Closed
Bug 500777
Opened 16 years ago
Closed 16 years ago
Crash in [@ nsMimeTypeArray::GetMimeTypes() ] while logging into QMO
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.2a1
Tracking | Status | |
---|---|---|
status1.9.1 | --- | .8-fixed |
People
(Reporter: marcia, Assigned: Natch)
Details
(Keywords: crash, fixed1.9.0.18, Whiteboard: [sg:dos])
Crash Data
Attachments
(3 files, 2 obsolete files)
1.10 KB,
patch
|
smaug
:
review+
smaug
:
superreview+
|
Details | Diff | Splinter Review |
1.12 KB,
patch
|
dveditz
:
approval1.9.1.8+
|
Details | Diff | Splinter Review |
1.30 KB,
patch
|
dveditz
:
approval1.9.0.18+
|
Details | Diff | Splinter Review |
Seen while running Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
STR:
1. I had several tabs open, went back to QMO to login. As soon as I tried to type in the login field the browser crashed.
This is a fairly clean profile with no extensions. Breakpad:http://crash-stats.mozilla.com/report/index/426e0e7c-3f2e-4f56-9750-585842090626
Reporter | ||
Comment 1•16 years ago
|
||
Have not yet been able to reproduce but working on it.
Severity: normal → major
Keywords: crash
Reporter | ||
Updated•16 years ago
|
OS: Windows NT → Windows 7
Comment 2•16 years ago
|
||
Marcia, I wonder if it is somehow related to the word/excel problem you reported lately against the application helper dialog.
Severity: major → critical
Reporter | ||
Comment 3•16 years ago
|
||
The Win 7 machine in the lab does not have any of the MS products installed. The word/excel issue I reported was on a Mac machine. Also in this instance there was no file handler being called I was simply typing something in a login field.
(In reply to comment #2)
> Marcia, I wonder if it is somehow related to the word/excel problem you
> reported lately against the application helper dialog.
Comment 4•16 years ago
|
||
That's right, thanks for clarification. So lets hope you will find it again.
Given the crash report we crash while accessing plugin->GetLength().
256 nsIDOMPlugin* plugin = nsnull;
257 if (pluginArray->Item(k, &plugin) == NS_OK) {
258 PRUint32 mimeTypeCount = 0;
259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) {
260 nsCOMPtr<nsIDOMMimeType> item;
Can pluginArray->Item return a non-modified parameter so we are accessing a null pointer?
http://mxr.mozilla.org/mozilla1.9.1/source/dom/src/base/nsPluginArray.cpp#108
Marcia, was it the front page on QMO or another sub page? Can you remember?
Component: General → DOM
Product: Firefox → Core
QA Contact: general → general
Version: 3.5 Branch → Trunk
Reporter | ||
Comment 5•16 years ago
|
||
Yes I was on the front page of QMO logging in at the top of the page.
Reporter | ||
Comment 7•16 years ago
|
||
Installed plugins
Find more information about browser plugins at mozilla.org.
Help for installing plugins is available from plugindoc.mozdev.org.
Java Deployment Toolkit 6.0.140.8
File name: npdeploytk.dll
NPRuntime Script Plug-in Library for Java(TM) Deploy
MIME Type Description Suffixes Enabled
application/npruntime-scriptable-plugin;DeploymentToolkit Yes
Mozilla Default Plug-in
File name: npnul32.dll
Default Plug-in
MIME Type Description Suffixes Enabled
* Mozilla Default Plug-in * No
Google Update
File name: npGoogleOneClick8.dll
Google Update
MIME Type Description Suffixes Enabled
application/x-vnd.google.oneclickctrl.8 Yes
Shockwave Flash
File name: NPSWF32.dll
Shockwave Flash 10.0 r22
MIME Type Description Suffixes Enabled
application/x-shockwave-flash Adobe Flash movie swf Yes
application/futuresplash FutureSplash movie spl Yes
Windows Presentation Foundation
File name: NPWPF.dll
Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
MIME Type Description Suffixes Enabled
application/x-ms-xbap XAML Browser Application xbap Yes
application/xaml+xml XAML Document xaml Yes
Java(TM) Platform SE 6 U14
File name: npjp2.dll
Next Generation Java Plug-in 1.6.0_14 for Mozilla browsers
MIME Type Description Suffixes Enabled
application/x-java-applet Java Applet Yes
application/x-java-bean JavaBeans Yes
application/x-java-vm Yes
application/x-java-applet;version=1.1.1 Yes
application/x-java-bean;version=1.1.1 Yes
application/x-java-applet;version=1.1 Yes
application/x-java-bean;version=1.1 Yes
application/x-java-applet;version=1.2 Yes
application/x-java-bean;version=1.2 Yes
application/x-java-applet;version=1.1.3 Yes
application/x-java-bean;version=1.1.3 Yes
application/x-java-applet;version=1.1.2 Yes
application/x-java-bean;version=1.1.2 Yes
application/x-java-applet;version=1.3 Yes
application/x-java-bean;version=1.3 Yes
application/x-java-applet;version=1.2.2 Yes
application/x-java-bean;version=1.2.2 Yes
application/x-java-applet;version=1.2.1 Yes
application/x-java-bean;version=1.2.1 Yes
application/x-java-applet;version=1.3.1 Yes
application/x-java-bean;version=1.3.1 Yes
application/x-java-applet;version=1.4 Yes
application/x-java-bean;version=1.4 Yes
application/x-java-applet;version=1.4.1 Yes
application/x-java-bean;version=1.4.1 Yes
application/x-java-applet;version=1.4.2 Yes
application/x-java-bean;version=1.4.2 Yes
application/x-java-applet;version=1.5 Yes
application/x-java-bean;version=1.5 Yes
application/x-java-applet;version=1.6 Yes
application/x-java-bean;version=1.6 Yes
application/x-java-applet;jpi-version=1.6.0_14 Yes
application/x-java-bean;jpi-version=1.6.0_14 Yes
Reporter | ||
Comment 8•16 years ago
|
||
After reviewing the crash data and seeing that "Cooliris" was mentioned twice in the user comments, I went back in and installed it and crashed in this stack. Breakpad is here:
http://crash-stats.mozilla.com/report/index/2fde3c68-528e-4bbe-9a5a-9d2ad2090702
Here is my config on this machine - I have several other addons as well:
User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Build ID: 20090624012136
Enabled Extensions: [11]
- Adblock Plus 1.0.2: http://adblockplus.org/
- Cooliris 1.11: http://www.cooliris.com/
- Crash Me Now! Advanced 0.2: http://ted.mielczarek.org/code/mozilla/
- Custom Buttons² 3.0.1: http://custombuttons2.com/
- Firebug 1.4.0b3: http://www.google.com/search?q=Firefox%20Firebug
- Firecookie 0.8: http://www.janodvarko.cz/firecookie
- FireFTP 1.0.5: http://fireftp.mozdev.org
- FirePHP 0.3.1: http://www.firephp.org/
- FlashGot 1.1.9.6: http://flashgot.net
- MR Tech Toolkit 6.0.3.4: http://www.mrtech.com/extensions/
- Status-bar Scientific Calculator 4.5: http://www.cse.iitb.ac.in/~sunnygoyal/statusscicalc.html
Disabled Extensions: [1]
- Google Desktop Search 1.1: http://desktop.google.com/
Total Extensions: 12
Installed Themes: [2]
- Chromifox Basic 1.1: http://42st.org/falconer/chromifox/
- Default: http://www.mozilla.org/
Installed Plugins: (12)
- Cooliris embbedded in a tab
- Coupons Inc. Plugin
- Default Plugin
- Flip4Mac Windows Media Plugin 2.2.1
- Java Embedding Plugin 0.9.7.1
- MoveNetworks Quantum Media Player
- QuickTime Plug-in 7.6.2
- Shockwave Flash
- Shockwave for Director
- Silverlight Plug-In
- Viewpoint Media Player (WPN)
- WARP Video Player
OS: Windows 7 → All
Hardware: x86 → All
Comment 9•16 years ago
|
||
Marcia, does it also crash with all the other add-ons disabled? Can you reproduce it with a new profile? WFM here with latest CoolIris add-on installed.
Reporter | ||
Comment 10•16 years ago
|
||
Have not yet been able to reproduce the crash, but it was interesting that it crashed once I installed Cooliris. Perhaps an interaction between Cooliris and one of the other extensions? Need to review the crash data once again and look for some clues in the comments.
Reporter | ||
Comment 11•16 years ago
|
||
Two of the latest comments in the crash status reference picasa, one mentions picasa download.
Comment 12•16 years ago
|
||
(In reply to comment #4)
> That's right, thanks for clarification. So lets hope you will find it again.
>
> Given the crash report we crash while accessing plugin->GetLength().
>
> 256 nsIDOMPlugin* plugin = nsnull;
> 257 if (pluginArray->Item(k, &plugin) == NS_OK) {
> 258 PRUint32 mimeTypeCount = 0;
> 259 if (plugin->GetLength(&mimeTypeCount) == NS_OK) {
> 260 nsCOMPtr<nsIDOMMimeType> item;
>
> Can pluginArray->Item return a non-modified parameter so we are accessing a
> null pointer?
There seems to be many cases when Item() returns NS_OK but a null plugin.
Whimboo, want to provide a patch for the null check? I could review.
Note, the code does null check in the previous loop just few lines above.
Comment 13•16 years ago
|
||
Olli, I would leave it up to the devs. I can investigate some issues but supplying a real fix isn't easy all the time. Especially in areas you don't have any knowledge.
Assignee | ||
Comment 14•16 years ago
|
||
Attachment #387028 -
Flags: review?(Olli.Pettay)
Assignee | ||
Updated•16 years ago
|
Attachment #387028 -
Attachment description: null check → null check [branch patch]
Comment 15•16 years ago
|
||
Comment on attachment 387028 [details] [diff] [review]
null check [branch patch]
While you're here, could you make plugin to be nsCOMPtr and change == NS_OK check to be NS_SUCCEEDED
Comment 16•16 years ago
|
||
Something very similar was done for the loop above
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=mozilla/dom/src/base&command=DIFF_FRAMESET&file=nsMimeTypeArray.cpp&rev2=1.26&rev1=1.25
Assignee | ||
Comment 17•16 years ago
|
||
Sure. I guess I'll upload a branch patch again if this is ever wanted there.
Attachment #387028 -
Attachment is obsolete: true
Attachment #387030 -
Flags: review?(Olli.Pettay)
Attachment #387028 -
Flags: review?(Olli.Pettay)
Assignee | ||
Comment 18•16 years ago
|
||
Sorry, uploaded the same thing :(
Here's the real one.
Attachment #387030 -
Attachment is obsolete: true
Attachment #387032 -
Flags: review?(Olli.Pettay)
Attachment #387030 -
Flags: review?(Olli.Pettay)
Updated•16 years ago
|
Attachment #387032 -
Flags: superreview+
Attachment #387032 -
Flags: review?(Olli.Pettay)
Attachment #387032 -
Flags: review+
Assignee | ||
Comment 19•16 years ago
|
||
If there's anyway to create a crash-test for this, lemme know. I can't reproduce the crash (I don't login to QMO), so if there's some sort of testcase I'll happily include it in the patch.
Keywords: checkin-needed
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → highmind63
Status: NEW → ASSIGNED
Reporter | ||
Comment 20•16 years ago
|
||
Unfortunately I have only crashed twice and have not been able to reproduce the crash, but will let you know if I am able to.
(In reply to comment #19)
> If there's anyway to create a crash-test for this, lemme know. I can't
> reproduce the crash (I don't login to QMO), so if there's some sort of testcase
> I'll happily include it in the patch.
Comment 21•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
Version: Trunk → 1.9.1 Branch
Comment 22•15 years ago
|
||
Hm. I just crashed with a very similar stack on 1.9.0.
bp-8fdf5a12-aa4e-44dd-b8cd-6ba752091114
I guess we didn't fix it there, did we? Oh well...
Updated•15 years ago
|
Whiteboard: [sg:dos]
(In reply to comment #22)
> I guess we didn't fix it there, did we? Oh well...
Or 1.9.1, where the crash was actually seen in the wild originally.
Assignee | ||
Comment 24•15 years ago
|
||
I don't mind taking this to 1.9.1/1.9.0 if it's wanted...
status1.9.1:
--- → ?
Flags: wanted1.9.0.x?
Comment 25•15 years ago
|
||
If it's just a null check, I'd say yes, but let me check with Dan first.
Updated•15 years ago
|
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Comment 26•15 years ago
|
||
Wanted! Let's get this fixed.
Note that there have been 767 crashes in the last week with this signature in Firefox 3.5.5.
Assignee | ||
Comment 27•15 years ago
|
||
Patch for 1.9.1. 1.9.0 coming up if this doesn't apply (I don't have a local tree to check on).
Attachment #412875 -
Flags: approval1.9.1.6?
Assignee | ||
Comment 28•15 years ago
|
||
This is already fixed on 1.9.0! Not sure who re-regressed it, but see: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla%2Fdom%2Fsrc%2Fbase%2FnsMimeTypeArray.cpp&rev=&cvsroot=%2Fcvsroot
It was fixed originally by bug 308778. Are there any crash stacks on 1.9.0 with this?
Flags: wanted1.9.0.x+ → wanted1.9.0.x?
Comment 29•15 years ago
|
||
See comment 22.
Assignee | ||
Comment 30•15 years ago
|
||
I must be crazy, it obviously does exist, the loop right above it was fixed, not the one below...
Patch for 1.9.0 in the morning hopefully. I guess wanted-1.9.0.x+ again...
Updated•15 years ago
|
Flags: wanted1.9.0.x? → wanted1.9.0.x+
Assignee | ||
Comment 31•15 years ago
|
||
Patch for cvs 1.9.0 branch.
Attachment #413072 -
Flags: approval1.9.0.16?
Updated•15 years ago
|
Keywords: testcase-wanted
Updated•15 years ago
|
Attachment #412875 -
Flags: approval1.9.1.6? → approval1.9.1.7?
Comment 32•15 years ago
|
||
Comment on attachment 413072 [details] [diff] [review]
1.9.0 patch
Pushing these noms out.
Attachment #413072 -
Flags: approval1.9.0.16? → approval1.9.0.17?
Comment 33•15 years ago
|
||
CC'ing Aakash and Carsten, who could eventually have an idea for a testcase.
Comment 34•15 years ago
|
||
Comment on attachment 412875 [details] [diff] [review]
191 patch
Approved for 1.9.1.7 and 1.9.0.17, a=dveditz for release-drivers
Attachment #412875 -
Flags: approval1.9.1.7? → approval1.9.1.7+
Updated•15 years ago
|
Attachment #413072 -
Flags: approval1.9.0.17? → approval1.9.0.17+
Assignee | ||
Updated•15 years ago
|
Keywords: checkin-needed
Whiteboard: [sg:dos] → [sg:dos] [c-n: 1.9.0 and 1.9.1]
Assignee | ||
Comment 35•15 years ago
|
||
Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2
Still need someone to push to 1.9.0...
Whiteboard: [sg:dos] [c-n: 1.9.0 and 1.9.1] → [sg:dos] [c-n: 1.9.0]
Comment 36•15 years ago
|
||
(In reply to comment #35)
> Pushed to 1.9.1: http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ca9293559ec2
>
> Still need someone to push to 1.9.0...
Dan, this still needs to get pushed to 1.9.0...
Comment 37•15 years ago
|
||
Checking in nsMimeTypeArray.cpp;
/cvsroot/mozilla/dom/src/base/nsMimeTypeArray.cpp,v <-- nsMimeTypeArray.cpp
new revision: 1.29; previous revision: 1.28
Keywords: fixed1.9.0.18
Updated•15 years ago
|
Whiteboard: [sg:dos] [c-n: 1.9.0] → [sg:dos]
Updated•15 years ago
|
Keywords: checkin-needed
Updated•14 years ago
|
Crash Signature: [@ nsMimeTypeArray::GetMimeTypes() ]
Updated•9 years ago
|
Keywords: testcase-wanted
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•