Closed
Bug 560974
Opened 14 years ago
Closed 14 years ago
Firefox 3.6.4 Crash [@ mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper(void*, int*, int*, _NPVariant*) ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(blocking1.9.2 .4+, status1.9.2 .4-fixed)
RESOLVED
FIXED
People
(Reporter: chofmann, Assigned: bent.mozilla)
Details
(Whiteboard: [qa-examined-192])
Attachments
(1 file)
836 bytes,
patch
|
jst
:
review+
christian
:
approval1.9.2.4+
|
Details | Diff | Splinter Review |
might be new in 3.6.4 and on trunk checking --- mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper 20100420-crashdata.csv found in: 3.6.4 3.7a5pre release total-crashes mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper crashes pct. all 339993 31 9.11783e-05 3.6.4 12392 21 0.00169464 3.7a5pre 1285 10 0.0077821 os breakdown mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelperTotal 31 Win5.1 0.74 Win6.0 0.16 Win6.1 0.06 stack looks like http://crash-stats.mozilla.com/report/index/4a22866c-fcef-4829-8483-bac792100419 0 xul.dll mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper dom/plugins/PluginScriptableObjectParent.cpp:1290 1 xul.dll NPObjWrapper_GetProperty modules/plugin/base/src/nsJSNPRuntime.cpp:1356 2 js3250.dll js_GetSprop js/src/jsscope.h:613 3 js3250.dll js_NativeGet js/src/jsobj.cpp:4109 4 js3250.dll js_Interpret js/src/jsops.cpp:1596 5 js3250.dll js_Invoke js/src/jsinterp.cpp:1368 6 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1423 7 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5112 8 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2169 9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:266 10 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1041 11 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1147 12 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:332 13 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:573 14 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6520 15 xul.dll PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6381 16 xul.dll nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:3994 17 xul.dll nsEventStateManager::PostHandleEvent more at http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=mozilla%3A%3Aplugins%3A%3APluginScriptableObjectParent%3A%3AGetPropertyHelper%28void*%2C%20int*%2C%20int*%2C%20_NPVariant*%29&version=Firefox%3A3.6.4 a lot of the sites seem to be international. domains of sites 9 http://my.mail.ru 2 http://apps.facebook.com 1 http://www.meebo.com 1 http://www.iranibash.com 1 http://www.google.co.in 1 http://www.apple.com 1 http://win.mail.ru 1 http://social.bidsystem.com 1 http://love.mail.ru 1 http://hotpads.com 1 http://forum.iranproud.com 1 http://finance.sina.com.cn 1 http://chatroulette.com 2 http://apps.facebook.com/onthefarm/index.php http://www.iranibash.com/series/Zan-Baba/Part-1 http://forum.iranproud.com/download-serial-ashpazbashi-c222#linkid5370 http://www.apple.com/ipad/ not much yet to go on yet. need to watch more crash data post throttle adjustment.
Reporter | ||
Comment 1•14 years ago
|
||
still around in the 3.6.4 2010 05 13 builds. currently #8 http://people.mozilla.com/~chofmann/crash-stats/20100516/topcrash364-20105013.html
blocking1.9.2: --- → ?
Comment 2•14 years ago
|
||
bent, I think NPObjWrapper_GetProperty needs a null-check, I'm pretty sure `actor` is null at http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/8fe06049502c/modules/plugin/base/src/nsJSNPRuntime.cpp#l1355, probably due to a crashed plugin object nulling it out.
Assignee: nobody → bent.mozilla
Assignee | ||
Comment 3•14 years ago
|
||
Yep, should have seen that...
Attachment #445816 -
Flags: review?(jst)
Attachment #445816 -
Flags: review?(joshmoz)
Updated•14 years ago
|
Attachment #445816 -
Flags: review?(jst) → review+
Assignee | ||
Comment 4•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/819d19b25ed7
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•14 years ago
|
Attachment #445816 -
Flags: review?(joshmoz)
Attachment #445816 -
Flags: approval1.9.2.5?
Attachment #445816 -
Flags: approval1.9.2.4?
Attachment #445816 -
Flags: approval1.9.2.5?
Attachment #445816 -
Flags: approval1.9.2.4?
Attachment #445816 -
Flags: approval1.9.2.4+
Comment on attachment 445816 [details] [diff] [review] Patch a=LegNeato for 1.9.2.4. Please land on both mozilla-1.9.2 default and GECKO1924_20100413_RELBRANCH
Assignee | ||
Comment 6•14 years ago
|
||
RELBRANCH: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/fbd3e6d9bff0 default: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/83a98299baca
blocking1.9.2: .4+ → ?
status1.9.2:
--- → .4-fixed
Comment 7•14 years ago
|
||
Did we identify any steps to reproduce for this issue or was it just an obvious code fix on investigation?
Whiteboard: [qa-examined-192]
Comment 8•14 years ago
|
||
Obvious code-fix. It may be possible to write a mochitest for it, though I tried and couldn't make the obvious thing crash.
Flags: in-testsuite?
Comment 10•14 years ago
|
||
It was fixed in 3.6.4
Comment 11•14 years ago
|
||
In internal stress testing of Silverlight plugin, we are seeing crashes quiet similar but might not be the same in 3.6.4. STACK_TEXT: xul!mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper+0x21 xul!NPObjWrapper_GetProperty+0xc5 js3250!js_Interpret+0x2dae js3250!js_Invoke+0x277 js3250!js_InternalInvoke+0x103 js3250!JS_CallFunctionValue+0x27 xul!nsJSContext::CallEventHandler+0x199 xul!nsGlobalWindow::RunTimeout+0x2db xul!nsGlobalWindow::TimerCallback+0x17 xul!nsTimerImpl::Fire+0x87 xul!nsTimerEvent::Run+0x20 xul!nsThread::ProcessNextEvent+0x210 xul!mozilla::ipc::MessagePump::Run+0x69 xul!MessageLoop::RunHandler+0x26 xul!MessageLoop::Run+0x1f xul!nsBaseAppShell::Run+0x34 xul!nsAppStartup::Run+0x1e xul!XRE_main+0xdc1 firefox!wmain+0x33b firefox!__tmainCRTStartup+0x152 kernel32!BaseThreadInitThunk+0xe ntdll!__RtlUserThreadStart+0x23 ntdll!_RtlUserThreadStart+0x1b
Comment 12•14 years ago
|
||
Please file new bugs, with real stacks using symbol-symbol debugging as noted already.
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•