Last Comment Bug 533030 - nsPluginHost::TrySetUpPluginInstance() can return with the plugin instance owner holding a non initialized instance.
: nsPluginHost::TrySetUpPluginInstance() can return with the plugin instance ow...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: All All
: -- normal (vote)
: ---
Assigned To: Josh Aas
:
Mentors:
Depends on:
Blocks: 491722
  Show dependency treegraph
 
Reported: 2009-12-04 17:20 PST by Johnny Stenback (:jst, jst@mozilla.com)
Modified: 2010-03-28 22:22 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.2+
.2-fixed
.9+
.9-fixed


Attachments
fix v1.0 (1.65 KB, patch)
2009-12-09 15:27 PST, Josh Aas
jst: review+
mbeltzner: approval1.9.2.2+
Details | Diff | Review
Fix for 1.9.1 (1.41 KB, patch)
2010-02-08 14:03 PST, Johnny Stenback (:jst, jst@mozilla.com)
jaas: review+
mbeltzner: approval1.9.1.9+
Details | Diff | Review

Description Johnny Stenback (:jst, jst@mozilla.com) 2009-12-04 17:20:16 PST
nsPluginHost::TrySetUpPluginInstance() right now contains the pseudo code:

  instance = CreateInstance()
  aOwner->SetInstance(instance)
  instance->Initialize()
  if (failed)
    return

which returns out of this code with the owner holding on to a plugin instance that was not successfully initialized. Depending on what happens next, this can cause problems down the road, especially if plugins are reloaded before the instance owner tries to tear down this instance. We should at the very least null out the instance in the owner when we fail to initialize the plugin instance here.
Comment 1 Josh Aas 2009-12-09 15:27:21 PST
Created attachment 416814 [details] [diff] [review]
fix v1.0
Comment 2 Josh Aas 2009-12-15 12:47:11 PST
pushed to mozilla-central

http://hg.mozilla.org/mozilla-central/rev/6515875bfbc3
Comment 3 Johnny Stenback (:jst, jst@mozilla.com) 2010-02-08 13:45:22 PST
We should take this fix for 1.9.2 since this fixes bug 491722.
Comment 4 Johnny Stenback (:jst, jst@mozilla.com) 2010-02-08 14:03:44 PST
Created attachment 425856 [details] [diff] [review]
Fix for 1.9.1
Comment 5 Mike Beltzner [:beltzner, not reading bugmail] 2010-02-24 13:00:20 PST
Comment on attachment 416814 [details] [diff] [review]
fix v1.0

a1922=beltzner
Comment 6 Josh Aas 2010-02-24 14:04:51 PST
pushed to mozilla-1.9.2

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/ecfa2e50f8d8
Comment 7 Mike Beltzner [:beltzner, not reading bugmail] 2010-03-05 13:31:38 PST
Josh, is that 1.9.1 patch ready to go? We need it to fix the blocker bug 491722.
Comment 8 Mike Beltzner [:beltzner, not reading bugmail] 2010-03-05 13:32:23 PST
Comment on attachment 425856 [details] [diff] [review]
Fix for 1.9.1

Actually, just a=beltzner for 1.9.1 on this patch. It's reviewed and all :)
Comment 9 Johnny Stenback (:jst, jst@mozilla.com) 2010-03-08 12:41:33 PST
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/2dd98f3f4d86
Comment 10 [On PTO until 6/29] 2010-03-22 14:58:44 PDT
Is there a way for QA to verify this fix?

Note You need to log in before you can comment on or make changes to this bug.