-pid} to trick a crash report?

Here's a crash report generated with kill -4.
I can reproduce this (with today's Minefield nightly, on OS X 10.5.2).

At some point (hopefully today) I'll post a gdb trace of all stacks
made using a Minefield build with debug symbols.

I'll also look for a regression range.

This doesn't happen on Windows (with yesterday's Minefield nightly).

> I'll also look for a regression range.

Collin, if you don't mind (and have time) you could do this yourself.

Just test older nightlies until you find out between which two
nightlies the problem started happening.

OK, here are two traces made using gdb with a Minefile build that has
debug symbols.  I pulled the code for this build this morning, so it's
more-or-less equivalent to today's nightly.

The first trace was made just before clicking on the OK button.  The
second was made just afterwards.  You'll notice that they appear to be
identical.

I've also found the regression range for this bug:

It doesn't happen with the 2007-07-18-04-trunk and previous Minefield
nightlies.  It does happen with the 2007-07-19-04-trunk and later
Minefield nightlies.

The problem's symptoms aren't always exactly the same.  Sometimes you
don't see the alert dialog.  But the Flash "movie" doesn't load, and
the "hang" occurs when you try to reload it.  Other times you do see
the alert dialog.

It's hard to tell which patches might have caused (or triggered) this
bug.  But I can think of two (with the more likely one listed first):

  bug 386799 (landed 2007-07-18 07:40)
  bug 364786 (landed 2007-07-18 07:22)
Interestingly, the problem doesn't happen with today's Camino nightly.
Flags: blocking1.9?
Not sure if this is helpful, but here is the source code for the SWF movie in the test case. It doesn't do anything.
Attachment #306568 - Attachment description: Contents of Flash movie → Source code of SWF file
Thanks, it might be.

Not a blocker, unless this is a pattern that's extremely common on the web, which I see no evidence of so far.
Flags: wanted1.9.0.x+
Flags: blocking1.9?
Flags: blocking1.9+
Fixing flag, as per comment 11 I think jst meant to minus this ...
Flags: blocking1.9+ → blocking1.9-
please open venkman and enable chrome debugging. it sounds like an exception happens while trying to process the OK button in the alert dialog.
Possibly related to bug 436473 and bug 442442.
(In reply to comment #14)
> Possibly related to bug 436473 and bug 442442.

fixed now that bug 436473 is fixed?
Severity: normal → critical
The testcase does not do anything on my Mac except display a gray rectangle. No alert box appears.
This website isn´t accessable anymore.
Severity: critical → normal
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: