Closed
Bug 560974
Opened 15 years ago
Closed 15 years ago
Firefox 3.6.4 Crash [@ mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper(void*, int*, int*, _NPVariant*) ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(blocking1.9.2 .4+, status1.9.2 .4-fixed)
RESOLVED
FIXED
People
(Reporter: chofmann, Assigned: bent.mozilla)
Details
(Whiteboard: [qa-examined-192])
Attachments
(1 file)
836 bytes,
patch
|
jst
:
review+
christian
:
approval1.9.2.4+
|
Details | Diff | Splinter Review |
might be new in 3.6.4 and on trunk
checking --- mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper 20100420-crashdata.csv
found in: 3.6.4 3.7a5pre
release total-crashes
mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper crashes
pct.
all 339993 31 9.11783e-05
3.6.4 12392 21 0.00169464
3.7a5pre 1285 10 0.0077821
os breakdown
mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelperTotal 31
Win5.1 0.74
Win6.0 0.16
Win6.1 0.06
stack looks like
http://crash-stats.mozilla.com/report/index/4a22866c-fcef-4829-8483-bac792100419
0 xul.dll mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper dom/plugins/PluginScriptableObjectParent.cpp:1290
1 xul.dll NPObjWrapper_GetProperty modules/plugin/base/src/nsJSNPRuntime.cpp:1356
2 js3250.dll js_GetSprop js/src/jsscope.h:613
3 js3250.dll js_NativeGet js/src/jsobj.cpp:4109
4 js3250.dll js_Interpret js/src/jsops.cpp:1596
5 js3250.dll js_Invoke js/src/jsinterp.cpp:1368
6 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1423
7 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5112
8 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2169
9 xul.dll nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:266
10 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1041
11 xul.dll nsEventListenerManager::HandleEvent content/events/src/nsEventListenerManager.cpp:1147
12 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:332
13 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:573
14 xul.dll PresShell::HandleEventInternal layout/base/nsPresShell.cpp:6520
15 xul.dll PresShell::HandleEventWithTarget layout/base/nsPresShell.cpp:6381
16 xul.dll nsEventStateManager::CheckForAndDispatchClick content/events/src/nsEventStateManager.cpp:3994
17 xul.dll nsEventStateManager::PostHandleEvent
more at
http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=mozilla%3A%3Aplugins%3A%3APluginScriptableObjectParent%3A%3AGetPropertyHelper%28void*%2C%20int*%2C%20int*%2C%20_NPVariant*%29&version=Firefox%3A3.6.4
a lot of the sites seem to be international.
domains of sites
9 http://my.mail.ru
2 http://apps.facebook.com
1 http://www.meebo.com
1 http://www.iranibash.com
1 http://www.google.co.in
1 http://www.apple.com
1 http://win.mail.ru
1 http://social.bidsystem.com
1 http://love.mail.ru
1 http://hotpads.com
1 http://forum.iranproud.com
1 http://finance.sina.com.cn
1 http://chatroulette.com
2 http://apps.facebook.com/onthefarm/index.php
http://www.iranibash.com/series/Zan-Baba/Part-1
http://forum.iranproud.com/download-serial-ashpazbashi-c222#linkid5370
http://www.apple.com/ipad/
not much yet to go on yet. need to watch more crash data post throttle adjustment.
Reporter | ||
Comment 1•15 years ago
|
||
still around in the 3.6.4 2010 05 13 builds. currently #8
http://people.mozilla.com/~chofmann/crash-stats/20100516/topcrash364-20105013.html
blocking1.9.2: --- → ?
Comment 2•15 years ago
|
||
bent, I think NPObjWrapper_GetProperty needs a null-check, I'm pretty sure `actor` is null at http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/8fe06049502c/modules/plugin/base/src/nsJSNPRuntime.cpp#l1355, probably due to a crashed plugin object nulling it out.
Assignee: nobody → bent.mozilla
Assignee | ||
Comment 3•15 years ago
|
||
Yep, should have seen that...
Attachment #445816 -
Flags: review?(jst)
Attachment #445816 -
Flags: review?(joshmoz)
Updated•15 years ago
|
Attachment #445816 -
Flags: review?(jst) → review+
Assignee | ||
Comment 4•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•15 years ago
|
Attachment #445816 -
Flags: review?(joshmoz)
Attachment #445816 -
Flags: approval1.9.2.5?
Attachment #445816 -
Flags: approval1.9.2.4?
Attachment #445816 -
Flags: approval1.9.2.5?
Attachment #445816 -
Flags: approval1.9.2.4?
Attachment #445816 -
Flags: approval1.9.2.4+
Comment on attachment 445816 [details] [diff] [review]
Patch
a=LegNeato for 1.9.2.4. Please land on both mozilla-1.9.2 default and
GECKO1924_20100413_RELBRANCH
Assignee | ||
Comment 6•15 years ago
|
||
RELBRANCH: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/fbd3e6d9bff0
default: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/83a98299baca
blocking1.9.2: .4+ → ?
status1.9.2:
--- → .4-fixed
Comment 7•15 years ago
|
||
Did we identify any steps to reproduce for this issue or was it just an obvious code fix on investigation?
Whiteboard: [qa-examined-192]
Comment 8•15 years ago
|
||
Obvious code-fix. It may be possible to write a mochitest for it, though I tried and couldn't make the obvious thing crash.
Flags: in-testsuite?
Comment 10•15 years ago
|
||
It was fixed in 3.6.4
Comment 11•15 years ago
|
||
In internal stress testing of Silverlight plugin, we are seeing crashes quiet similar but might not be the same in 3.6.4.
STACK_TEXT:
xul!mozilla::plugins::PluginScriptableObjectParent::GetPropertyHelper+0x21
xul!NPObjWrapper_GetProperty+0xc5
js3250!js_Interpret+0x2dae
js3250!js_Invoke+0x277
js3250!js_InternalInvoke+0x103
js3250!JS_CallFunctionValue+0x27
xul!nsJSContext::CallEventHandler+0x199
xul!nsGlobalWindow::RunTimeout+0x2db
xul!nsGlobalWindow::TimerCallback+0x17
xul!nsTimerImpl::Fire+0x87
xul!nsTimerEvent::Run+0x20
xul!nsThread::ProcessNextEvent+0x210
xul!mozilla::ipc::MessagePump::Run+0x69
xul!MessageLoop::RunHandler+0x26
xul!MessageLoop::Run+0x1f
xul!nsBaseAppShell::Run+0x34
xul!nsAppStartup::Run+0x1e
xul!XRE_main+0xdc1
firefox!wmain+0x33b
firefox!__tmainCRTStartup+0x152
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x23
ntdll!_RtlUserThreadStart+0x1b
Comment 12•15 years ago
|
||
Please file new bugs, with real stacks using symbol-symbol debugging as noted already.
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•