Closed Bug 521558 Opened 16 years ago Closed 16 years ago

Crash [@RtlDeleteCriticalSection ] [@ NPSWF32.dll@0x154517 ]

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 520639

People

(Reporter: ted, Unassigned)

Details

Attachments

(1 file)

zipped up testcase
916 bytes, application/zip
Details
I crashed about 4 times yesterday with this same stack, so whatever this is it must be a recent problem. It could be Flashblock related, I haven't tried disabling that yet. Stack: 0 ntdll.dll RtlDeleteCriticalSection 1 NPSWF32.dll NPSWF32.dll@0x154517 2 NPSWF32.dll NPSWF32.dll@0x1334d7 3 xul.dll nsPluginTag::TryUnloadPlugin modules/plugin/base/src/nsPluginHost.cpp:975 4 xul.dll nsPluginTag::~nsPluginTag modules/plugin/base/src/nsPluginHost.cpp:771 5 xul.dll nsPluginTag::`scalar deleting destructor' 6 xul.dll nsPluginTag::Release modules/plugin/base/src/nsPluginHost.cpp:796 7 xul.dll nsRefPtr<nsDOMWorkerXHRUpload>::assign_assuming_AddRef obj-firefox/dist/include/nsAutoPtr.h:944 8 xul.dll nsRefPtr<nsPrincipal>::assign_with_AddRef obj-firefox/dist/include/nsAutoPtr.h:928 9 xul.dll nsPluginHost::ReloadPlugins modules/plugin/base/src/nsPluginHost.cpp:2574 10 xul.dll nsPluginArray::Refresh dom/base/nsPluginArray.cpp:214 11 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 12 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2710 http://crash-stats.mozilla.com/report/index/bp-672a28c7-d893-45d7-abde-b325a2091009 http://crash-stats.mozilla.com/report/index/d353f916-18ae-4ae6-acac-e0fbd2091009?p=1
What on earth has nsDOMWorkerXHRUpload to do with plugins.
I guess stack frames 7 and 8 must be mislabeled, since if you look at the code from frame 9: http://hg.mozilla.org/mozilla-central/annotate/abe269bb23ef/modules/plugin/base/src/nsPluginHost.cpp#l2574 It's clearly operating on an nsRefPtr<nsPluginTag>.
I disabled Flashblock and haven't crashed in the past few days, so that might be the key here. I'll try reenabling it and see if it reoccurs.
Attached file zipped up testcase
I see this crash occurring in this case. Open the file named 'pparentframe.htm' to get the crash, which usually occurs within 10 seconds for me. http://crash-stats.mozilla.com/report/index/f478d098-3b0c-48bc-a9c5-57add2091113 Perhaps bug 525889 is related?
I re-enabled flashblock and I hit this again today. I had disabled it a month ago, and hadn't crashed with it in the interim, so it appears that Flashblock is triggering this for me.
(In reply to comment #1) > What on earth has nsDOMWorkerXHRUpload to do with plugins. I noticed this again in bug 528843 comment 11. I believe this is a Visual C++ compiler bug. It appears to be producing incorrect debug info for this templated type. I saw the same confusing nsRefPtr<> types in a stack trace in WinDBG, so it's not Breakpad related.
This crashes me like crazy with Flashblock enabled. Anyone?
blocking2.0: --- → ?
This looks like a duplicate of bug 520639.
Yup, duping.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Group: core-security
blocking2.0: ? → ---
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: