Closed Bug 434916 Opened 17 years ago Closed 10 years ago

[10.4] calling nsISound::play with large .wav file causes crash [@nsSound::Play] (findbar "not found" sound) [@ AppKit@0x1ea480 ]

Categories

(Core :: Widget: Cocoa, defect)

Product:
Core
Component:
Widget: Cocoa
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jbecerra, Unassigned)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Gdb stack trace with debug symbols
2.69 KB, text/plain
Details
Fx3rc1 Mac OS X 10.4.11, if, for whatever reason, you search for some random text on the about:config page, Firefox crashes: http://crash-stats.mozilla.com/report/index/fb8b28eb-26e0-11dd-814d-001cc45a2c28 The crash also happens if you search for text in about:crashes or about:robots. Steps: 1. Go to about:config or about:robots 2. command-f to search for random text in the page, like: lakjsd;lkfaj;sdkfj Expected: No text results found Actual: crash Fx on Windows does not crash with these steps.
Actually, before Step 1 I tried changing the accessibility.typeaheadfind.soundURL preference to http://www.dailywav.com/0506/annoyinganimal.wav, as described in Litmus test case 4231. That seems to be why it crashes.
Component: Search → Find Toolbar / FastFind
QA Contact: search → fast.find
I also crash (following your full STR, including what you say in comment #1), though only on OS X 10.4.11 (not on OS X 10.5.2). I see the same crash as you: bp-b4028cb3-2743-11dd-8e15-001321b13766 With the Breakpad servers so bogged down, it's difficult to tell how serious this is. Clearly very few people are going to set their accessibility.typeaheadfind.soundURL to such a long (and annoying) sound :-) But I don't know how many other ways there are to get this crash.
I don't crash on Windows or Linux (or on OS X 10.5.2). But (interestingly) on Linux and OS X 10.5.2 you get many copies of the sound URL playing simultaneously (which is extremely unpleasant). I'll bet this has something to do with the crashes on OS X 10.4.11. On Windows you only get the sound once.
I've found 6 reports of this crash over the last 7 days -- so this definitely isn't a topcrasher. To trick the Breakpad servers into cooperating, I had to search over 1 hour, then over 1 day, then over 3 days, then over 7 days (each time waiting for the previous search to succeed). Here's my final search: http://crash-stats.mozilla.com/report/list?range_unit=days&query_search=stack&query_type=exact&version=Firefox%3A3.0&signature=AppKit%400x1ea61c&query=nsSound%3A%3AOnStreamComplete%28nsIStreamLoader%2A%2C+nsISupports%2A%2C+unsigned+int%2C+unsigned+int%2C+unsigned+char+const%2A%29&range_value=7
Does this really require an about: page, or does it happen any time the find bar "not found" sound is played?
Assignee: nobody → joshmoz
Component: Find Toolbar / FastFind → Widget: Cocoa
Product: Firefox → Core
QA Contact: fast.find → cocoa
Summary: text search in about:config warning page crashes Firefox → [10.4] calling nsISound::play with large .wav file causes crash [@nsSound::Play] (findbar "not found" sound)
Signature AppKit@0x1ea61c UUID fb8b28eb-26e0-11dd-814d-001cc45a2c28 Time 2008-05-20 19:51:52-07:00 Uptime 11 Product Firefox Version 3.0 Build ID 2008051202 OS Mac OS X OS Version 10.4.11 8S2167 CPU x86 CPU Info GenuineIntel family 6 model 14 stepping 8 Crash Reason EXC_ARITHMETIC / EXC_I386_DIV Crash Address 0x9344561c Comments mac 10.4.11 Crashing Thread Frame Module Signature Source 0 AppKit AppKit@0x1ea61c 1 AppKit AppKit@0x1ea308 2 XUL nsSound::OnStreamComplete mozilla/widget/src/cocoa/nsSound.mm:81 could we get symbols for that AppKit? note that about:config should let you try a different accessibility.typeaheadfind.soundURL see if that changes things.
Severity: normal → critical
Keywords: crash
reporter: if you save the file locally (and use a file: url), does it happen? and is it crashing immediately or at some point into playing? sorry about my earlier comment, i should have read comment 1 gavin: the error console should work.... (Components.Constructor("@mozilla.org/sound;1","nsISound"))().play(/*you need one argument here*/)
I don't have anywhere to get symbols from that AppKit, but I can tell someone how. Juan: on the machine you produced this crash on, could you download this (x86) executable: http://people.mozilla.com/~tmielczarek/dump_syms and then run the following command in a terminal: dump_syms /System/Library/Frameworks/AppKit.framework/Versions/Current/AppKit > AppKit.sym Then attach AppKit.sym here.
PUBLIC 1ea294 0 -[NSSound initWithData:] PUBLIC 1ea32f 0 -[NSSound _postInitialization] Juan sent me the symbols via email, and that's the relevant part, I believe. Looks like the top of the stack is 0 -[NSSound _postInitialization] 1 -[NSSound initWithData:] Which makes sense, given that line 81 in nsSound.mm is: NSSound *sound = [[NSSound alloc] initWithData:value]; Sucks that we're crashing in AppKit though.
For what it's worth, here's a stack trace of this crash made in gdb from a recent cvs (1.9.0-branch) build containing debug symbols. The trace also includes an error message that appeared in the console. The source for the build was pulled on Monday, 2008-07-14. The crash happened (and the build was made) on OS X 10.4.11.
Assignee: joshmoz → nobody
crash [@ AppKit@0x1ea480 ] #11 crash for Mac, didn't make top 100 overall Total 145, all Mac (Jan25-Feb22) All crashes were: MacOS 10.4.11 8S2167, x86, TB v3.0.1 bp-f8befa42-7da7-423c-9132-792672100222 v3.0.1 Build20100111130305 0 AppKit AppKit@0x1ea480 1 AppKit AppKit@0x1ea16c 2 thunderbird-bin nsSound::OnStreamComplete widget/src/cocoa/nsSound.mm:82
Hardware: PowerPC → All
Summary: [10.4] calling nsISound::play with large .wav file causes crash [@nsSound::Play] (findbar "not found" sound) → [10.4] calling nsISound::play with large .wav file causes crash [@nsSound::Play] (findbar "not found" sound) [@ AppKit@0x1ea480 ]
Michael, do you have all the latest Mac OS X security updates installed? I'm still puzzled (irritated) by the fact we have so many crashes from 10.4.11 8S2167 that don't have matching module IDs and thus don't get resymbolized. I even had a couple people with old 10.4.11 machines step through updates and send me symbols a few months ago to try and fill in these "blanks", but it really hasn't helped appreciably.
(In reply to comment #12) > Michael, do you have all the latest Mac OS X security updates installed? No (I'm trying to preserve stability for a lone "holdout" application), but my system's update state really doesn't matter -- that crash ID isn't from me, it's just a sample from 'crash-reports' (I'm running 10.5.8). > I'm still puzzled (irritated) by the fact we have so many crashes from 10.4.11 > 8S2167 that don't have matching module IDs and thus don't get resymbolized. I was curious about that myself.....unfortunately, I don't have an x86 machine on which I can install 10.4.11.
Crash Signature: [@nsSound::Play] [@ AppKit@0x1ea480 ]
No Mac crashes containing nsSound::Play for the past 2 months https://crash-stats.mozilla.com/search/?product=Firefox&signature=~nsSound%3A%3APlay&platform=Mac+OS+X&date=%3E2015-09-01&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform
Status: NEW → RESOLVED
Crash Signature: [@nsSound::Play] [@ AppKit@0x1ea480 ] → [@nsSound::Play] [@ AppKit@0x1ea480 ]
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: