The default bug view has changed. See this FAQ.

NULL crash [@ nsPluginInstancePeerImpl::GetJSContext]

RESOLVED FIXED in mozilla1.9.2a1

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: Matěj Cepl, Assigned: timeless)

Tracking

({crash})

Trunk
mozilla1.9.2a1
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(blocking1.9.1 .11+, status1.9.1 .11-fixed)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.9.1b4) Gecko/20090427 Fedora/3.5-0.20.beta4.fc11 Firefox/3.5b4
Build Identifier: firefox-3.5-0.20.beta4.fc11.x86_64

(originally filed as https://bugzilla.redhat.com/show_bug.cgi?id=506692)

When I close a tab containing an IBM server remote management applet, firefox
segfaults.

This may be specific to the particular applet as I tested some tests applets at
sun.com and FF did survive..but anyway, it shouldn't crash.

Version packages used:
firefox-3.5-0.20.beta4.fc11.x86_64
xulrunner-1.9.1-0.20.beta4.fc11.x86_64
nspluginwrapper-1.3.0-5.fc11.x86_64
java-1.6.0-openjdk-1.6.0.0-22.b16.fc11.x86_64
java-1.6.0-openjdk-plugin-1.6.0.0-22.b16.fc11.x86_64

Reproducible: Always

Steps to Reproduce:
1. login into the IBM remote server web tool
2. use their applet
3. close the tab with the applet
4. Kaboooom
Actual Results:  
crash

Expected Results:  
no crash
(Reporter)

Comment 1

8 years ago
Created attachment 384089 [details]
backtrace

> It's here:
> 
> rv = mOwner->GetDocument(getter_AddRefs(document));
> 
> so i suppose the mOwner is null or some bogus value. Reporter, can you attach
> the mOwner value and some extended bactrace with local variables?

The mOwner value indeed is NULL:

---
805   rv = mOwner->GetDocument(getter_AddRefs(document));
(gdb) print mOwner
$1 = (class nsIPluginInstanceOwner *) 0x0
---

Updated

8 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Crash when closing tab with Java remote management applet → NULL crash [@ nsPluginInstancePeerImpl::GetJSContext]
Version: unspecified → 3.5 Branch
(Assignee)

Comment 2

8 years ago
1.46 <jst@netscape.com> 2001-05-19 01:31
Fixing xpcdom plugin regression bug 80794, patch by myself and sean@beatnick.com
Component: General → Plug-ins
Keywords: crash
Product: Firefox → Core
QA Contact: general → plugins
Version: 3.5 Branch → Trunk
(Assignee)

Comment 3

8 years ago
Created attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked
Attachment #384092 - Flags: superreview?(jst)
Attachment #384092 - Flags: review?(jst)
(Assignee)

Updated

8 years ago
Assignee: nobody → timeless
Severity: normal → critical
Status: NEW → ASSIGNED

Updated

8 years ago
Attachment #384092 - Flags: superreview?(jst)
Attachment #384092 - Flags: superreview+
Attachment #384092 - Flags: review?(jst)
Attachment #384092 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/a4b3c7bb2fb0
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1

Comment 5

7 years ago
Can we have this fix in 1.9.1? The fix looks safe and users keep reporting this crash on Fedora12/ff 3.5.x.
blocking1.9.1: --- → ?
(Assignee)

Comment 6

7 years ago
Comment on attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked

Martin Stránský, please use attachment flags to request approval.
Attachment #384092 - Flags: approval1.9.1.10?

Updated

7 years ago
blocking1.9.1: ? → .11+
status1.9.1: --- → wanted
Comment on attachment 384092 [details] [diff] [review]
this is the only instance for this class that isn't checked

a=beltzner
Attachment #384092 - Flags: approval1.9.1.10? → approval1.9.1.11+
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/56dd021b2283
status1.9.1: wanted → .11-fixed

Comment 9

7 years ago
i tried this with ubuntu within a virtual machine, and cannot reproduce the crash on Fx3.6.7.

can someone with IBM remote server and fedora verify the fix here on Fx3.6.7?  i dont have the environment where the crash is reported.
Crash Signature: [@ nsPluginInstancePeerImpl::GetJSContext]
You need to log in before you can comment on or make changes to this bug.