Closed
Bug 502403
Opened 15 years ago
Closed 15 years ago
Crash when selecting advanced pane in preferences dialog and having Google Gears v0.5.25.0 installed [@ nsOfflineCacheDevice::GetInstance]
Categories
(Firefox :: Extension Compatibility, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: fbrunner, Assigned: mayhemer)
References
Details
(Keywords: crash, Whiteboard: [Fixed by Google Gears])
Crash Data
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.9.1) Gecko/20090624 Firefox/3.5 GTB5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.9.1) Gecko/20090624 Firefox/3.5 GTB5 If I want to open the options menu (tools -> options) then firefox 3.5 keeps crashing. It doesn't matter on which page I currently am, it happens on every webpage Reproducible: Always Steps to Reproduce: 1. click on tools 2. click on options 3. crashed / crash report window opens Actual Results: firefox disappeared and instead the crashreporter appeared Expected Results: it should have opened the options window
Ok, I tested a little further and checked the extensions. I have installed a (unofficially) developer version of google gears (see http://groups.google.com/group/gears-users/msg/14d691d48e647f33) with the version: 0.5.25.0;developer;opt;win32;firefox I deactivated this extension, restarted firefox and tried again to access the options window and now it works
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Comment 2•15 years ago
|
||
Reporter, can you please give us a crash id which you can find when typing about:crashes into the location bar? The latest one would be sufficient. Thanks! Lets reopen the bug due to an extension should not crash Firefox. Let us investigate this problem.
Severity: normal → critical
Status: RESOLVED → UNCONFIRMED
Keywords: crash
Resolution: WORKSFORME → ---
Version: unspecified → 3.5 Branch
Updated•15 years ago
|
Component: Menus → Preferences
QA Contact: menus → preferences
Hi, Here is the crash ID 371ea2d2-fbea-46f2-91b2-166b72090705 thanks!
Comment 4•15 years ago
|
||
I'll check tomorrow if I'm able to reproduce the crash.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: crash when opening the options window → crash when opening the options window [@ nsOfflineCacheDevice::GetInstance]
Comment 5•15 years ago
|
||
(In reply to comment #3) > 371ea2d2-fbea-46f2-91b2-166b72090705 bp-371ea2d2-fbea-46f2-91b2-166b72090705 0 xul.dll ns_if_addref<nsOfflineCacheDevice*> obj-firefox/dist/include/xpcom/nsISupportsUtils.h:114 1 xul.dll nsOfflineCacheDevice::GetInstance netwerk/cache/src/nsDiskCacheDeviceSQL.cpp:954 2 xul.dll nsOfflineCacheDeviceConstructor netwerk/build/nsNetModule.cpp:205 3 xul.dll nsGenericFactory::CreateInstance obj-firefox/xpcom/build/nsGenericFactory.cpp:80 4 xul.dll nsComponentManagerImpl::CreateInstance xpcom/components/nsComponentManager.cpp:1601 5 xul.dll xul.dll@0x972aa7
Comment 6•15 years ago
|
||
Ok, this happens when you wanna show the advanced pane inside the preferences dialog.
Summary: crash when opening the options window [@ nsOfflineCacheDevice::GetInstance] → Crash when selecting advanced pane in preferences dialog [@ nsOfflineCacheDevice::GetInstance]
Comment 7•15 years ago
|
||
I'll attach a full log from windbg in a minute. Josh, it would be nice if you could have a look at it.
Component: Preferences → Networking: Cache
Product: Firefox → Core
QA Contact: preferences → networking.cache
Version: 3.5 Branch → 1.9.1 Branch
Comment 8•15 years ago
|
||
Updated•15 years ago
|
Summary: Crash when selecting advanced pane in preferences dialog [@ nsOfflineCacheDevice::GetInstance] → Crash when selecting advanced pane in preferences dialog and having Google Gears v0.5.25.0 installed [@ nsOfflineCacheDevice::GetInstance]
APPLICATION_FAULT_INVALID_POINTER_READ_Ed20.dll!Unloaded makes me wonder what exactly ed20.dll is... can you run firefox from windbg and provide that log?
Comment 10•15 years ago
|
||
There is no Ed20.dll on my system. Also it is not loaded on startup. The only DLL I can find is RichEd20.dll. No idea if Windbg is confused here?
Comment 11•15 years ago
|
||
windows doesn't try very hard to retain lists of unloaded modules... can you just run firefox from windbg w/ logging, crash it and attach the log?
Comment 12•15 years ago
|
||
(In reply to comment #11) > windows doesn't try very hard to retain lists of unloaded modules... > can you just run firefox from windbg w/ logging, crash it and attach the log? Is that different from attaching to the process? If not everything should be in my attached windbg log.
Comment 13•15 years ago
|
||
it is, hence my request :)
Comment 14•15 years ago
|
||
Josh, something was definitely wrong with the modules yesterday. Some minutes ago I run the same steps in my fresh build Shiretoko debug build on XP and there is no such dll listed anymore. Instead we really crash in necko.dll.
Comment 15•15 years ago
|
||
so... the cacheservice claims to be threadsafe. I claim it isn't really accessing mOfflineDevice in a threadsafe manner. CreateOfflineDevice can be called from all over.
Comment 16•15 years ago
|
||
So this should probably happen on all platforms, right? But since there is no development version of Google Gears for OS X I'm not able to test it.
Comment 17•15 years ago
|
||
(In reply to comment #16) > So this should probably happen on all platforms, right? But since there is no > development version of Google Gears for OS X I'm not able to test it. It happens on OS X as well, both with 0.5.25.0 and 0.5.26.0. You can obtain a build from here (it's even a debug build iirc): http://groups.google.com/group/gears-users/browse_thread/thread/1c11eb7bca12ee3e/bacb5088b9a6c86f
Updated•15 years ago
|
OS: Windows XP → All
Hardware: x86 → All
Comment 18•15 years ago
|
||
This sounds really bad. Honza, can you please look into this?
Flags: blocking1.9.2?
Flags: blocking1.9.1.1?
Assignee | ||
Comment 20•15 years ago
|
||
This really is bad. google gears implements "@mozilla.org/network/cache-service;1" and overwrites this way the cache service in Firefox (Gecko). In nsOfflineCacheDevice::GetInstance, where we crash, we do static cast to nsCacheService (to our implementation!) on object we get from do_GetService(kCacheServiceCID) to call the CreateOfflineDevice() private method. The object we get is google gears implementation and properties of the object are indeed messed up. We pass the condition if (mOfflineDevice) because there are some non-null bytes; then we do AddRef() on it -> crash. http://mxr.mozilla.org/mozilla-central/source/netwerk/cache/src/nsDiskCacheDeviceSQL.cpp#947 What's curious is that code on mozilla-central is the same as on mozilla-1.9.1. We should crash the same way... Any idea here? Maybe some restriction in XPCOM not to let extensions register it's own components we already have registered? The solution is to have a new interface and publish the CreateOfflineDevice() method to it; then do QI instead of static_casts (what's ugly anyway).
Comment 21•15 years ago
|
||
Er... We're getting the cache service by _CID_ here, not contractid. Same CID means same implementation. If Google Gears is registering their different implementation for the same CID, that's totally a bug in Google Gears, no?
Assignee | ||
Comment 22•15 years ago
|
||
True. But I'd say it's total hack, not bug... That's intentional.
Comment 23•15 years ago
|
||
OK, so they do in fact register with our CID. For revision 3379 in the Google Gears SVN repo, file http://gears.googlecode.com/svn/trunk/gears/localserver/firefox/cache_intercept.cc, we have: Lines 78-87: define the CID and contract for our cache service Line 673: get our cache service (by CID, correctly) Lines 694-697: register their own factory using our CID and contract They should be using a different CID for that last bit. We could still try to make the changes Honza proposes, but this really is a bug in Gears, pure and simple. In particular, Honza's fix would presumably just disable the offline cache when Gears is installed, which is not the right thing either, right? Honza, "total hack" makes no sense. The only place where we get the cache service by CID is right here, so if they overrode just the contract as they're supposed to everything but this one callsite would work fine and this callsite wouldn't crash. So yes, it's a bug. It's a clear violation of XPCOM rules. Would you call it a total hack if they were handing back non-addrefed objects from getters? Or not copying strings on get? Or returning NS_OK but not filling in out params? These are all no worse than what they're doing.
Comment 24•15 years ago
|
||
kev, do you mind getting in touch with the Gears folks about this?
Comment 25•15 years ago
|
||
forwarding now :)
Assignee | ||
Comment 26•15 years ago
|
||
(In reply to comment #23) > Honza, "total hack" makes no sense. I didn't know there was a way to change the cid bits and problem would be solved with leaving the contract id override working. Taking back :)
Comment 27•15 years ago
|
||
Forgive my lack of familiarity with this code (either side of it, really), but iirc, what we are trying to do here is wrap the built in cache service. If we were to register by our own class id, I wonder if Gears would still work? I suppose it depends on whether Mozilla usually asks for this service by contract ID or class ID.
Comment 28•15 years ago
|
||
Aaron see the last paragraph of comment 23, you should override the contract id, *but not* the class id. It would still work, and then code that makes assumptions about its' own classes would work as well...
Comment 29•15 years ago
|
||
Ok, I will try this out locally and see if things still appear to work. Is anyone aware of an HTML5 test page I can use to verify the Firefox feature works as well?
Comment 30•15 years ago
|
||
It appears to work: http://aaronboodman.com/z_dropbox/gears-win32-dbg-0.5.27.0.xpi ...if anyone wants to try it.
Assignee | ||
Comment 31•15 years ago
|
||
(In reply to comment #30) > It appears to work: > > http://aaronboodman.com/z_dropbox/gears-win32-dbg-0.5.27.0.xpi > > ...if anyone wants to try it. It's forbidden...
Updated•15 years ago
|
Component: Networking: Cache → Extension Compatibility
Flags: blocking1.9.2?
Product: Core → Firefox
QA Contact: networking.cache → extension.compatibility
Version: 1.9.1 Branch → 3.5 Branch
Comment 32•15 years ago
|
||
Balls, fixed now.
Updated•15 years ago
|
Whiteboard: [to be fixed by Gears]
Comment 33•15 years ago
|
||
Aaron, where can we get the fixed version to run a test against?
Flags: blocking1.9.1.1?
Comment 34•15 years ago
|
||
The fixed version was linked in comment #30: http://aaronboodman.com/z_dropbox/gears-win32-dbg-0.5.27.0.xpi The file was originally not marked to be served, so it was returning 403: Forbidden. But I fixed that. You may have to hard-refresh to see the change if you already tried to load it.
Comment 35•15 years ago
|
||
Thanks Aaron. That looks good. The crash is gone. Honsa, I believe we can close this bug now?
Comment 36•15 years ago
|
||
FWIW, the nasty hack was not as tasteless as it at first appeared. It turns out that we needed it this way in FF2. Obviously FF2 is old and nobody probably uses it anymore, but I thought you might like to know that it appears the hack was at least necessary at one point. See also: http://code.google.com/p/gears/source/browse/trunk/gears/localserver/firefox/cache_intercept.cc#694
Reporter | ||
Comment 37•15 years ago
|
||
thanks Aaron. It works for me. Still I hope that Google will publish a official version soon.
Comment 38•15 years ago
|
||
Works like a charm again on OS X as well. If anyone is interested: http://files.getdropbox.com/u/699312/gears-osx-opt-0.5.29.0.xpi
Assignee | ||
Comment 39•15 years ago
|
||
Fixed by fixing gears.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → WORKSFORME
Updated•15 years ago
|
Resolution: WORKSFORME → INVALID
Whiteboard: [to be fixed by Gears] → [Fixed by Google Gears]
Updated•13 years ago
|
Crash Signature: [@ nsOfflineCacheDevice::GetInstance]
You need to log in
before you can comment on or make changes to this bug.
Description
•