Closed
Bug 552866
Opened 15 years ago
Closed 15 years ago
PluginModuleParent::NotifyPluginCrashed can still be run from a nested context
Categories
(Core Graveyard :: Plug-ins, defect)
Core Graveyard
Plug-ins
Tracking
(status1.9.2 .4-fixed)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | .4-fixed |
People
(Reporter: cjones, Assigned: cjones)
References
Details
(Whiteboard: [fixed-lorentz])
Attachments
(1 file)
|
982 bytes,
patch
|
benjamin
:
review+
|
Details | Diff | Splinter Review |
See http://crash-stats.mozilla.com/report/index/72842f28-cc99-464e-abf7-befe92100316
Following in the grand traditions of bug 546035, bug 550026, and bug 552014, we have another way this task can be processed in a nested loop. Problem is, this backtrace doesn't allow for full diagnosis, but there are two options AFAICT. In both cases, the problem is calling PluginModuleParent::Close() from a nested context.
(1) Plugin was killed by the hang detector. The CleanupFromTimeoutTask generated by hangs doesn't guard against running in a nested context and calls Close().
(2) Plugin crashed during the nested loop, some NPAPI call failed, and nsNPAPIPlugin called NP_Shutdown from the nested loop (which also goes into Close()).
We can fix both cases by resurrecting the (ugly :S) patch from bug 550026 that guarded against running NotifyPluginCrashed() in a nested context. C'est la guerre.
Addendum: this backtrace concerns me in that hints at a modal dialog keeping FF in a nested loop after the plugin crashed. Is it possible for a web app (and hence plugin) to throw a modal dialog that can only be dismissed by script? I'm guessing not, but if so, then we have a case where a plugin can perma-freeze the FF UI after crashing.
|
Assignee | |
Comment 1•15 years ago
|
||
This last hack was the tipping point for me, filed bug 552869 on the broken architecture.
Attachment #432982 -
Flags: review?(benjamin)
|
|
Assignee | |
Comment 2•15 years ago
|
||
(In reply to comment #1)
> This last hack was the tipping point for me, filed bug 552869 on the broken
> architecture.
(Though still don't think it should block OOPP.)
|
|
Assignee | |
Updated•15 years ago
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 432982 [details] [diff] [review]
Don't run NotifyPluginCrashed from a nested context, srsly
ugh, unhappiness but ok
Attachment #432982 -
Flags: review?(benjamin) → review+
|
|
Assignee | |
Comment 4•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 5•15 years ago
|
||
Whiteboard: [fixed-lorentz]
|
||
Comment 6•15 years ago
|
||
Blanket approval for Lorentz merge to mozilla-1.9.2
a=beltzner for 1.9.2.4 - please make sure to mark status1.9.2:.4-fixed
|
|
||
Comment 7•15 years ago
|
||
Merged into 1.9.2 at http://hg.mozilla.org/releases/mozilla-1.9.2/rev/84ba4d805430
status1.9.2:
--- → .4-fixed
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•