Closed Bug 560974 Opened 15 years ago Closed 15 years ago

Firefox 3.6.4 Crash [@ mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper(void*, int*, int*, _NPVariant*) ]

Categories

(Core Graveyard :: Plug-ins, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(blocking1.9.2 .4+, status1.9.2 .4-fixed)

RESOLVED FIXED
Tracking Status
blocking1.9.2 --- .4+
status1.9.2 --- .4-fixed

People

(Reporter: chofmann, Assigned: bent.mozilla)

Details

(Whiteboard: [qa-examined-192])

Attachments

(1 file)

might be new in 3.6.4 and on trunk checking --- mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper 20100420-crashdata.csv found in: 3.6.4 3.7a5pre release total-crashes mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper crashes pct. all 339993 31 9.11783e-05 3.6.4 12392 21 0.00169464 3.7a5pre 1285 10 0.0077821 os breakdown mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelperTotal 31 Win5.1 0.74 Win6.0 0.16 Win6.1 0.06 stack looks like http://crash-stats.mozilla.com/report/index/4a22866c-fcef-4829-8483-bac792100419 0 xul.dll mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper dom/plugins/PluginScriptableObjectParent.cpp:1290 1 xul.dll NPObjWrapper_GetProperty modules/plugin/base/src/nsJSNPRuntime.cpp:1356 2 js3250.dll js_GetSprop js/src/jsscope.h:613 3 js3250.dll js_NativeGet js/src/jsobj.cpp:4109 4 js3250.dll js_Interpret js/src/jsops.cpp:1596 5 js3250.dll js_Invoke js/src/jsinterp.cpp:1368 6 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1423 7 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5112 8 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2169 9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:266 10 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1041 11 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1147 12 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:332 13 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:573 14 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6520 15 xul.dll PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6381 16 xul.dll nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:3994 17 xul.dll nsEventStateManager::PostHandleEvent more at http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=mozilla%3A%3Aplugins%3A%3APluginScriptableObjectParent%3A%3AGetPropertyHelper%28void*%2C%20int*%2C%20int*%2C%20_NPVariant*%29&version=Firefox%3A3.6.4 a lot of the sites seem to be international. domains of sites 9 http://my.mail.ru 2 http://apps.facebook.com 1 http://www.meebo.com 1 http://www.iranibash.com 1 http://www.google.co.in 1 http://www.apple.com 1 http://win.mail.ru 1 http://social.bidsystem.com 1 http://love.mail.ru 1 http://hotpads.com 1 http://forum.iranproud.com 1 http://finance.sina.com.cn 1 http://chatroulette.com 2 http://apps.facebook.com/onthefarm/index.php http://www.iranibash.com/series/Zan-Baba/Part-1 http://forum.iranproud.com/download-serial-ashpazbashi-c222#linkid5370 http://www.apple.com/ipad/ not much yet to go on yet. need to watch more crash data post throttle adjustment.
still around in the 3.6.4 2010 05 13 builds. currently #8 http://people.mozilla.com/~chofmann/crash-stats/20100516/topcrash364-20105013.html
blocking1.9.2: --- → ?
bent, I think NPObjWrapper_GetProperty needs a null-check, I'm pretty sure `actor` is null at http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/8fe06049502c/modules/plugin/base/src/nsJSNPRuntime.cpp#l1355, probably due to a crashed plugin object nulling it out.
Assignee: nobody → bent.mozilla
Attached patch PatchSplinter Review
Yep, should have seen that...
Attachment #445816 - Flags: review?(jst)
Attachment #445816 - Flags: review?(joshmoz)
Attachment #445816 - Flags: review?(jst) → review+
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Attachment #445816 - Flags: review?(joshmoz)
Attachment #445816 - Flags: approval1.9.2.5?
Attachment #445816 - Flags: approval1.9.2.4?
Attachment #445816 - Flags: approval1.9.2.5?
Attachment #445816 - Flags: approval1.9.2.4?
Attachment #445816 - Flags: approval1.9.2.4+
Comment on attachment 445816 [details] [diff] [review] Patch a=LegNeato for 1.9.2.4. Please land on both mozilla-1.9.2 default and GECKO1924_20100413_RELBRANCH
blocking1.9.2: ? → .4+
blocking1.9.2: ? → .4+
Did we identify any steps to reproduce for this issue or was it just an obvious code fix on investigation?
Whiteboard: [qa-examined-192]
Obvious code-fix. It may be possible to write a mochitest for it, though I tried and couldn't make the obvious thing crash.
Flags: in-testsuite?
Has this fix been released or will it be released in 3.6.7?
It was fixed in 3.6.4
In internal stress testing of Silverlight plugin, we are seeing crashes quiet similar but might not be the same in 3.6.4. STACK_TEXT: xul!mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper+0x21 xul!NPObjWrapper_GetProperty+0xc5 js3250!js_Interpret+0x2dae js3250!js_Invoke+0x277 js3250!js_InternalInvoke+0x103 js3250!JS_CallFunctionValue+0x27 xul!nsJSContext::CallEventHandler+0x199 xul!nsGlobalWindow::RunTimeout+0x2db xul!nsGlobalWindow::TimerCallback+0x17 xul!nsTimerImpl::Fire+0x87 xul!nsTimerEvent::Run+0x20 xul!nsThread::ProcessNextEvent+0x210 xul!mozilla::ipc::MessagePump::Run+0x69 xul!MessageLoop::RunHandler+0x26 xul!MessageLoop::Run+0x1f xul!nsBaseAppShell::Run+0x34 xul!nsAppStartup::Run+0x1e xul!XRE_main+0xdc1 firefox!wmain+0x33b firefox!__tmainCRTStartup+0x152 kernel32!BaseThreadInitThunk+0xe ntdll!__RtlUserThreadStart+0x23 ntdll!_RtlUserThreadStart+0x1b
Please file new bugs, with real stacks using symbol-symbol debugging as noted already.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: