Closed
Bug 562442
Opened 15 years ago
Closed 13 years ago
Crash in [@ nsPluginInstanceOwner::ReleasePluginPort(void*)]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox7 affected, firefox8 affected, firefox9 fixed, firefox10 fixed, status1.9.2 unaffected)
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox7 | --- | affected |
| firefox8 | --- | affected |
| firefox9 | --- | fixed |
| firefox10 | --- | fixed |
| status1.9.2 | --- | unaffected |
People
(Reporter: marcia, Assigned: jaas)
Details
(Keywords: crash, verified-aurora, verified-beta, Whiteboard: [sg:high][qa!])
Crash Data
Attachments
(2 files, 1 obsolete file)
|
1.45 KB,
patch
|
jimm
:
review+
|
Details | Diff | Splinter Review |
|
1.46 KB,
patch
|
jst
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Seen while running Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a5pre) Gecko/20100428 Minefield/3.7a5pre
https://crash-stats.mozilla.com/report/index/7c982f11-1f35-42ca-bb03-c34a92100428
STR:
1. I was composing an email in Gmail.
2. Added http://www.caltrain.com/pdf/Holiday_Schedules/Caltrain_Weekend_Holiday_Schedule_08-31-2009.pdf to the email and hit Send.
3. The crash occurred
Have not been able to repro
Frame Module Signature [Expand] Source
0 xul.dll nsPluginInstanceOwner::ReleasePluginPort layout/generic/nsObjectFrame.cpp:5725
1 xul.dll nsObjectFrame::CallSetWindow layout/generic/nsObjectFrame.cpp:1057
2 xul.dll nsObjectFrame::DidReflow layout/generic/nsObjectFrame.cpp:1149
3 xul.dll nsLineLayout::ReflowFrame layout/generic/nsLineLayout.cpp:967
4 xul.dll nsBlockFrame::ReflowInlineFrame layout/generic/nsBlockFrame.cpp:3716
5 xul.dll nsBlockFrame::DoReflowInlineFrames layout/generic/nsBlockFrame.cpp:3511
6 xul.dll nsBlockFrame::ReflowInlineFrames layout/generic/nsBlockFrame.cpp:3365
7 xul.dll nsBlockFrame::ReflowLine layout/generic/nsBlockFrame.cpp:2461
8 xul.dll nsBlockFrame::ReflowDirtyLines layout/generic/nsBlockFrame.cpp:1907
9 xul.dll nsBlockFrame::Reflow layout/generic/nsBlockFrame.cpp:1009
10 xul.dll nsContainerFrame::ReflowChild layout/generic/nsContainerFrame.cpp:736
11 xul.dll nsHTMLReflowState::Init layout/generic/nsHTMLReflowState.cpp:285
12 xul.dll nsCSSFrameConstructor::RestyleElement layout/base/nsCSSFrameConstructor.cpp:8007
13 @0x3802a3f
|
Reporter | |
Updated•15 years ago
|
Summary: Crash in [@nsPluginInstanceOwner::ReleasePluginPort(void*)] → Crash in [@ nsPluginInstanceOwner::ReleasePluginPort(void*)]
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a5pre) Gecko/20100603 Minefield/3.7a5pre
Works for me in the latest trunk build.
|
||
Comment 2•14 years ago
|
||
Happens also in XP in Fx4...
http://crash-stats.mozilla.com/report/index/f086e727-aa10-4215-8aa0-73d252101125
|
||
Updated•13 years ago
|
Crash Signature: [@ nsPluginInstanceOwner::ReleasePluginPort(void*)]
This will fix the crash but in cases where we would crash we'll leak the plugin port on Windows. That's much better than what happens now but this patch could be expanded to avoid the leak if someone takes the time to figure out how to re-factor the plugin port memory management here. We could file a separate bug on that and fix it later, a strategy that makes even more sense if we want to lower risk porting this patch to aurora and beta.
Attachment #570328 -
Flags: review?(bzbarsky)
Attachment #570328 -
Flags: review?(bzbarsky)
Includes a fix for the memory leak.
Attachment #570328 -
Attachment is obsolete: true
Attachment #570696 -
Flags: review?(jmathies)
|
||
Comment 5•13 years ago
|
||
Comment on attachment 570696 [details] [diff] [review]
fix v1.1
Looks ok to me.
Attachment #570696 -
Flags: review?(jmathies) → review+
Attachment #571075 -
Flags: approval-mozilla-aurora?
pushed to mozilla-central
http://hg.mozilla.org/mozilla-central/rev/978002c0b0ad
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Comment 8•13 years ago
|
||
Comment on attachment 571075 [details] [diff] [review]
aurora fix v1.0
a=drivers per today's meeting.
Attachment #571075 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
pushed to aurora
http://hg.mozilla.org/releases/mozilla-aurora/rev/3c039628db9b
status-firefox10:
--- → fixed
status-firefox7:
--- → affected
status-firefox8:
--- → affected
status-firefox9:
--- → fixed
|
||
Comment 10•13 years ago
|
||
Adding [qa+] for bug verification. We can try the steps in comment #0, but since we can't reproduce reliably we can check crash-stats before and after fix.
Whiteboard: sg:high → sg:high,[qa+]
|
||
Comment 11•13 years ago
|
||
I'm seeing no instances of this crash on crash-stats for anything newer than Firefox 8. Marking verified.
Status: RESOLVED → VERIFIED
Keywords: verified-aurora,
verified-beta
Whiteboard: sg:high,[qa+] → sg:high,[qa!]
|
||
Updated•13 years ago
|
Whiteboard: sg:high,[qa!] → [sg:high][qa!]
|
|
||
Comment 12•13 years ago
|
||
Does not appear to affect the 1.9.2 branch
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=nsPluginInstanceOwner%3A%3AReleasePluginPort%28void*%29&reason_type=contains&date=12%2F07%2F2011%2014%3A25%3A51&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=nsPluginInstanceOwner%3A%3AReleasePluginPort%28void*%29
status1.9.2:
--- → unaffected
|
|
||
Updated•13 years ago
|
Group: core-security
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•