Regression - Crash [@ nsIFrame::GetView] when using Silverlight




9 years ago
6 years ago


(Reporter: Eduardo Leal-Tostado, Assigned: timeless)


({crash, fixed1.8.1.21, regression})

1.8 Branch
Windows Vista
crash, fixed1.8.1.21, regression
Bug Flags:
wanted1.9.0.x - +
wanted1.8.1.x +

Firefox Tracking Flags

(Not tracked)


(crash signature, URL)


(1 attachment)



9 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)
Build Identifier: Firefox

I cannot repro this issue using FF but it repros in the latest version

1)Install Silverlight ( Runtime
2) Navigate to
3) Select any video from '"How Do I?" Videos' section to play
3) After video plays about 10 seconds, click the 'X' to close i

Reproducible: Always

Steps to Reproduce:
Actual Results:  
After doing the steps above, I got a crash. I attached a debugger and load the symbols from

firefox.exe!nsIFrame::GetView()  Line 2327	C++
firefox.exe!nsPluginInstanceOwner::InvalidateRect(nsPluginRect * invalidRect=0x0018fb38)  Line 2608 + 0xb bytes	C++
firefox.exe!nsPluginInstancePeerImpl::InvalidateRect(nsPluginRect * invalidRect=0x0018fb38)  Line 880	C++
 	firefox.exe!_invalidaterect(_NPP * npp=0x05c8de44, _NPRect * invalidRect=0x05c8de40)  Line 1445	C++

Expected Results:  
No Crash.  Works fine in FF 3.0.5 and FF

Comment 1

9 years ago
2390 NS_IMETHODIMP nsPluginInstanceOwner::InvalidateRect(nsPluginRect *invalidRect)
2391 {
2392   nsresult rv = NS_ERROR_FAILURE;
2394   if (mOwner && invalidRect && mWidgetVisible) {
2395     //no reference count on view
2396     nsIView* view = mOwner->GetView();

so mOwner shouldn't be null...

we're either crashing because this is null, or this is garbage.

could you provide locals for the top two frames? :)

(i don't really want to install silverlight)
Severity: normal → critical
Component: General → Plug-ins
Keywords: crash, regression
Product: Firefox → Core
QA Contact: general → plugins
Summary: Regression - Crash firefox.exe!nsIFrame::GetView() when using Silverlight → Regression - Crash [@ nsIFrame::GetView] when using Silverlight
Version: unspecified → 1.8 Branch

Comment 2

9 years ago
doh. this was fixed by bz in rev 1.522

(the sources i quoted at the beginning of comment 1 are from where it's fixed).

note that is officially one rev past end of life. we don't intend to release any updated versions.
Assignee: nobody → beltzner
Ever confirmed: true


9 years ago
r+sr=me to add the null-check so that tbird/seamonkey/etc won't have this problem.

I'm not sure why you assigned this to beltzner, though.
That late-2005 fix never landed on 1.8 so that doesn't explain the regression between and (-.20 was a respin).

Would be nice to narrow down the regression-range, first to whether it broke in or, and then a binary-search through nightlies from (builds with a -mozilla1.8 suffix).

If I had to guess the only relevant-looking plugin-related fix was for bug 433610 landed 2008-09-22. If so that means it broke in released mid-November

The fix timeless refers to is bug 312055, and the trunk patch for bug 433610 may have passed testing without realizing it was relying on such an old patch.
Flags: wanted1.9.0.x?

Comment 5

9 years ago
I did the search, and I got the build that initially repro this issue.  Also the 9/23 had another issue that prevented the plugin to show until you press the stop loading button but once that you pass that, you get the crash.

No Repro

Yeah, that's when the fix for bug 433610 landed.

Comment 7

9 years ago
Created attachment 355678 [details] [diff] [review]
Attachment #355678 - Flags: superreview+
Attachment #355678 - Flags: review+
Attachment #355678 - Flags:
Attachment #355678 - Flags:
Assignee: beltzner → timeless
Flags: wanted1.8.1.x+
Comment on attachment 355678 [details] [diff] [review]

Approved for, a=dveditz for release-drivers
Attachment #355678 - Flags: →
This is 1.8-only so there's no need for it to be wanted on 1.9.0. Please re-nominate if that's incorrect.
Flags: wanted1.9.0.x? → wanted1.9.0.x-
Fix checked into the 1.8 branch
Blocks: 433610
Last Resolved: 9 years ago
Keywords: fixed1.8.1.21
Resolution: --- → FIXED
Crash Signature: [@ nsIFrame::GetView]
You need to log in before you can comment on or make changes to this bug.