Browser hangs if Flash triggers onerror handler that alerts

RESOLVED INCOMPLETE

Status

()

RESOLVED INCOMPLETE
11 years ago
a year ago

People

(Reporter: mozilla, Unassigned)

Tracking

({hang})

Trunk
x86
Mac OS X
Points:
---
Bug Flags:
blocking1.9 -
wanted1.9.0.x +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(4 attachments)

(Reporter)

Description

11 years ago
Embedding a Flash movie (regardless of its content) into a cross-domain iframe generates an error: "Permission denied to call Location.toString()". I don't know why this is, but it is annoying but relatively harmless in itself. However, if the page sets a window.onerror handler and that handler displays an alert dialog box, the browser hangs and cannot be closed.

Steps to reproduce:
1) On a Mac, visit http://crypto.stanford.edu/~collinj/test/ff3freeze
2) Try to click the "OK" button

Expected results:
Dialog is dismissed.

Actual results:
Alert dialog cannot be dismissed.

We've only been able to reproduce this on the Mac so far. I tested Firefox 3 beta 3, and the latest nightly; both had the same behavior. I also tested Gran Paradiso alpha 1, which crashed. Firefox 2 does not appear to have this bug.

Comment 1

11 years ago
could you please provide a sampler.app profiled stack trace, or use kill -4 {firefox-pid} to trick a crash report?
Component: OS Integration → Plug-ins
Keywords: hang
Product: Firefox → Core
QA Contact: os.integration → plugins
(Reporter)

Comment 2

11 years ago
Created attachment 306479 [details]
Crash report

(In reply to comment #1)
> could you please provide a sampler.app profiled stack trace, or use kill -4
> {firefox-pid} to trick a crash report?

Here's a crash report generated with kill -4.
I can reproduce this (with today's Minefield nightly, on OS X 10.5.2).

At some point (hopefully today) I'll post a gdb trace of all stacks
made using a Minefield build with debug symbols.

I'll also look for a regression range.
This doesn't happen on Windows (with yesterday's Minefield nightly).
> I'll also look for a regression range.

Collin, if you don't mind (and have time) you could do this yourself.

Just test older nightlies until you find out between which two
nightlies the problem started happening.
Created attachment 306566 [details]
gdb trace made before clicking OK

OK, here are two traces made using gdb with a Minefile build that has
debug symbols.  I pulled the code for this build this morning, so it's
more-or-less equivalent to today's nightly.

The first trace was made just before clicking on the OK button.  The
second was made just afterwards.  You'll notice that they appear to be
identical.

I've also found the regression range for this bug:

It doesn't happen with the 2007-07-18-04-trunk and previous Minefield
nightlies.  It does happen with the 2007-07-19-04-trunk and later
Minefield nightlies.

The problem's symptoms aren't always exactly the same.  Sometimes you
don't see the alert dialog.  But the Flash "movie" doesn't load, and
the "hang" occurs when you try to reload it.  Other times you do see
the alert dialog.

It's hard to tell which patches might have caused (or triggered) this
bug.  But I can think of two (with the more likely one listed first):

  bug 386799 (landed 2007-07-18 07:40)
  bug 364786 (landed 2007-07-18 07:22)
Created attachment 306567 [details]
gdb trace made after clicking OK
Interestingly, the problem doesn't happen with today's Camino nightly.
Flags: blocking1.9?
(Reporter)

Comment 9

11 years ago
Created attachment 306568 [details]
Source code of SWF file

Not sure if this is helpful, but here is the source code for the SWF movie in the test case. It doesn't do anything.
(Reporter)

Updated

11 years ago
Attachment #306568 - Attachment description: Contents of Flash movie → Source code of SWF file
Thanks, it might be.
Not a blocker, unless this is a pattern that's extremely common on the web, which I see no evidence of so far.
Flags: wanted1.9.0.x+
Flags: blocking1.9?
Flags: blocking1.9+
Fixing flag, as per comment 11 I think jst meant to minus this ...
Flags: blocking1.9+ → blocking1.9-

Comment 13

11 years ago
please open venkman and enable chrome debugging. it sounds like an exception happens while trying to process the OK button in the alert dialog.
Possibly related to bug 436473 and bug 442442.

Comment 15

7 years ago
(In reply to comment #14)
> Possibly related to bug 436473 and bug 442442.

fixed now that bug 436473 is fixed?
Severity: normal → critical

Comment 16

7 years ago
The testcase does not do anything on my Mac except display a gray rectangle. No alert box appears.

Comment 17

a year ago
This website isn´t accessable anymore.
Severity: critical → normal
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.