Closed Bug 500777 Opened 16 years ago Closed 16 years ago

Crash in [@ nsMimeTypeArray::GetMimeTypes() ] while logging into QMO

Categories

(Core :: DOM: Core & HTML, defect)

1.9.1 Branch
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla1.9.2a1
Tracking Status
status1.9.1 --- .8-fixed

People

(Reporter: marcia, Assigned: Natch)

Details

(Keywords: crash, fixed1.9.0.18, Whiteboard: [sg:dos])

Crash Data

Attachments

(3 files, 2 obsolete files)

Seen while running Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) STR: 1. I had several tabs open, went back to QMO to login. As soon as I tried to type in the login field the browser crashed. This is a fairly clean profile with no extensions. Breakpad:http://crash-stats.mozilla.com/report/index/426e0e7c-3f2e-4f56-9750-585842090626
Have not yet been able to reproduce but working on it.
Severity: normal → major
Keywords: crash
OS: Windows NT → Windows 7
Marcia, I wonder if it is somehow related to the word/excel problem you reported lately against the application helper dialog.
Severity: major → critical
The Win 7 machine in the lab does not have any of the MS products installed. The word/excel issue I reported was on a Mac machine. Also in this instance there was no file handler being called I was simply typing something in a login field. (In reply to comment #2) > Marcia, I wonder if it is somehow related to the word/excel problem you > reported lately against the application helper dialog.
That's right, thanks for clarification. So lets hope you will find it again. Given the crash report we crash while accessing plugin->GetLength(). 256 nsIDOMPlugin* plugin = nsnull; 257 if (pluginArray->Item(k, &plugin) == NS_OK) { 258 PRUint32 mimeTypeCount = 0; 259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) { 260 nsCOMPtr<nsIDOMMimeType> item; Can pluginArray->Item return a non-modified parameter so we are accessing a null pointer? http://mxr.mozilla.org/mozilla1.9.1/source/dom/src/base/nsPluginArray.cpp#108 Marcia, was it the front page on QMO or another sub page? Can you remember?
Component: General → DOM
Product: Firefox → Core
QA Contact: general → general
Version: 3.5 Branch → Trunk
Yes I was on the front page of QMO logging in at the top of the page.
marcia: can you paste about:plugins here?
Installed plugins Find more information about browser plugins at mozilla.org. Help for installing plugins is available from plugindoc.mozdev.org. Java Deployment Toolkit 6.0.140.8 File name: npdeploytk.dll NPRuntime Script Plug-in Library for Java(TM) Deploy MIME Type Description Suffixes Enabled application/npruntime-scriptable-plugin;DeploymentToolkit Yes Mozilla Default Plug-in File name: npnul32.dll Default Plug-in MIME Type Description Suffixes Enabled * Mozilla Default Plug-in * No Google Update File name: npGoogleOneClick8.dll Google Update MIME Type Description Suffixes Enabled application/x-vnd.google.oneclickctrl.8 Yes Shockwave Flash File name: NPSWF32.dll Shockwave Flash 10.0 r22 MIME Type Description Suffixes Enabled application/x-shockwave-flash Adobe Flash movie swf Yes application/futuresplash FutureSplash movie spl Yes Windows Presentation Foundation File name: NPWPF.dll Windows Presentation Foundation (WPF) plug-in for Mozilla browsers MIME Type Description Suffixes Enabled application/x-ms-xbap XAML Browser Application xbap Yes application/xaml+xml XAML Document xaml Yes Java(TM) Platform SE 6 U14 File name: npjp2.dll Next Generation Java Plug-in 1.6.0_14 for Mozilla browsers MIME Type Description Suffixes Enabled application/x-java-applet Java Applet Yes application/x-java-bean JavaBeans Yes application/x-java-vm Yes application/x-java-applet;version=1.1.1 Yes application/x-java-bean;version=1.1.1 Yes application/x-java-applet;version=1.1 Yes application/x-java-bean;version=1.1 Yes application/x-java-applet;version=1.2 Yes application/x-java-bean;version=1.2 Yes application/x-java-applet;version=1.1.3 Yes application/x-java-bean;version=1.1.3 Yes application/x-java-applet;version=1.1.2 Yes application/x-java-bean;version=1.1.2 Yes application/x-java-applet;version=1.3 Yes application/x-java-bean;version=1.3 Yes application/x-java-applet;version=1.2.2 Yes application/x-java-bean;version=1.2.2 Yes application/x-java-applet;version=1.2.1 Yes application/x-java-bean;version=1.2.1 Yes application/x-java-applet;version=1.3.1 Yes application/x-java-bean;version=1.3.1 Yes application/x-java-applet;version=1.4 Yes application/x-java-bean;version=1.4 Yes application/x-java-applet;version=1.4.1 Yes application/x-java-bean;version=1.4.1 Yes application/x-java-applet;version=1.4.2 Yes application/x-java-bean;version=1.4.2 Yes application/x-java-applet;version=1.5 Yes application/x-java-bean;version=1.5 Yes application/x-java-applet;version=1.6 Yes application/x-java-bean;version=1.6 Yes application/x-java-applet;jpi-version=1.6.0_14 Yes application/x-java-bean;jpi-version=1.6.0_14 Yes
After reviewing the crash data and seeing that "Cooliris" was mentioned twice in the user comments, I went back in and installed it and crashed in this stack. Breakpad is here: http://crash-stats.mozilla.com/report/index/2fde3c68-528e-4bbe-9a5a-9d2ad2090702 Here is my config on this machine - I have several other addons as well: User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 Build ID: 20090624012136 Enabled Extensions: [11] - Adblock Plus 1.0.2: http://adblockplus.org/ - Cooliris 1.11: http://www.cooliris.com/ - Crash Me Now! Advanced 0.2: http://ted.mielczarek.org/code/mozilla/ - Custom Buttons² 3.0.1: http://custombuttons2.com/ - Firebug 1.4.0b3: http://www.google.com/search?q=Firefox%20Firebug - Firecookie 0.8: http://www.janodvarko.cz/firecookie - FireFTP 1.0.5: http://fireftp.mozdev.org - FirePHP 0.3.1: http://www.firephp.org/ - FlashGot 1.1.9.6: http://flashgot.net - MR Tech Toolkit 6.0.3.4: http://www.mrtech.com/extensions/ - Status-bar Scientific Calculator 4.5: http://www.cse.iitb.ac.in/~sunnygoyal/statusscicalc.html Disabled Extensions: [1] - Google Desktop Search 1.1: http://desktop.google.com/ Total Extensions: 12 Installed Themes: [2] - Chromifox Basic 1.1: http://42st.org/falconer/chromifox/ - Default: http://www.mozilla.org/ Installed Plugins: (12) - Cooliris embbedded in a tab - Coupons Inc. Plugin - Default Plugin - Flip4Mac Windows Media Plugin 2.2.1 - Java Embedding Plugin 0.9.7.1 - MoveNetworks Quantum Media Player - QuickTime Plug-in 7.6.2 - Shockwave Flash - Shockwave for Director - Silverlight Plug-In - Viewpoint Media Player (WPN) - WARP Video Player
OS: Windows 7 → All
Hardware: x86 → All
Marcia, does it also crash with all the other add-ons disabled? Can you reproduce it with a new profile? WFM here with latest CoolIris add-on installed.
Have not yet been able to reproduce the crash, but it was interesting that it crashed once I installed Cooliris. Perhaps an interaction between Cooliris and one of the other extensions? Need to review the crash data once again and look for some clues in the comments.
Two of the latest comments in the crash status reference picasa, one mentions picasa download.
(In reply to comment #4) > That's right, thanks for clarification. So lets hope you will find it again. > > Given the crash report we crash while accessing plugin->GetLength(). > > 256 nsIDOMPlugin* plugin = nsnull; > 257 if (pluginArray->Item(k, &plugin) == NS_OK) { > 258 PRUint32 mimeTypeCount = 0; > 259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) { > 260 nsCOMPtr<nsIDOMMimeType> item; > > Can pluginArray->Item return a non-modified parameter so we are accessing a > null pointer? There seems to be many cases when Item() returns NS_OK but a null plugin. Whimboo, want to provide a patch for the null check? I could review. Note, the code does null check in the previous loop just few lines above.
Olli, I would leave it up to the devs. I can investigate some issues but supplying a real fix isn't easy all the time. Especially in areas you don't have any knowledge.
Attached patch null check [branch patch] (obsolete) — Splinter Review
Attachment #387028 - Flags: review?(Olli.Pettay)
Attachment #387028 - Attachment description: null check → null check [branch patch]
Comment on attachment 387028 [details] [diff] [review] null check [branch patch] While you're here, could you make plugin to be nsCOMPtr and change == NS_OK check to be NS_SUCCEEDED
Attached patch null check [trunk patch] (obsolete) — Splinter Review
Sure. I guess I'll upload a branch patch again if this is ever wanted there.
Attachment #387028 - Attachment is obsolete: true
Attachment #387030 - Flags: review?(Olli.Pettay)
Attachment #387028 - Flags: review?(Olli.Pettay)
Sorry, uploaded the same thing :( Here's the real one.
Attachment #387030 - Attachment is obsolete: true
Attachment #387032 - Flags: review?(Olli.Pettay)
Attachment #387030 - Flags: review?(Olli.Pettay)
Attachment #387032 - Flags: superreview+
Attachment #387032 - Flags: review?(Olli.Pettay)
Attachment #387032 - Flags: review+
If there's anyway to create a crash-test for this, lemme know. I can't reproduce the crash (I don't login to QMO), so if there's some sort of testcase I'll happily include it in the patch.
Keywords: checkin-needed
Assignee: nobody → highmind63
Status: NEW → ASSIGNED
Unfortunately I have only crashed twice and have not been able to reproduce the crash, but will let you know if I am able to. (In reply to comment #19) > If there's anyway to create a crash-test for this, lemme know. I can't > reproduce the crash (I don't login to QMO), so if there's some sort of testcase > I'll happily include it in the patch.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Version: Trunk → 1.9.1 Branch
Hm. I just crashed with a very similar stack on 1.9.0. bp-8fdf5a12-aa4e-44dd-b8cd-6ba752091114 I guess we didn't fix it there, did we? Oh well...
Whiteboard: [sg:dos]
(In reply to comment #22) > I guess we didn't fix it there, did we? Oh well... Or 1.9.1, where the crash was actually seen in the wild originally.
I don't mind taking this to 1.9.1/1.9.0 if it's wanted...
status1.9.1: --- → ?
Flags: wanted1.9.0.x?
If it's just a null check, I'd say yes, but let me check with Dan first.
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Wanted! Let's get this fixed. Note that there have been 767 crashes in the last week with this signature in Firefox 3.5.5.
Attached patch 191 patchSplinter Review
Patch for 1.9.1. 1.9.0 coming up if this doesn't apply (I don't have a local tree to check on).
Attachment #412875 - Flags: approval1.9.1.6?
This is already fixed on 1.9.0! Not sure who re-regressed it, but see: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla%2Fdom%2Fsrc%2Fbase%2FnsMimeTypeArray.cpp&rev=&cvsroot=%2Fcvsroot It was fixed originally by bug 308778. Are there any crash stacks on 1.9.0 with this?
Flags: wanted1.9.0.x+ → wanted1.9.0.x?
I must be crazy, it obviously does exist, the loop right above it was fixed, not the one below... Patch for 1.9.0 in the morning hopefully. I guess wanted-1.9.0.x+ again...
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Attached patch 1.9.0 patchSplinter Review
Patch for cvs 1.9.0 branch.
Attachment #413072 - Flags: approval1.9.0.16?
Attachment #412875 - Flags: approval1.9.1.6? → approval1.9.1.7?
Comment on attachment 413072 [details] [diff] [review] 1.9.0 patch Pushing these noms out.
Attachment #413072 - Flags: approval1.9.0.16? → approval1.9.0.17?
CC'ing Aakash and Carsten, who could eventually have an idea for a testcase.
Comment on attachment 412875 [details] [diff] [review] 191 patch Approved for 1.9.1.7 and 1.9.0.17, a=dveditz for release-drivers
Attachment #412875 - Flags: approval1.9.1.7? → approval1.9.1.7+
Attachment #413072 - Flags: approval1.9.0.17? → approval1.9.0.17+
Keywords: checkin-needed
Whiteboard: [sg:dos] → [sg:dos] [c-n: 1.9.0 and 1.9.1]
Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2 Still need someone to push to 1.9.0...
Whiteboard: [sg:dos] [c-n: 1.9.0 and 1.9.1] → [sg:dos] [c-n: 1.9.0]
(In reply to comment #35) > Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2 > > Still need someone to push to 1.9.0... Dan, this still needs to get pushed to 1.9.0...
Checking in nsMimeTypeArray.cpp; /cvsroot/mozilla/dom/src/base/nsMimeTypeArray.cpp,v <-- nsMimeTypeArray.cpp new revision: 1.29; previous revision: 1.28
Keywords: fixed1.9.0.18
Whiteboard: [sg:dos] [c-n: 1.9.0] → [sg:dos]
Keywords: checkin-needed
Crash Signature: [@ nsMimeTypeArray::GetMimeTypes() ]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: