Closed Bug 486940 Opened 15 years ago Closed 15 years ago

Opening any pdf causes crash [@ libgobject-2.0.so.0.1600.6@0xca1a ] or [@ libgobject-2.0.so.0.1800.2@0xcf0a ] or [@ libgobject-2.0.so.0.2000.0@0xcf4a ]

Categories

(Core Graveyard :: Plug-ins, defect, P1)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Linux
Type:
defect

Tracking

(status1.9.2 beta1-fixed)

Status:
VERIFIED FIXED
Milestone:
mozilla1.9.2a1
Tracking Flags:
Tracking Status
status1.9.2 --- beta1-fixed

People

(Reporter: kbrosnan, Assigned: Swatinem)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file, 2 obsolete files)

fix crash [pushed: comment 13]
1.65 KB, patch
karlt
: review+
roc
: superreview+
Details | Diff | Splinter Review 
In the trunk install the Adobe Reader plug-in and open any pdf. Crash stats shows that this started around February 3rd. All the comments say open a pdf.

http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.2a1pre&version=Firefox%3A3.6a1pre&query_search=signature&query_type=exact&query=libgobject-2.0.so.0.1800.2%400xcf0a&date=&range_value=4&range_unit=weeks&do_query=1&signature=libgobject-2.0.so.0.1800.2%400xcf0a

0  	libgobject-2.0.so.0.1800.2  	libgobject-2.0.so.0.1800.2@0xcf0a  	
1 	libgtk-x11-2.0.so.0.1400.4 	libgtk-x11-2.0.so.0.1400.4@0x247107 	
2 	libxul.so 	gtk_xtbin_new 	widget/src/gtkxtbin/gtk2xtbin.c:385
3 	libxul.so 	_getvalue 	modules/plugin/base/src/nsNPAPIPlugin.cpp:1900
4 	nppdf.so 	nppdf.so@0x10999 	
5 	nppdf.so 	nppdf.so@0x3831 	
6 	nppdf.so 	nppdf.so@0x10f55 	
7 	libxul.so 	nsNPAPIPlugin::CreatePlugin(char const*, char const*, PRLibrary*, nsIPlugin**) 	modules/plugin/base/src/nsNPAPIPlugin.cpp:391
8 	libxul.so 	nsPluginHostImpl::GetPluginFactory(char const*, nsIPlugin**) 	modules/plugin/base/src/nsPluginHostImpl.cpp:4403
9 	libxul.so 	nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) 	modules/plugin/base/src/nsPluginHostImpl.cpp:3777
10 	libxul.so 	nsPluginHostImpl::SetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) 	modules/plugin/base/src/nsPluginHostImpl.cpp:3639
11 	libxul.so 	nsPluginHostImpl::InstantiateFullPagePlugin(char const*, nsIURI*, nsIStreamListener*&, nsIPluginInstanceOwner*) 	modules/plugin/base/src/nsPluginHostImpl.cpp:3453
12 	libxul.so 	nsObjectFrame::InstantiatePlugin(nsIPluginHost*, char const*, nsIURI*) 	layout/generic/nsObjectFrame.cpp:896
13 	libxul.so 	nsObjectFrame::Instantiate(char const*, nsIURI*) 	layout/generic/nsObjectFrame.cpp:1808
14 	libxul.so 	nsPluginStreamListener::SetupPlugin() 	content/html/document/src/nsPluginDocument.cpp:154
15 	libxul.so 	nsPluginStreamListener::OnStartRequest(nsIRequest*, nsISupports*) 	content/html/document/src/nsPluginDocument.cpp:112
16 	libxul.so 	nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) 	uriloader/base/nsURILoader.cpp:290
17 	libxul.so 	nsHttpChannel::CallOnStartRequest() 	netwerk/protocol/http/src/nsHttpChannel.cpp:846
18 	libxul.so 	nsHttpChannel::ProcessNormal() 	netwerk/protocol/http/src/nsHttpChannel.cpp:1030
19 	libxul.so 	nsHttpChannel::ProcessResponse() 	netwerk/protocol/http/src/nsHttpChannel.cpp:955
20 	libxul.so 	nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) 	netwerk/protocol/http/src/nsHttpChannel.cpp:4792
21 	libxul.so 	nsInputStreamPump::OnStateStart() 	netwerk/base/src/nsInputStreamPump.cpp:439
22 	libxul.so 	nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) 	netwerk/base/src/nsInputStreamPump.cpp:395
23 	libxul.so 	nsInputStreamReadyEvent::Run() 	xpcom/io/nsStreamUtils.cpp:111
24 	libxul.so 	nsThread::ProcessNextEvent(int, int*) 	xpcom/threads/nsThread.cpp:510
25 	libxul.so 	NS_ProcessNextEvent_P(nsIThread*, int) 	nsThreadUtils.cpp:230
26 	libxul.so 	nsBaseAppShell::Run() 	widget/src/xpwidgets/nsBaseAppShell.cpp:170
27 	libxul.so 	nsAppStartup::Run() 	toolkit/components/startup/src/nsAppStartup.cpp:192
28 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3340
29 	firefox-bin 	main 	browser/app/nsBrowserApp.cpp:156
30 	libc-2.8.90.so 	libc-2.8.90.so@0x16684
Flags: blocking1.9.2?
Does not crash - Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2a1pre) Gecko/20090202 Minefield/3.2a1pre

Crashes - Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2a1pre) Gecko/20090203 Minefield/3.2a1pre

Checkins involved.
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3dfb11111142&tochange=db4d22859940
Bug 474022 and bug 474116 both seem like potential candidates; bug 475811 is a possibility if Adobe was using nsIXULRuntime (but I doubt it). It might be nice to get someone from Adobe to look at this...
Given that it's crashing in GTK code, I doubt bug 475811 is to blame. The GTK symbols bug seems fairly possible, Arpad's patch did touch some code in the last Gecko function on the stack (gtk_xtbin_new):
http://hg.mozilla.org/mozilla-central/annotate/6cfe70091cfc/widget/src/gtkxtbin/gtk2xtbin.c#l385
so we could be passing bogus data to the GTK libs.
Indeed looks like my xtbin changes are the culprit. I'm looking into this.
Attached patch possible fix (obsolete) — Splinter Review 
This may have been caused by wrong parent class initialization.
Unfortonately I can't test this myself as the adobe plugin is not available on x64.
I've pushed it to the tryserver.
Kevin: would you be so kind as to test the patch as soon as the try server builds are there?
Assignee: nobody → arpad.borsos
Status: NEW → ASSIGNED
Still crashes with the tryserver build.
Attached patch backout xtbin changes (obsolete) — Splinter Review 
Karlt just pushed this changeset: http://hg.mozilla.org/mozilla-central/rev/c302c800e6f0
Looks like it may be related to this bug.
If that doesn't fix it either, then lets back out my changes.
Kevin: please test the newest m-c build and check back.
Attachment #371162 - Attachment is obsolete: true
The problem change is here:

http://hg.mozilla.org/mozilla-central/diff/ce7f39495675/modules/plugin/base/src/nsNPAPIPlugin.cpp

GDK_ROOT_WINDOW() returns an XID which is not a GdkWindow*.
gdk_get_default_root_window() is the function to use here.
Blocks: 474116
Thanks a lot for catching this Karl.
Try server build on its way.
Attachment #371205 - Attachment is obsolete: true
Attachment #371221 - Flags: superreview?(roc)
Attachment #371221 - Flags: review?(mozbugz)
Attachment #371221 - Flags: superreview?(roc) → superreview+
Attachment #371221 - Flags: review?(mozbugz) → review+
Adding one more crash signature to bug summary, from a crash on Ubuntu 9.04 (Jaunty) with libgtk2.0-0 package version 2.16.0-1ubuntu2.
Keywords: crash
Summary: Opening any pdf causes crash [@ libgobject-2.0.so.0.1800.2@0xcf0a ] or [@ libgobject-2.0.so.0.1600.6@0xca1a ] → Opening any pdf causes crash [@ libgobject-2.0.so.0.1600.6@0xca1a ] or [@ libgobject-2.0.so.0.1800.2@0xcf0a ] or [@ libgobject-2.0.so.0.2000.0@0xcf4a ]
Comment on attachment 371221 [details] [diff] [review]
fix crash [pushed: comment 13]

http://hg.mozilla.org/mozilla-central/rev/d056669074c7
Attachment #371221 - Attachment description: fix crash → fix crash [pushed: comment 13]
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Verified fixed on Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2a1pre) Gecko/20090407 Minefield/3.6a1pre
Status: RESOLVED → VERIFIED
status1.9.2: --- → beta1-fixed
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P1
Crash Signature: [@ libgobject-2.0.so.0.1600.6@0xca1a ] [@ libgobject-2.0.so.0.1800.2@0xcf0a ] [@ libgobject-2.0.so.0.2000.0@0xcf4a ]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: