Closed
Bug 432397
Opened 16 years ago
Closed 15 years ago
[RealPlayer] Crash [@ JS_ClearScope] [@ XPCWrappedNative::GetNewOrUsed] [@ nsRuleNode::Transition]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: [sg:critical?])
Crash Data
[RealPlayer] Crash [@ JS_ClearScope] [@ XPCWrappedNative::GetNewOrUsed] [@ nsRuleNode::Transition]. Possibly related to bug 432223. STEPS TO REPRODUCE 1. load http://www.musicindiaonline.com/music/ut/s/hindi_bollywood/100/ 2. click on a song title (the link to the right of a checkbox) 3. a popup window opens for a few seconds saying "Detecting Configuration..." or something of that nature then crashes. I think these two are clean abort()s from 'std::bad_alloc': bp-5e7645d9-1b31-11dd-89c4-0013211cbf8a bp-84e212ae-1b33-11dd-94ba-001cc45a2c28 Here are a few which are not so clean: bp-f39ca25e-1b36-11dd-a68c-001cc45a2ce4 bp-540b9df3-1b37-11dd-bb87-001cc45a2c28 bp-681672c5-1b37-11dd-8b0e-001cc45a2c28 PLATFORMS AND BUILDS TESTED Bug occurs in Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9pre) Gecko/2008050504 Minefield/3.0pre, with plugin: Helix DNA Plugin: RealPlayer G2 Plug-In Compatible version 0.4.0.626 built with gcc 3.2.0 on Jul 26 2007 In the console window I see, in some cases: playeripc: Got command SetWindow 0 25169707 0 17 1 1 0 0 1 1 1 read: Bad address terminate called after throwing an instance of 'std::bad_alloc' in other cases: read: Bad address ** (crashreporter:27974): CRITICAL **: ORBit_demarshal_object: assertion `orb != CORBA_OBJECT_NIL' failed (realplay.bin:28042): Gdk-WARNING **: GdkWindow 0x3a0001a unexpectedly destroyed ** (realplay.bin:28042): WARNING **: g_io_channel_read_chars: Connection reset by peer *** glibc detected *** /usr/local/RealPlayer/realplay.bin: double free or corruption (out): 0x08139a60 *** or, third case: playeripc: Got command SetWindow 0 25167917 0 17 1 1 0 0 1 1 1 read: Bad address Shutting down with plugins still existing ** (realplay.bin:28412): WARNING **: g_io_channel_read_chars: Connection reset by peer *** glibc detected *** /usr/local/RealPlayer/realplay.bin: munmap_chunk(): invalid pointer: 0x081316a0 ***
Reporter | ||
Updated•16 years ago
|
Whiteboard: [sg:critical?]
Comment 1•16 years ago
|
||
WFM on windows trunk.
Comment 2•15 years ago
|
||
Mats, are you still seeing this? If so, please nominate for blocking1.9.1, because a security bug you discovered while browsing the web is likely to be discovered by someone else as well.
Reporter | ||
Comment 3•15 years ago
|
||
It works for me on trunk, 3.2a1pre 20090109 i686 Linux. I got I few: (realplay.bin:18637): Gtk-CRITICAL **: gtk_widget_destroy: assertion `GTK_IS_WIDGET (widget)' failed but AFAIK it doesn't imply a security problem. It also works for me with 3.0.6pre 2009011504 i686 Linux, but the plugin does not start playing the music when I click a new link (as with the trunk build) - I have to manually click the play button in the plugin for it to start. I'm now using: Helix DNA Plugin: RealPlayer G2 Plug-In Compatible version 0.4.0.4005 built with gcc 3.4.3 on Feb 25 2008 and the RealPlayer README file says: RealPlayer 11.0.0.4028 for Linux I can't reproduce any of the bad "glibc detected" messages above so I'm guessing the newer RealPlayer version might have fixed it... or something could have changed at the site.
Reporter | ||
Comment 4•15 years ago
|
||
Also WFM with "Gecko/20090123 Shiretoko/3.1b3pre"
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ JS_ClearScope]
[@ XPCWrappedNative::GetNewOrUsed]
[@ nsRuleNode::Transition]
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•9 years ago
|
Group: core-security-release
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•