[OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) [@ Abort ]

RESOLVED WORKSFORME

Status

()

Core
Plug-ins
RESOLVED WORKSFORME
9 years ago
7 years ago

People

(Reporter: u88484, Unassigned)

Tracking

({crash, crashreportid, regression})

Trunk
x86_64
Windows 7
crash, crashreportid, regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

9 years ago
At least a few of the videos on youporn.com crash the browser right after the video ends.  The link is NSFW so turn off the sound if you need to reproduce there.  Also, you can just skip to a few seconds before the end to reproduce without watching the video.

Version: 10.0.32.18
Shockwave Flash 10.0 r32

Using the 1216 trunk nightly
(Reporter)

Updated

9 years ago
Summary: [OOPP]: Videos on youporn.com crash browser after the videos end (NSFW Links) → [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links)
(Reporter)

Updated

9 years ago
Component: IPC → Plug-ins
QA Contact: ipc → plugins

Comment 1

9 years ago
Do you have crash report IDs, by any chance?
(Reporter)

Comment 2

9 years ago
Nope, crash reporter does not launch.
(Reporter)

Comment 4

9 years ago
Using today's second nightly, Firefox still crashes but the crash reporter did catch it.

http://crash-stats.mozilla.com/report/index/bp-74bdda94-a49a-47f1-bec8-07bfe2091216

I restored the same tab, Firefox hung after page loaded, killed the mozilla-runtime.exe process and got this crash

http://crash-stats.mozilla.com/report/index/c4aeefbc-26d2-4131-8b77-548b32091216

OT: Weird because I thought with Flash 10.1 (I updated to that after filing this bug) prohibited the crash reporter from launching.
(Reporter)

Updated

9 years ago
Keywords: crashreportid
Summary: [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) → [OOPP] Videos on youporn.com crash browser after the videos end (NSFW Links) [@ Abort ]

Comment 5

9 years ago
Signature	Abort
UUID	74bdda94-a49a-47f1-bec8-07bfe2091216
Time 	2009-12-16 22:21:42.77942
Uptime	81
Last Crash	44692 seconds before submission
Product	Firefox
Version	3.7a1pre
Build ID	20091216100208
Branch	1.9.3
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	AuthenticAMD family 15 model 104 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0x0
User Comments	
Processor Notes 	
Related Bugs

Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	Abort 	xpcom/base/nsDebugImpl.cpp:376
1 	NPSWF32.dll 	NPSWF32.dll@0x156561 	
2 	xul.dll 	mozilla::plugins::PStreamNotifyParent::Call__delete__ 	obj-firefox/ipc/ipdl/PStreamNotifyParent.cpp:64
3 	xul.dll 	mozilla::plugins::PluginInstanceParent::AnswerPStreamNotifyConstructor 	dom/plugins/PluginInstanceParent.cpp:289
4 	xul.dll 	mozilla::plugins::PPluginInstanceParent::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginInstanceParent.cpp:893
5 	xul.dll 	mozilla::plugins::PPluginModuleParent::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:415
6 	xul.dll 	mozilla::ipc::RPCChannel::DispatchIncall 	ipc/glue/RPCChannel.cpp:347

Comment 6

9 years ago
Signature	mozilla::plugins::PStreamNotifyChild::Register(mozilla::ipc::RPCChannel::RPCListener*)
UUID	c4aeefbc-26d2-4131-8b77-548b32091216
Time 	2009-12-16 22:22:25.566427
Uptime	40
Last Crash	46 seconds before submission
Product	Firefox
Version	3.7a1pre
Build ID	20091216100208
Branch	1.9.3
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	AuthenticAMD family 15 model 104 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0x44
User Comments	
Processor Notes 	
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	mozilla::plugins::PStreamNotifyChild::Register 	obj-firefox/ipc/ipdl/PBrowserStreamParent.cpp:333
1 	xul.dll 	mozilla::plugins::PPluginInstanceParent::DestroySubtree 	obj-firefox/ipc/ipdl/PPluginInstanceParent.cpp:1115
2 	xul.dll 	mozilla::plugins::PPluginModuleParent::DestroySubtree 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:549
3 	xul.dll 	mozilla::plugins::PPluginModuleParent::OnChannelError 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:489
4 	xul.dll 	mozilla::ipc::AsyncChannel::NotifyMaybeChannelError 	ipc/glue/AsyncChannel.cpp:279
5 	xul.dll 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:326

Comment 7

9 years ago
Comment #5 and Comment #6 are completely different bugs... let's make this one about comment #5, because there are other bugs about corrupted DestroySubtree stuff already.

The relevant code that's aborting in PStreamNotifyParent::Call__delete__ is

if ((1) == ((actor)->mId)) {
  NS_RUNTIMEABORT("actor has been delete'd");
}

ignoring the apostrophe, this either means:
1. that deleting an actor from within its constructor doesn't work
2. that the plugin host is calling NPP_URLNotify from within this stack frame (which destroys the actor), but then returns an error code which tries to destroy the actor again.

I'm going to try and figure out which it is next. cjones, do you know if #1 should work?
(In reply to comment #7)
> 1. that deleting an actor from within its constructor doesn't work

From within its C++ ctor or AnswerCtor()?  The former won't and shouldn't work, the latter should, testshell does that.
Can't repro on linux, although there's another fun bug where the (windowless) plugin starts to only draw when the browser is *invisible*.  Luckily I can repro with another page ;).
I'm pretty sure the bug of comment 5 is bug 536437, being caught by IPDL use-after-free checking instead of segfaulting because of jemalloc DEBUG freed-memory clobbering.
(Reporter)

Comment 11

9 years ago
Hmm, this now WFM.

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 12

9 years ago
You too Ben?  I was looking for confirmation that this also works for others.  I'm assuming bug 536437 somehow fixed this.

Comment 13

9 years ago
I didn't test youporn, no, but I'll take your word for it and we can reopen later if necessary.
(Assignee)

Updated

7 years ago
Crash Signature: [@ Abort ]
You need to log in before you can comment on or make changes to this bug.