Closed
Bug 560213
Opened 15 years ago
Closed 15 years ago
[OOPP] heap corruption when scripting a crashed plugin
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(blocking1.9.2 .4+, status1.9.2 .4-fixed)
RESOLVED
FIXED
People
(Reporter: benjamin, Assigned: benjamin)
References
Details
(Keywords: verified1.9.2)
Attachments
(2 files)
|
1.04 KB,
patch
|
Details | Diff | Splinter Review | |
|
978 bytes,
patch
|
bent.mozilla
:
review+
christian
:
approval1.9.2.4+
|
Details | Diff | Splinter Review |
When we try to create a PPluginIdentifier for a dead plugin, we double-delete a PluginIdentifierParent which leads to odd Firefox crashes and heap corruption. This was found as part of bug 559943, and also bug 558647 comment #5.
The bug is in PluginModuleParent::GetIdentifierForNPIdentifier when SendPPluginIdentifierConstructor fails: IPDL owns the actor and will delete it, the calling code shouldn't.
|
Assignee | |
Comment 1•15 years ago
|
||
This bug is probably responsible for most of the crashes [@ operator new(unsigned int) | <lots of frames here>] in 3.6.3plugin1.
blocking1.9.2: --- → ?
|
|
Assignee | |
Comment 2•15 years ago
|
||
|
|
Assignee | |
Comment 3•15 years ago
|
||
Attachment #439921 -
Flags: review?(bent.mozilla)
|
||
Updated•15 years ago
|
blocking1.9.2: ? → .4+
|
||
Updated•15 years ago
|
Attachment #439921 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 4•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/81d503e824a1
http://hg.mozilla.org/mozilla-central/rev/84921f0eb658
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•15 years ago
|
Attachment #439921 -
Flags: approval1.9.2.4?
Comment on attachment 439921 [details] [diff] [review]
Don't double-delete, rev. 1
a=LegNeato for 1.9.2.4
Attachment #439921 -
Flags: approval1.9.2.4? → approval1.9.2.4+
|
|
Assignee | |
Comment 7•15 years ago
|
||
1.9.2:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/a0fd28b9f118
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/9a502f8e1196
relbranch:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/c9dc77382545
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/66bd872fb79d
status1.9.2:
--- → .4-fixed
|
||
Comment 8•15 years ago
|
||
Is there a repro case for verifying this fix?
|
|
Assignee | |
Comment 9•15 years ago
|
||
Not really. It relied on the hang from bug 559943, which we also fixed. But it does come with an automated test, which I think is sufficient.
|
|
||
Comment 10•15 years ago
|
||
All right. Marking it as verified for 1.9.2 since the test is currently passing. :-)
Keywords: verified1.9.2
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•