Last Comment Bug 499295 - NULL crash [@ nsPluginInstancePeerImpl::GetJSContext]
: NULL crash [@ nsPluginInstancePeerImpl::GetJSContext]
Status: RESOLVED FIXED
: crash
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: x86 Linux
: -- critical (vote)
: mozilla1.9.2a1
Assigned To: timeless
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-19 06:18 PDT by Matěj Cepl
Modified: 2011-06-09 14:58 PDT (History)
8 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.11+
.11-fixed


Attachments
backtrace (14.09 KB, text/plain)
2009-06-19 06:19 PDT, Matěj Cepl
no flags Details
this is the only instance for this class that isn't checked (619 bytes, patch)
2009-06-19 06:50 PDT, timeless
jst: review+
jst: superreview+
mbeltzner: approval1.9.1.11+
Details | Diff | Review

Description Matěj Cepl 2009-06-19 06:18:17 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4
Build Identifier: firefox-3.5-0.20.beta4.fc11.x86_64

(originally filed as https://bugzilla.redhat.com/show_bug.cgi?id=506692)

When I close a tab containing an IBM server remote management applet, firefox
segfaults.

This may be specific to the particular applet as I tested some tests applets at
sun.com and FF did survive..but anyway, it shouldn't crash.

Version packages used:
firefox-3.5-0.20.beta4.fc11.x86_64
xulrunner-1.9.1-0.20.beta4.fc11.x86_64
nspluginwrapper-1.3.0-5.fc11.x86_64
java-1.6.0-openjdk-1.6.0.0-22.b16.fc11.x86_64
java-1.6.0-openjdk-plugin-1.6.0.0-22.b16.fc11.x86_64

Reproducible: Always

Steps to Reproduce:
1. login into the IBM remote server web tool
2. use their applet
3. close the tab with the applet
4. Kaboooom
Actual Results:  
crash

Expected Results:  
no crash
Comment 1 Matěj Cepl 2009-06-19 06:19:45 PDT
Created attachment 384089 [details]
backtrace

> It's here:
> 
> rv = mOwner->GetDocument(getter_AddRefs(document));
> 
> so i suppose the mOwner is null or some bogus value. Reporter, can you attach
> the mOwner value and some extended bactrace with local variables?

The mOwner value indeed is NULL:

---
805   rv = mOwner->GetDocument(getter_AddRefs(document));
(gdb) print mOwner
$1 = (class nsIPluginInstanceOwner *) 0x0
---
Comment 2 timeless 2009-06-19 06:39:39 PDT
1.46 <jst@netscape.com> 2001-05-19 01:31
Fixing xpcdom plugin regression bug 80794, patch by myself and sean@beatnick.com
Comment 3 timeless 2009-06-19 06:50:23 PDT
Created attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked
Comment 4 Phil Ringnalda (:philor) 2009-06-27 19:50:50 PDT
http://hg.mozilla.org/mozilla-central/rev/a4b3c7bb2fb0
Comment 5 Martin Stránský 2010-05-10 00:49:41 PDT
Can we have this fix in 1.9.1? The fix looks safe and users keep reporting this crash on Fedora12/ff 3.5.x.
Comment 6 timeless 2010-05-10 02:14:37 PDT
Comment on attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked

Martin Stránský, please use attachment flags to request approval.
Comment 7 Mike Beltzner [:beltzner, not reading bugmail] 2010-05-21 13:18:06 PDT
Comment on attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked

a=beltzner
Comment 8 :Ehsan Akhgari (out sick) 2010-06-25 14:41:57 PDT
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/56dd021b2283
Comment 9 Tony Chung [:tchung] 2010-07-01 12:26:54 PDT
i tried this with ubuntu within a virtual machine, and cannot reproduce the crash on Fx3.6.7.

can someone with IBM remote server and fedora verify the fix here on Fx3.6.7?  i dont have the environment where the crash is reported.

Note You need to log in before you can comment on or make changes to this bug.