Closed Bug 435764 Opened 12 years ago Closed 12 years ago
crash [@ cairo
_draw _with _xlib] painting windowless plugins when MIME type is obtained from data/src
16.83 KB, text/plain
29.11 KB, patch
|Details | Diff | Splinter Review|
404 bytes, patch
|Details | Diff | Splinter Review|
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9) Gecko/2008052615 (Gentoo) Firefox/3.0 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9) Gecko/2008052615 (Gentoo) Firefox/3.0 As of today (26052008), with the swfdec(git) plugin enabled or disabled, if you try to view/scroll to the bottom of the provided page, firefox 3.0 RC1 crashed (trying to display a plugin managed area). Reproducible: Always
Component: General → GFX: Thebes
Product: Firefox → Core
QA Contact: general → thebes
Summary: crash viewing http://www.leparisien.fr with swfdec(git) plugin enabled or disabled → crash viewing http://www.leparisien.fr with swfdec(git) plugin enabled or disabled [@ cairo_draw_with_xlib]
Version: unspecified → Trunk
Crash with same BT: http://www.universfreebox.com/article5360.html
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: mozbugz → nobody
Component: GFX: Thebes → Plug-ins
QA Contact: thebes → plugins
Made a full debug build of firefox 3 RC2 with today git swfdec: - http://www.leparisien.fr seems not to crash anymore. - http://www.universfreebox.com/article5360.html hangs the whole firefox process.
I'm keen to try out swfdec, but I haven't found a revision of git://swfdec.freedesktop.org/git/swfdec/swfdec in the last few days that compiles. Can someone recommend a revision/tag that I should use, please? BTW, the current issue is: cc1: warnings being treated as errors swfdec_init.c: In function 'swfdec_init': swfdec_init.c:68: warning: implicit declaration of function 'strtoul' swfdec_init.c:68: warning: nested extern declaration of 'strtoul'
Uh yeah, you're in a kind of peculiar situation here as you need to run a development version, and those set -Werror (and no, I'm not going into a discussion of why this is the best thing people should do). In theory, git master should work (and definitely compile) fine, as there's enough developers running it every day. If there's issues, poke me on IRC and I'll fix them immediately. That said, if you still want the easy path, export CFLAGS=-Wno-error when building swfdec and swfdec-mozilla. That gets rid of the "warnings being treated as errors" thing.
Thanks to Benjamin, I now have swfdec-mozilla compiled (and producing some nice effects when Mozilla doesn't crash). The crash is happening because sometimes ws_info is not set up (in nsObjectFrame::CallSetWindow()) and so it contains zeros when used in nsPluginInstanceOwner::Paint(). The crash happens for plugins that are instantiated through nsObjectFrame::Instantiate(nsIChannel* aChannel, nsIStreamListener** aStreamListener) rather than nsObjectFrame::Instantiate(const char* aMimeType, nsIURI* aURI) as only the later does CallSetWindow() (and I don't know why that is). With attachment 324576 [details] [diff] [review], gfxXlibNativeRenderer::Draw almost never uses its dpy argument and so the crash reduces to ###!!! ASSERTION: Visual changed: colormap may not match: 'ws_info->visual == visual', file /home/karl/moz/mozilla/layout/generic/nsObjectFrame.cpp, line 4207 but still no useful info is available in ws_info for the plugin. I can reproduce the assertion when scrolling to the first windowless plugin on http://www.universfreebox.com/article5360.html, or on http://movies.yahoo.com/.
This is one way to solve the problem. Perhaps another is to set up in nsObjectFrame::FixupWindow, or perhaps both nsObjectFrame::Instantiate methods (or neither) should do CallSetWindow(); The build here has this patch and attachment 324576 [details] [diff] [review], for those who would like something that works: https://build.mozilla.org/tryserver-builds/2008-06-11_23:email@example.com/ (I'll see if I can work out why the Instantiate methods differ.)
Is this a common way to view flash on linux? Or are people just using the official macromedia one?
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P1
(In reply to comment #9) The bug is being hit because newer versions of swfdec have windowless support. https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/239182 The macromedia plugin will hit the same bug when it has wmode support. (I don't know how many users use use swfdec or gnash or the macromedia plugin [with nspluginwrapper for 64-bit].)
(In reply to comment #8) A better build with attachment 324914 [details] [diff] [review] (which fixes the plugin height) and attachment 324752 [details] [diff] [review]: https://build.mozilla.org/tryserver-builds/2008-06-12_19:firstname.lastname@example.org/
Similar problem seen in Adobe Flash Player. Most notable with http://movies.yahoo.com/ . Tracked by Adobe internal issue 228012.
This will happen with any windowless plugin when the mime type is determined from using the URL in the data attribute rather than from the type attribute, which now happens for object elements (bug 95549). I guess there would be the same problem if the type attribute were not included in an embed element.
Status: NEW → ASSIGNED
Summary: crash viewing http://www.leparisien.fr with swfdec(git) plugin enabled or disabled [@ cairo_draw_with_xlib] → crash [@ cairo_draw_with_xlib] painting windowless plugins when MIME type is obtained from src
nsPluginInstanceOwner::CreateWidget() is a good place to set up the display because that is where the plugin "becomes" windowless, and the display should not change. The right place to set up the Colormap is in nsPluginInstanceOwner::Renderer::NativeDraw() where the Visual is known. To avoid the need to hunt for the Visual on the Display to find the Screen for selecting a Colormap, this changes the Display* argument of gfxXlibNativeRenderer::NativeDraw to a Screen*. This also makes the treatment of CAIRO_XLIB_DRAWING_SUPPORTS_NONDEFAULT_VISUAL in _create_temp_xlib_surface consistent with that in _draw_with_xlib_direct. i.e. when not set the visual must be the default visual of the screen used, but need not be the default visual of the fallback dpy specified.
Reported by Adobe Flash Player users: http://nvidia.com/ http://www.bbc.co.uk/ I reproduced these crashes by loading the pages and then maximizing the browser frame. The crash appears to come from libxul.so.
I'm seeing an almost identical crash with latest Adobe Flash Player on my own personal blog, which is fixed by Karl's test build. I can reproduce 100% on latest nightly by scrolling down the page. http://crash-stats.mozilla.com/report/index/ec6a48d1-4a4b-11dd-b681-001cc45a2ce4 and http://crash-stats.mozilla.com/report/index/d95b1702-4a4c-11dd-a703-001cc45a2ce4 are two of my crashes from a nightly.
I think my bug #442115 is a duplicate of this with some additional information as to what is causing this.
Summary: crash [@ cairo_draw_with_xlib] painting windowless plugins when MIME type is obtained from src → crash [@ cairo_draw_with_xlib] painting windowless plugins when MIME type is obtained from data/src
FindColormapForVisual and the other colormap-getting machinery should move into gfxNativeRenderer as discussed. Otherwise looks great. (X suuuuucks!)
(In reply to comment #19) > FindColormapForVisual and the other colormap-getting machinery should move into > gfxNativeRenderer as discussed. Done.
Requesting blocking 126.96.36.199 because both swfdec and Adobe now have windowless-capable Flash plugins available (though Adobe's at least is still in beta), and moonlight also has a windowless plugin. The number of affected sites is hard to estimate as there is a race condition between reflow and plugin instantiation, but definitely high enough that we can expect plenty of users to hit this when they upgrade their plugin versions.
Confirmed the latest patch fixes this issue with the moonlight plugin and our testcases. @karlt, The patch doesn't appear to apply cleanly with any version of patch tho, dunno whats going on with that.
Correct patch line counts. (Same code.) (In reply to comment #22) > The patch doesn't appear to apply cleanly with any version of patch > tho, dunno whats going on with that. Thanks for testing, Geoff. Sorry about the patch. Emacs diff-mode sometimes (but I don't know exactly when) doesn't update line counts and I forgot to check that.
Attachment #328287 - Attachment is obsolete: true
for: /tools/gcc/bin/g++ -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wcast-align -Wno-long-long -pedantic -gstabs+ -fno-strict-aliasing -fshort-wchar -pthread -pipe -DNDEBUG -DTRIMMED -Os -freorder-blocks -fno-reorder-functions -finline-limit=50 -fPIC -shared -Wl,-z,defs -Wl,-h,libxul.so -o libxul.so nsStaticXULComponents.o nsUnicharUtils.o nsCompressedCharMap.o nsBidiUtils.o nsRDFResource.o -lpthread -Wl,-rpath-link,../../dist/bin -Wl,--whole-archive ../../embedding/browser/gtk/src/libgtkembedmoz.a ../../toolkit/xre/libxulapp_s.a ../../staticlib/components/libxpconnect.a ../../staticlib/components/libnecko.a ../../staticlib/components/libuconv.a ../../staticlib/components/libi18n.a ../../staticlib/components/libchardet.a ../../staticlib/components/libjar50.a ../../staticlib/components/libpref.a ../../staticlib/components/libcaps.a ../../staticlib/components/libhtmlpars.a ../../staticlib/components/libimglib2.a ../../staticlib/components/libgklayout.a ../../staticlib/components/libdocshell.a ../../staticlib/components/libembedcomponents.a ../../staticlib/components/libwebbrwsr.a ../../staticlib/components/libnsappshell.a ../../staticlib/components/libtxmgr.a ../../staticlib/components/libchrome.a ../../staticlib/components/libcommandlines.a ../../staticlib/components/libtoolkitcomps.a ../../staticlib/components/libpipboot.a ../../staticlib/components/libpipnss.a ../../staticlib/components/libgkplugin.a ../../staticlib/components/libmozfind.a ../../staticlib/components/libappcomps.a ../../staticlib/components/libunixproxy.a ../../staticlib/components/libxpinstall.a ../../staticlib/components/libjsd.a ../../staticlib/components/libautoconfig.a ../../staticlib/components/libauth.a ../../staticlib/components/libcookie.a ../../staticlib/components/libpermissions.a ../../staticlib/components/libuniversalchardet.a ../../staticlib/components/libcomposer.a ../../staticlib/components/librdf.a ../../staticlib/components/libwindowds.a ../../staticlib/components/libintlapp.a ../../staticlib/components/libfileview.a ../../staticlib/components/libstoragecomps.a ../../staticlib/components/libplaces.a ../../staticlib/components/libtkautocomplete.a ../../staticlib/components/libsatchel.a ../../staticlib/components/libpippki.a ../../staticlib/components/libucvmath.a ../../staticlib/components/libwidget_gtk2.a ../../staticlib/components/libsystem-pref.a ../../staticlib/components/libgkgfxthebes.a ../../staticlib/components/libaccessibility.a ../../staticlib/components/libremoteservice.a ../../staticlib/components/libspellchecker.a ../../staticlib/components/libzipwriter.a ../../staticlib/libxpcom_core.a ../../staticlib/libucvutil_s.a ../../staticlib/libgkgfx.a ../../staticlib/libgfxshared_s.a ../../staticlib/libmozreg_s.a ../../staticlib/libmorkreader_s.a ../../staticlib/libgtkxtbin.a ../../staticlib/libgfxpsshar.a ../../staticlib/libthebes.a -Wl,--no-whole-archive -L../../dist/lib -lsqlite3 -L../../dist/bin -L../../dist/lib -L../../dist/bin -L../../dist/lib -L../../jpeg -lmozjpeg -L../../modules/libimg/png -lmozpng -L../../dist/bin -lmozlcms -L../../dist/bin -lmozjs -L../../dist/bin -L../../dist/lib -lcrmf -lsmime3 -lssl3 -lnss3 -lnssutil3 -lsoftokn3 -L../../modules/zlib/src -lmozz -L/lib64 -lpangocairo-1.0 -lcairo -lpangoft2-1.0 -lpango-1.0 -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0 ../../gfx/cairo/cairo/src/libmozcairo.a ../../gfx/cairo/libpixman/src/libmozlibpixman.a -L/usr/lib64 -lXrender -lfreetype -lfontconfig -L../../dist/lib -lplds4 -lplc4 -lnspr4 -lpthread -ldl -L/usr/lib64 -lX11 -lXft -lXrender -lfontconfig -lfreetype -lX11 -L/lib64 -lgtk-x11-2.0 -latk-1.0 -lgdk-x11-2.0 -lgdk_pixbuf-2.0 -lm -lpangocairo-1.0 -lpango-1.0 -lcairo -lgmodule-2.0 -ldl -lgobject-2.0 -lglib-2.0 -lXt -lgthread-2.0 -lfreetype -ldl -lm /usr/bin/ld: ../../staticlib/libthebes.a(gfxXlibNativeRenderer.o): relocation R_X86_64_PC32 against `gdk_display_get_screen' can not be used when making a shared object; recompile with -fPIC
Attachment #328437 - Flags: review?(roc)
Attachment #328437 - Flags: review?(roc) → review+
pushed: http://hg.mozilla.org/index.cgi/mozilla-central/rev/9bbea3b66376 http://hg.mozilla.org/index.cgi/mozilla-central/rev/e30f2c0b5c1f http://hg.mozilla.org/index.cgi/mozilla-central/rev/6c0971153949
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Another consistent crasher: http://skoda-auto.cz/
Please use the build here: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2008-07-08-02-mozilla-central/ It includes the fix for this bug (and resolves the crash on http://skoda-auto.cz/).
Awesome. Works great with all of the problem URLs. Thanks.
Attachment #328388 - Flags: approval188.8.131.52?
Attachment #328437 - Flags: approval184.108.40.206?
Can we get a test for this before landing in 1.9.0?
(In reply to comment #31) Automated testing depends on having a windowless plugin in our source tree (bug 386144). I've manually tested this patch with Swfdec on the problem sites reported here, Geoff Norton has tested the Moonlight plugin (comment #22) on their testcases (including attachment attachment 326988 [details]), and Mike Melanson has tested the Adobe plugin (comment #28).
Comment on attachment 328388 [details] [diff] [review] move ws_info set up from nsObjectFrame::CallSetWindow() v4.1.1 Approved for 220.127.116.11. Please land in CVS. a=ss
Attachment #328388 - Flags: approval18.104.22.168? → approval22.214.171.124+
Comment on attachment 328437 [details] [diff] [review] include gdk/gdkscreen.h in system-headers Approved for 126.96.36.199. Please land in CVS. a=ss
Attachment #328437 - Flags: approval188.8.131.52? → approval184.108.40.206+
No blocking, but wanted (and the patches are already approved).
Comment on attachment 328388 [details] [diff] [review] move ws_info set up from nsObjectFrame::CallSetWindow() v4.1.1 checked into cvs with attachment 328437 [details] [diff] [review]: http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&branch=HEAD&cvsroot=%2Fcvsroot&date=explicit&mindate=1216938963&maxdate=1216939084&who=karlt%2B%25karlt.net
Crash Signature: [@ cairo_draw_with_xlib]
You need to log in before you can comment on or make changes to this bug.