Closed
Bug 500777
Opened 14 years ago
Closed 14 years ago
Crash in [@ nsMimeTypeArray::GetMimeTypes() ] while logging into QMO
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.2a1
Tracking | Status | |
---|---|---|
status1.9.1 | --- | .8-fixed |
People
(Reporter: marcia, Assigned: Natch)
Details
(Keywords: crash, fixed1.9.0.18, Whiteboard: [sg:dos])
Crash Data
Attachments
(3 files, 2 obsolete files)
1.10 KB,
patch
|
smaug
:
review+
smaug
:
superreview+
|
Details | Diff | Splinter Review |
1.12 KB,
patch
|
dveditz
:
approval1.9.1.8+
|
Details | Diff | Splinter Review |
1.30 KB,
patch
|
dveditz
:
approval1.9.0.18+
|
Details | Diff | Splinter Review |
Seen while running Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729) STR: 1. I had several tabs open, went back to QMO to login. As soon as I tried to type in the login field the browser crashed. This is a fairly clean profile with no extensions. Breakpad:http://crash-stats.mozilla.com/report/index/426e0e7c-3f2e-4f56-9750-585842090626
Reporter | ||
Comment 1•14 years ago
|
||
Have not yet been able to reproduce but working on it.
Severity: normal → major
Keywords: crash
Reporter | ||
Updated•14 years ago
|
OS: Windows NT → Windows 7
Comment 2•14 years ago
|
||
Marcia, I wonder if it is somehow related to the word/excel problem you reported lately against the application helper dialog.
Severity: major → critical
Reporter | ||
Comment 3•14 years ago
|
||
The Win 7 machine in the lab does not have any of the MS products installed. The word/excel issue I reported was on a Mac machine. Also in this instance there was no file handler being called I was simply typing something in a login field. (In reply to comment #2) > Marcia, I wonder if it is somehow related to the word/excel problem you > reported lately against the application helper dialog.
Comment 4•14 years ago
|
||
That's right, thanks for clarification. So lets hope you will find it again. Given the crash report we crash while accessing plugin->GetLength(). 256 nsIDOMPlugin* plugin = nsnull; 257 if (pluginArray->Item(k, &plugin) == NS_OK) { 258 PRUint32 mimeTypeCount = 0; 259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) { 260 nsCOMPtr<nsIDOMMimeType> item; Can pluginArray->Item return a non-modified parameter so we are accessing a null pointer? http://mxr.mozilla.org/mozilla1.9.1/source/dom/src/base/nsPluginArray.cpp#108 Marcia, was it the front page on QMO or another sub page? Can you remember?
Component: General → DOM
Product: Firefox → Core
QA Contact: general → general
Version: 3.5 Branch → Trunk
Reporter | ||
Comment 5•14 years ago
|
||
Yes I was on the front page of QMO logging in at the top of the page.
Reporter | ||
Comment 7•14 years ago
|
||
Installed plugins Find more information about browser plugins at mozilla.org. Help for installing plugins is available from plugindoc.mozdev.org. Java Deployment Toolkit 6.0.140.8 File name: npdeploytk.dll NPRuntime Script Plug-in Library for Java(TM) Deploy MIME Type Description Suffixes Enabled application/npruntime-scriptable-plugin;DeploymentToolkit Yes Mozilla Default Plug-in File name: npnul32.dll Default Plug-in MIME Type Description Suffixes Enabled * Mozilla Default Plug-in * No Google Update File name: npGoogleOneClick8.dll Google Update MIME Type Description Suffixes Enabled application/x-vnd.google.oneclickctrl.8 Yes Shockwave Flash File name: NPSWF32.dll Shockwave Flash 10.0 r22 MIME Type Description Suffixes Enabled application/x-shockwave-flash Adobe Flash movie swf Yes application/futuresplash FutureSplash movie spl Yes Windows Presentation Foundation File name: NPWPF.dll Windows Presentation Foundation (WPF) plug-in for Mozilla browsers MIME Type Description Suffixes Enabled application/x-ms-xbap XAML Browser Application xbap Yes application/xaml+xml XAML Document xaml Yes Java(TM) Platform SE 6 U14 File name: npjp2.dll Next Generation Java Plug-in 1.6.0_14 for Mozilla browsers MIME Type Description Suffixes Enabled application/x-java-applet Java Applet Yes application/x-java-bean JavaBeans Yes application/x-java-vm Yes application/x-java-applet;version=1.1.1 Yes application/x-java-bean;version=1.1.1 Yes application/x-java-applet;version=1.1 Yes application/x-java-bean;version=1.1 Yes application/x-java-applet;version=1.2 Yes application/x-java-bean;version=1.2 Yes application/x-java-applet;version=1.1.3 Yes application/x-java-bean;version=1.1.3 Yes application/x-java-applet;version=1.1.2 Yes application/x-java-bean;version=1.1.2 Yes application/x-java-applet;version=1.3 Yes application/x-java-bean;version=1.3 Yes application/x-java-applet;version=1.2.2 Yes application/x-java-bean;version=1.2.2 Yes application/x-java-applet;version=1.2.1 Yes application/x-java-bean;version=1.2.1 Yes application/x-java-applet;version=1.3.1 Yes application/x-java-bean;version=1.3.1 Yes application/x-java-applet;version=1.4 Yes application/x-java-bean;version=1.4 Yes application/x-java-applet;version=1.4.1 Yes application/x-java-bean;version=1.4.1 Yes application/x-java-applet;version=1.4.2 Yes application/x-java-bean;version=1.4.2 Yes application/x-java-applet;version=1.5 Yes application/x-java-bean;version=1.5 Yes application/x-java-applet;version=1.6 Yes application/x-java-bean;version=1.6 Yes application/x-java-applet;jpi-version=1.6.0_14 Yes application/x-java-bean;jpi-version=1.6.0_14 Yes
Reporter | ||
Comment 8•14 years ago
|
||
After reviewing the crash data and seeing that "Cooliris" was mentioned twice in the user comments, I went back in and installed it and crashed in this stack. Breakpad is here: http://crash-stats.mozilla.com/report/index/2fde3c68-528e-4bbe-9a5a-9d2ad2090702 Here is my config on this machine - I have several other addons as well: User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 Build ID: 20090624012136 Enabled Extensions: [11] - Adblock Plus 1.0.2: http://adblockplus.org/ - Cooliris 1.11: http://www.cooliris.com/ - Crash Me Now! Advanced 0.2: http://ted.mielczarek.org/code/mozilla/ - Custom Buttons² 3.0.1: http://custombuttons2.com/ - Firebug 1.4.0b3: http://www.google.com/search?q=Firefox%20Firebug - Firecookie 0.8: http://www.janodvarko.cz/firecookie - FireFTP 1.0.5: http://fireftp.mozdev.org - FirePHP 0.3.1: http://www.firephp.org/ - FlashGot 1.1.9.6: http://flashgot.net - MR Tech Toolkit 6.0.3.4: http://www.mrtech.com/extensions/ - Status-bar Scientific Calculator 4.5: http://www.cse.iitb.ac.in/~sunnygoyal/statusscicalc.html Disabled Extensions: [1] - Google Desktop Search 1.1: http://desktop.google.com/ Total Extensions: 12 Installed Themes: [2] - Chromifox Basic 1.1: http://42st.org/falconer/chromifox/ - Default: http://www.mozilla.org/ Installed Plugins: (12) - Cooliris embbedded in a tab - Coupons Inc. Plugin - Default Plugin - Flip4Mac Windows Media Plugin 2.2.1 - Java Embedding Plugin 0.9.7.1 - MoveNetworks Quantum Media Player - QuickTime Plug-in 7.6.2 - Shockwave Flash - Shockwave for Director - Silverlight Plug-In - Viewpoint Media Player (WPN) - WARP Video Player
OS: Windows 7 → All
Hardware: x86 → All
Comment 9•14 years ago
|
||
Marcia, does it also crash with all the other add-ons disabled? Can you reproduce it with a new profile? WFM here with latest CoolIris add-on installed.
Reporter | ||
Comment 10•14 years ago
|
||
Have not yet been able to reproduce the crash, but it was interesting that it crashed once I installed Cooliris. Perhaps an interaction between Cooliris and one of the other extensions? Need to review the crash data once again and look for some clues in the comments.
Reporter | ||
Comment 11•14 years ago
|
||
Two of the latest comments in the crash status reference picasa, one mentions picasa download.
Comment 12•14 years ago
|
||
(In reply to comment #4) > That's right, thanks for clarification. So lets hope you will find it again. > > Given the crash report we crash while accessing plugin->GetLength(). > > 256 nsIDOMPlugin* plugin = nsnull; > 257 if (pluginArray->Item(k, &plugin) == NS_OK) { > 258 PRUint32 mimeTypeCount = 0; > 259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) { > 260 nsCOMPtr<nsIDOMMimeType> item; > > Can pluginArray->Item return a non-modified parameter so we are accessing a > null pointer? There seems to be many cases when Item() returns NS_OK but a null plugin. Whimboo, want to provide a patch for the null check? I could review. Note, the code does null check in the previous loop just few lines above.
Comment 13•14 years ago
|
||
Olli, I would leave it up to the devs. I can investigate some issues but supplying a real fix isn't easy all the time. Especially in areas you don't have any knowledge.
Assignee | ||
Comment 14•14 years ago
|
||
Attachment #387028 -
Flags: review?(Olli.Pettay)
Assignee | ||
Updated•14 years ago
|
Attachment #387028 -
Attachment description: null check → null check [branch patch]
Comment 15•14 years ago
|
||
Comment on attachment 387028 [details] [diff] [review] null check [branch patch] While you're here, could you make plugin to be nsCOMPtr and change == NS_OK check to be NS_SUCCEEDED
Comment 16•14 years ago
|
||
Something very similar was done for the loop above http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=mozilla/dom/src/base&command=DIFF_FRAMESET&file=nsMimeTypeArray.cpp&rev2=1.26&rev1=1.25
Assignee | ||
Comment 17•14 years ago
|
||
Sure. I guess I'll upload a branch patch again if this is ever wanted there.
Attachment #387028 -
Attachment is obsolete: true
Attachment #387030 -
Flags: review?(Olli.Pettay)
Attachment #387028 -
Flags: review?(Olli.Pettay)
Assignee | ||
Comment 18•14 years ago
|
||
Sorry, uploaded the same thing :( Here's the real one.
Attachment #387030 -
Attachment is obsolete: true
Attachment #387032 -
Flags: review?(Olli.Pettay)
Attachment #387030 -
Flags: review?(Olli.Pettay)
Updated•14 years ago
|
Attachment #387032 -
Flags: superreview+
Attachment #387032 -
Flags: review?(Olli.Pettay)
Attachment #387032 -
Flags: review+
Assignee | ||
Comment 19•14 years ago
|
||
If there's anyway to create a crash-test for this, lemme know. I can't reproduce the crash (I don't login to QMO), so if there's some sort of testcase I'll happily include it in the patch.
Keywords: checkin-needed
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → highmind63
Status: NEW → ASSIGNED
Reporter | ||
Comment 20•14 years ago
|
||
Unfortunately I have only crashed twice and have not been able to reproduce the crash, but will let you know if I am able to. (In reply to comment #19) > If there's anyway to create a crash-test for this, lemme know. I can't > reproduce the crash (I don't login to QMO), so if there's some sort of testcase > I'll happily include it in the patch.
Comment 21•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/248555b52b97
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Version: Trunk → 1.9.1 Branch
Comment 22•14 years ago
|
||
Hm. I just crashed with a very similar stack on 1.9.0. bp-8fdf5a12-aa4e-44dd-b8cd-6ba752091114 I guess we didn't fix it there, did we? Oh well...
Updated•14 years ago
|
Whiteboard: [sg:dos]
(In reply to comment #22) > I guess we didn't fix it there, did we? Oh well... Or 1.9.1, where the crash was actually seen in the wild originally.
Assignee | ||
Comment 24•14 years ago
|
||
I don't mind taking this to 1.9.1/1.9.0 if it's wanted...
status1.9.1:
--- → ?
Flags: wanted1.9.0.x?
Comment 25•14 years ago
|
||
If it's just a null check, I'd say yes, but let me check with Dan first.
Updated•14 years ago
|
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Comment 26•14 years ago
|
||
Wanted! Let's get this fixed. Note that there have been 767 crashes in the last week with this signature in Firefox 3.5.5.
Assignee | ||
Comment 27•14 years ago
|
||
Patch for 1.9.1. 1.9.0 coming up if this doesn't apply (I don't have a local tree to check on).
Attachment #412875 -
Flags: approval1.9.1.6?
Assignee | ||
Comment 28•14 years ago
|
||
This is already fixed on 1.9.0! Not sure who re-regressed it, but see: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla%2Fdom%2Fsrc%2Fbase%2FnsMimeTypeArray.cpp&rev=&cvsroot=%2Fcvsroot It was fixed originally by bug 308778. Are there any crash stacks on 1.9.0 with this?
Flags: wanted1.9.0.x+ → wanted1.9.0.x?
Comment 29•14 years ago
|
||
See comment 22.
Assignee | ||
Comment 30•14 years ago
|
||
I must be crazy, it obviously does exist, the loop right above it was fixed, not the one below... Patch for 1.9.0 in the morning hopefully. I guess wanted-1.9.0.x+ again...
Updated•14 years ago
|
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Assignee | ||
Comment 31•14 years ago
|
||
Patch for cvs 1.9.0 branch.
Attachment #413072 -
Flags: approval1.9.0.16?
Updated•14 years ago
|
Keywords: testcase-wanted
Updated•14 years ago
|
Attachment #412875 -
Flags: approval1.9.1.6? → approval1.9.1.7?
Comment 32•14 years ago
|
||
Comment on attachment 413072 [details] [diff] [review] 1.9.0 patch Pushing these noms out.
Attachment #413072 -
Flags: approval1.9.0.16? → approval1.9.0.17?
Comment 33•14 years ago
|
||
CC'ing Aakash and Carsten, who could eventually have an idea for a testcase.
Comment 34•14 years ago
|
||
Comment on attachment 412875 [details] [diff] [review] 191 patch Approved for 1.9.1.7 and 1.9.0.17, a=dveditz for release-drivers
Attachment #412875 -
Flags: approval1.9.1.7? → approval1.9.1.7+
Updated•14 years ago
|
Attachment #413072 -
Flags: approval1.9.0.17? → approval1.9.0.17+
Assignee | ||
Updated•14 years ago
|
Keywords: checkin-needed
Whiteboard: [sg:dos] → [sg:dos] [c-n: 1.9.0 and 1.9.1]
Assignee | ||
Comment 35•14 years ago
|
||
Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2 Still need someone to push to 1.9.0...
Whiteboard: [sg:dos] [c-n: 1.9.0 and 1.9.1] → [sg:dos] [c-n: 1.9.0]
Comment 36•14 years ago
|
||
(In reply to comment #35) > Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2 > > Still need someone to push to 1.9.0... Dan, this still needs to get pushed to 1.9.0...
Comment 37•14 years ago
|
||
Checking in nsMimeTypeArray.cpp; /cvsroot/mozilla/dom/src/base/nsMimeTypeArray.cpp,v <-- nsMimeTypeArray.cpp new revision: 1.29; previous revision: 1.28
Keywords: fixed1.9.0.18
Updated•14 years ago
|
Whiteboard: [sg:dos] [c-n: 1.9.0] → [sg:dos]
Updated•14 years ago
|
Keywords: checkin-needed
Updated•13 years ago
|
Crash Signature: [@ nsMimeTypeArray::GetMimeTypes() ]
Updated•8 years ago
|
Keywords: testcase-wanted
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•