Flash 10.1 usually crashes when instantiating an instance out-of-process on Mac OS X. Thread 2 Crashed: 0 ...dia.FlashPlayer-10.6.plugin 0x0717c6b1 FlashPlayer_10_1_51_95_FlashPlayer + 3521 1 XUL 0x01290efc mozilla::plugins::PluginInstanceChild::AnswerNPP_SetWindow(mozilla::plugins::NPRemoteWindow const&) + 232 (PluginInstanceChild.cpp:774) 2 XUL 0x01327034 mozilla::plugins::PPluginInstanceChild::OnCallReceived(IPC::Message const&, IPC::Message*&) + 1340 (PPluginInstanceChild.cpp:1173)
It looks to me like Flash's NPP_SetWindow function is trying to access an offset to a NULL pointer. I haven't been able to find anything wrong with our code that might be causing this. Whatever Flash is doing, it sometimes (though very rarely) gets lucky and doesn't crash, in which case the instance will run.
Created attachment 435445 [details] [diff] [review] fix v1.0 Flash is crashing because we give it uninitialized memory for NPP_t.pdata, a pointer, and when the uninitialized pointer is non-null Flash tries to use it. Flash 10.1b3 works pretty well with this patch.
Severity: normal → critical
Summary: [OOP] Flash 10.1 usually crashes when instantiating an instance → [OOP] Flash 10.1 usually crashes when instantiating an instance [@ FlashPlayer_10_1_51_95_FlashPlayer + 3521 | mozilla::plugins::PluginInstanceChild::AnswerNPP_SetWindow]
Created attachment 435611 [details] [diff] [review] fix v1.0 w/test
pushed to mozilla-central http://hg.mozilla.org/mozilla-central/rev/4e6ea8453f84
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Blanket approval for Lorentz merge to mozilla-1.9.2 a=beltzner for 22.214.171.124 - please make sure to mark status1.9.2:.4-fixed
Merged into 1.9.2 at http://hg.mozilla.org/releases/mozilla-1.9.2/rev/84ba4d805430
status1.9.2: --- → .4-fixed
I'm not seeing Flash crashes on 126.96.36.199pre builds. Is there anything else to be done here?
Crash Signature: [@ FlashPlayer_10_1_51_95_FlashPlayer + 3521 | mozilla::plugins::PluginInstanceChild::AnswerNPP_SetWindow]
You need to log in before you can comment on or make changes to this bug.