Last Comment Bug 533030 - nsPluginHost::TrySetUpPluginInstance() can return with the plugin instance owner holding a non initialized instance.
: nsPluginHost::TrySetUpPluginInstance() can return with the plugin instance ow...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: All All
: -- normal (vote)
: ---
Assigned To: Josh Aas
:
: Benjamin Smedberg [:bsmedberg]
Mentors:
Depends on:
Blocks: 491722
  Show dependency treegraph
 
Reported: 2009-12-04 17:20 PST by Johnny Stenback (:jst, jst@mozilla.com)
Modified: 2010-03-28 22:22 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
.2+
.2-fixed
.9+
.9-fixed


Attachments
fix v1.0 (1.65 KB, patch)
2009-12-09 15:27 PST, Josh Aas
jst: review+
mbeltzner: approval1.9.2.2+
Details | Diff | Splinter Review
Fix for 1.9.1 (1.41 KB, patch)
2010-02-08 14:03 PST, Johnny Stenback (:jst, jst@mozilla.com)
jaas: review+
mbeltzner: approval1.9.1.9+
Details | Diff | Splinter Review

Description User image Johnny Stenback (:jst, jst@mozilla.com) 2009-12-04 17:20:16 PST
nsPluginHost::TrySetUpPluginInstance() right now contains the pseudo code:

  instance = CreateInstance()
  aOwner->SetInstance(instance)
  instance->Initialize()
  if (failed)
    return

which returns out of this code with the owner holding on to a plugin instance that was not successfully initialized. Depending on what happens next, this can cause problems down the road, especially if plugins are reloaded before the instance owner tries to tear down this instance. We should at the very least null out the instance in the owner when we fail to initialize the plugin instance here.
Comment 1 User image Josh Aas 2009-12-09 15:27:21 PST
Created attachment 416814 [details] [diff] [review]
fix v1.0
Comment 2 User image Josh Aas 2009-12-15 12:47:11 PST
pushed to mozilla-central

http://hg.mozilla.org/mozilla-central/rev/6515875bfbc3
Comment 3 User image Johnny Stenback (:jst, jst@mozilla.com) 2010-02-08 13:45:22 PST
We should take this fix for 1.9.2 since this fixes bug 491722.
Comment 4 User image Johnny Stenback (:jst, jst@mozilla.com) 2010-02-08 14:03:44 PST
Created attachment 425856 [details] [diff] [review]
Fix for 1.9.1
Comment 5 User image Mike Beltzner [:beltzner, not reading bugmail] 2010-02-24 13:00:20 PST
Comment on attachment 416814 [details] [diff] [review]
fix v1.0

a1922=beltzner
Comment 6 User image Josh Aas 2010-02-24 14:04:51 PST
pushed to mozilla-1.9.2

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/ecfa2e50f8d8
Comment 7 User image Mike Beltzner [:beltzner, not reading bugmail] 2010-03-05 13:31:38 PST
Josh, is that 1.9.1 patch ready to go? We need it to fix the blocker bug 491722.
Comment 8 User image Mike Beltzner [:beltzner, not reading bugmail] 2010-03-05 13:32:23 PST
Comment on attachment 425856 [details] [diff] [review]
Fix for 1.9.1

Actually, just a=beltzner for 1.9.1 on this patch. It's reviewed and all :)
Comment 9 User image Johnny Stenback (:jst, jst@mozilla.com) 2010-03-08 12:41:33 PST
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/2dd98f3f4d86
Comment 10 User image Al Billings [:abillings] 2010-03-22 14:58:44 PDT
Is there a way for QA to verify this fix?

Note You need to log in before you can comment on or make changes to this bug.