Crash in [@ mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&) ]

RESOLVED FIXED

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: marcia, Assigned: jimm)

Tracking

({crash})

Trunk
x86
Windows Vista
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(3 attachments)

Seen while reviewing the Windows trunk crash reports and currently the #7 top crash on Windows. Some are startup crashes while a few seem to have significant uptime. No comments in the reports so far.

Signature	mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&)
UUID	1d785f00-0aee-4f6a-b939-517fb2100217
Process Type	plugin Version: Filename: NPSWF32.dll
Time 	2010-02-17 08:05:30.466238
Uptime	387
Product	Firefox
Version	3.7a2pre
Build ID	20100211050928
Branch	1.9.3
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 15 model 4 stepping 9
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0xffffffffff00c3fc
Email Address	
URL	
User Comments	
Processor Notes 	
Crashing Thread

Frame  	Module  	Signature [Expand]  	Source
0 		@0xc3fc84 	
1 	xul.dll 	mozilla::plugins::PPluginModuleChild::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginModuleChild.cpp:378
2 	xul.dll 	mozilla::ipc::RPCChannel::DispatchIncall 	ipc/glue/RPCChannel.cpp:372
3 	xul.dll 	mozilla::ipc::RPCChannel::Incall 	ipc/glue/RPCChannel.cpp:357
4 	xul.dll 	mozilla::ipc::RPCChannel::OnMaybeDequeueOne 	ipc/glue/RPCChannel.cpp:292
5 	xul.dll 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:326
6 	xul.dll 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:334
7 	xul.dll 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:434
8 	xul.dll 	base::MessagePumpForUI::DoRunLoop 	ipc/chromium/src/base/message_pump_win.cc:209
9 	xul.dll 	base::MessagePumpWin::RunWithDispatcher 	ipc/chromium/src/base/message_pump_win.cc:52
10 	xul.dll 	base::MessagePumpWin::Run 	ipc/chromium/src/base/message_pump_win.h:78
11 	xul.dll 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:211
12 	xul.dll 	MessageLoop::RunHandler 	
13 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:168
14 	xul.dll 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:165
15 	xul.dll 	`anonymous namespace'::ThreadFunc 	ipc/chromium/src/base/platform_thread_win.cc:26
16 	kernel32.dll 	BaseThreadStart

Comment 1

8 years ago
It's a plugin-process crash so it's not going to have comments (and is less important than browser-process crashes).
In almost all cases, the plugin for these crashes is
npFoxitReaderPlugin.dll

Comment 3

8 years ago
Yeah... I couldn't reproduce locally because foxit doesn't work at all (IPP or OOPP). It's really strange.

Updated

8 years ago
Assignee: nobody → jmathies
(Assignee)

Comment 5

8 years ago
Created attachment 430657 [details]
crash when closing tab
(Assignee)

Comment 6

8 years ago
Created attachment 430669 [details] [diff] [review]
null object/no error assert
(Assignee)

Comment 7

8 years ago
Created attachment 432173 [details] [diff] [review]
fix

Don't trust plugin return values for getvalue calls.
Attachment #432173 - Flags: review?
(Assignee)

Updated

8 years ago
Attachment #432173 - Flags: review? → review?(benjamin)

Updated

8 years ago
Attachment #432173 - Flags: review?(benjamin) → review+
(Assignee)

Comment 8

8 years ago
http://hg.mozilla.org/mozilla-central/rev/0ab4f3a39bb9

lets see how crashstats look in a few days.

Comment 9

8 years ago
Thank you! I can view pdfs again in Foxit Reader
(Assignee)

Comment 10

8 years ago
Going to go ahead and close this out. We had ~150 crashes on the build from the 13th, the build on the 14th has yet to report a single crash with this signature. If we see one this week we can re-open this up.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Comment 11

8 years ago
Here are a few other crash bugs worth keeping an eye on which appear to be fixed by this patch as well:

bug 544058 - 
mozilla::plugins::PluginModuleChild::UnregisterActorForNPObject(NPObject*)

bug 551508 - 
mozilla::ipc::RPCChannel::RPCListener::OnEnteredCxxStack()

bug 552305 - 
mozilla::plugins::PluginScriptableObjectChild::Unprotect()

A few other signatures that have no bugs that look promising:
 
mozilla::plugins::PluginInstanceChild::GetActorForNPObject(NPObject*)

mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&)

mozilla::plugins::PPluginModuleChild::OnMessageReceived(IPC::Message const&)

mozilla::plugins::PPluginScriptableObjectChild::OnCallReceived(IPC::Message const&, IPC::Message*&)
Crash Signature: [@ mozilla::plugins::PPluginModuleChild::OnCallReceived(IPC::Message const&, IPC::Message*&) ]
You need to log in before you can comment on or make changes to this bug.