Closed
Bug 535280
Opened 15 years ago
Closed 15 years ago
[OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) [@ Abort ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: u88484, Unassigned)
References
()
Details
(Keywords: crash, crashreportid, regression)
Crash Data
At least a few of the videos on youporn.com crash the browser right after the video ends. The link is NSFW so turn off the sound if you need to reproduce there. Also, you can just skip to a few seconds before the end to reproduce without watching the video. Version: 10.0.32.18 Shockwave Flash 10.0 r32 Using the 1216 trunk nightly
Summary: [OOPP]: Videos on youporn.com crash browser after the videos end (NSFW Links) → [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links)
Comment 1•15 years ago
|
||
Do you have crash report IDs, by any chance?
Using today's second nightly, Firefox still crashes but the crash reporter did catch it. http://crash-stats.mozilla.com/report/index/bp-74bdda94-a49a-47f1-bec8-07bfe2091216 I restored the same tab, Firefox hung after page loaded, killed the mozilla-runtime.exe process and got this crash http://crash-stats.mozilla.com/report/index/c4aeefbc-26d2-4131-8b77-548b32091216 OT: Weird because I thought with Flash 10.1 (I updated to that after filing this bug) prohibited the crash reporter from launching.
Keywords: crashreportid
Summary: [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) → [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) [@ Abort ]
Signature Abort UUID 74bdda94-a49a-47f1-bec8-07bfe2091216 Time 2009-12-16 22:21:42.77942 Uptime 81 Last Crash 44692 seconds before submission Product Firefox Version 3.7a1pre Build ID 20091216100208 Branch 1.9.3 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info AuthenticAMD family 15 model 104 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 User Comments Processor Notes Related Bugs Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll Abort xpcom/base/nsDebugImpl.cpp:376 1 NPSWF32.dll NPSWF32.dll@0x156561 2 xul.dll mozilla::plugins::PStreamNotifyParent::Call__delete__ obj-firefox/ipc/ipdl/PStreamNotifyParent.cpp:64 3 xul.dll mozilla::plugins::PluginInstanceParent::AnswerPStreamNotifyConstructor dom/plugins/PluginInstanceParent.cpp:289 4 xul.dll mozilla::plugins::PPluginInstanceParent::OnCallReceived obj-firefox/ipc/ipdl/PPluginInstanceParent.cpp:893 5 xul.dll mozilla::plugins::PPluginModuleParent::OnCallReceived obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:415 6 xul.dll mozilla::ipc::RPCChannel::DispatchIncall ipc/glue/RPCChannel.cpp:347
Signature mozilla::plugins::PStreamNotifyChild::Register(mozilla::ipc::RPCChannel::RPCListener*) UUID c4aeefbc-26d2-4131-8b77-548b32091216 Time 2009-12-16 22:22:25.566427 Uptime 40 Last Crash 46 seconds before submission Product Firefox Version 3.7a1pre Build ID 20091216100208 Branch 1.9.3 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info AuthenticAMD family 15 model 104 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x44 User Comments Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll mozilla::plugins::PStreamNotifyChild::Register obj-firefox/ipc/ipdl/PBrowserStreamParent.cpp:333 1 xul.dll mozilla::plugins::PPluginInstanceParent::DestroySubtree obj-firefox/ipc/ipdl/PPluginInstanceParent.cpp:1115 2 xul.dll mozilla::plugins::PPluginModuleParent::DestroySubtree obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:549 3 xul.dll mozilla::plugins::PPluginModuleParent::OnChannelError obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:489 4 xul.dll mozilla::ipc::AsyncChannel::NotifyMaybeChannelError ipc/glue/AsyncChannel.cpp:279 5 xul.dll MessageLoop::RunTask ipc/chromium/src/base/message_loop.cc:326
Comment 7•15 years ago
|
||
Comment #5 and Comment #6 are completely different bugs... let's make this one about comment #5, because there are other bugs about corrupted DestroySubtree stuff already. The relevant code that's aborting in PStreamNotifyParent::Call__delete__ is if ((1) == ((actor)->mId)) { NS_RUNTIMEABORT("actor has been delete'd"); } ignoring the apostrophe, this either means: 1. that deleting an actor from within its constructor doesn't work 2. that the plugin host is calling NPP_URLNotify from within this stack frame (which destroys the actor), but then returns an error code which tries to destroy the actor again. I'm going to try and figure out which it is next. cjones, do you know if #1 should work?
(In reply to comment #7) > 1. that deleting an actor from within its constructor doesn't work From within its C++ ctor or AnswerCtor()? The former won't and shouldn't work, the latter should, testshell does that.
Can't repro on linux, although there's another fun bug where the (windowless) plugin starts to only draw when the browser is *invisible*. Luckily I can repro with another page ;).
I'm pretty sure the bug of comment 5 is bug 536437, being caught by IPDL use-after-free checking instead of segfaulting because of jemalloc DEBUG freed-memory clobbering.
Reporter | ||
Comment 11•15 years ago
|
||
Hmm, this now WFM.
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 12•15 years ago
|
||
You too Ben? I was looking for confirmation that this also works for others. I'm assuming bug 536437 somehow fixed this.
Comment 13•15 years ago
|
||
I didn't test youporn, no, but I'll take your word for it and we can reopen later if necessary.
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ Abort ]
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•