plugin process crash with null NPPluginFuncs::getvalue [@ @0x0 | mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&)]

RESOLVED FIXED

Status

()

Core
Plug-ins
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: karlt, Assigned: karlt)

Tracking

({crash, testcase})

Trunk
x86
All
crash, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
STR: load data:text/html,<embed type="application/x-print-unix-nsplugin">

-1366832816[2455a90]: virtual bool mozilla::plugins::PluginModuleChild::AnswerPPluginInstanceConstructor(mozilla::plugins::PPluginInstanceChild*, const nsCString&, const uint16_t&, const nsTArray<nsCString>&, const nsTArray<nsCString>&, NPError*) [2453b58]
-1366832816[2455a90]: void* mozilla::plugins::child::_memalloc(uint32_t)
-1366832816[2455a90]: void* mozilla::plugins::child::_memalloc(uint32_t)

###!!! [Parent][RPCChannel] Error: Channel error: cannot send/recv

#5  0x0000000000000000 in ?? ()
#6  0x00007f01b8b74e31 in mozilla::plugins::PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginNeedsXEmbed (this=0x26590d0, needs=0x7f01ae87b555, 
    rv=0x7f01ae87b552)
    at /home/karl/moz/dev/dom/plugins/PluginInstanceChild.cpp:313
#7  0x00007f01b8bddcf4 in mozilla::plugins::PPluginInstanceChild::OnCallReceived (this=0x26590d0, msg=@0x7f01ae87b9d0, reply=@0x7f01ae87b908)
    at PPluginInstanceChild.cpp:1090
#8  0x00007f01b8bda090 in mozilla::plugins::PPluginModuleChild::OnCallReceived
    (this=0x2453b58, msg=@0x7f01ae87b9d0, reply=@0x7f01ae87b908)
    at PPluginModuleChild.cpp:378
(gdb) f 6
#6  0x00007f01b8b74e31 in mozilla::plugins::PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginNeedsXEmbed (this=0x26590d0, needs=0x7f01ae87b555, 
    rv=0x7f01ae87b552)
    at /home/karl/moz/dev/dom/plugins/PluginInstanceChild.cpp:313
(gdb) p *mPluginIface
$2 = {size = 120, version = 23, newp = 0x7f01a5977e25 <Private_New>, 
  destroy = 0x7f01a5977e80 <Private_Destroy>, 
  setwindow = 0x7f01a5977e9f <Private_SetWindow>, 
  newstream = 0x7f01a5977ec6 <Private_NewStream>, 
  destroystream = 0x7f01a5977f8f <Private_DestroyStream>, 
  asfile = 0x7f01a5977f68 <Private_StreamAsFile>, 
  writeready = 0x7f01a5977f07 <Private_WriteReady>, 
  write = 0x7f01a5977f2c <Private_Write>, 
  print = 0x7f01a597800c <Private_Print>, event = 0, 
  urlnotify = 0x7f01a5977fbe <Private_URLNotify>, javaClass = 0x0, 
  getvalue = 0, setvalue = 0}
(Assignee)

Updated

8 years ago
Keywords: crash, testcase
(Assignee)

Updated

8 years ago
Blocks: 544088
(Assignee)

Comment 1

8 years ago
Created attachment 425088 [details] [diff] [review]
patch

NPPVpluginWindowBool and NPPVpluginTransparentBool need to be used in
NPN_SetValue.
https://developer.mozilla.org/en/NPN_SetValue

They are not used in NPP_GetValue
either from Mozilla or in the example plugins.
I'll correct https://developer.mozilla.org/En/NPP_GetValue
after review.
Attachment #425088 - Flags: review?(jones.chris.g)
Attachment #425088 - Flags: review?(jones.chris.g) → review+
Comment on attachment 425088 [details] [diff] [review]
patch

>diff --git a/dom/plugins/PluginInstanceChild.cpp b/dom/plugins/PluginInstanceChild.cpp
>--- a/dom/plugins/PluginInstanceChild.cpp
>+++ b/dom/plugins/PluginInstanceChild.cpp
> bool
> PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginScriptableNPObject(
>                                           PPluginScriptableObjectChild** aValue,
>                                           NPError* aResult)
> {
>     AssertPluginThread();
> 
>     NPObject* object;
>-    NPError result = mPluginIface->getvalue(GetNPP(),
>-                                            NPPVpluginScriptableNPObject,
>-                                            &object);
>+    NPError result = NPERR_GENERIC_ERROR;
>+    if (mPluginIface->getvalue) {
>+        mPluginIface->getvalue(GetNPP(), NPPVpluginScriptableNPObject,
>+                               &object);
>+    }

I think you mean

    NPError result = NPERR_GENERIC_ERROR;
    if (mPluginIface->getvalue) {
        result = mPluginIface->getvalue(GetNPP(), NPPVpluginScriptableNPObject,
                                        &object);
    }

r+ with that fix.
(Assignee)

Comment 3

8 years ago
http://hg.mozilla.org/mozilla-central/rev/eb6f6ce70ef0

Might be able to automatically test this if the unixprinting sample plugin is packaged for test machines.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Flags: in-testsuite?
Resolution: --- → FIXED

Updated

8 years ago
Whiteboard: also crash [@ @0x0 | mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&)]
(Assignee)

Updated

8 years ago
Duplicate of this bug: 545960
(Assignee)

Updated

8 years ago
OS: Linux → All
Summary: plugin process crash with null NPPluginFuncs::getvalue [@ @0x0 | mozilla::plugins::PluginInstanceChild::AnswerNPP_GetValue_NPPVpluginNeedsXEmbed(bool*, NPError*) ] → plugin process crash with null NPPluginFuncs::getvalue [@ @0x0 | mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&)]
Whiteboard: also crash [@ @0x0 | mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&)]
Crash Signature: [@ @0x0 | mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&)]
You need to log in before you can comment on or make changes to this bug.