Closed
Bug 574095
Opened 15 years ago
Closed 15 years ago
crash loading test plugin on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml [@ _SetWindowLongPtr() | nsPluginNativeWindowWin::SubclassAndAssociateWindow]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(blocking2.0 final+)
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: bhearsum, Assigned: m_kato)
References
Details
(Keywords: 64bit, crash)
Crash Data
Attachments
(1 file)
|
7.30 KB,
patch
|
jaas
:
review+
|
Details | Diff | Splinter Review |
TEST-UNEXPECTED-FAIL | file:///C:/talos-slave/mozilla-central-w764-opt-u-crashtest/build/reftest/tests/layout/generic/crashtests/505912-1.html | Exited with code -1073740771 during test run
|
||
Comment 1•15 years ago
|
||
Without Breakpad on Win64 these are a pain to figure out. I'm building a local Win64 build with debug symbols to try this out, since it seems to be 100% reproducible. (I downloaded the build and test package and could repro it locally, but I don't have debug symbols for that build.)
|
|
||
Comment 2•15 years ago
|
||
Stack:
ffffffffe8a09cf4()
user32.dll!UserCallWinProcCheckWow() - 0xca3 bytes
user32.dll!DispatchClientMessage() + 0x5f bytes
user32.dll!__fnINOUTSTYLECHANGE() + 0x2f bytes
ntdll.dll!KiUserCallbackDispatcherContinue()
user32.dll!ZwUserSetWindowLongPtr() + 0xa bytes
user32.dll!_SetWindowLongPtr() + 0x68 bytes
> xul.dll!nsPluginNativeWindowWin::SubclassAndAssociateWindow() Line 561 C++
xul.dll!nsPluginNativeWindowWin::CallSetWindow(nsCOMPtr<nsIPluginInstance> & aPluginInstance={...}) Line 529 C++
xul.dll!nsPluginHost::InstantiateEmbeddedPlugin(const char * aMimeType=0x000000000c527e80, nsIURI * aURL=0x000000000025ddb0, nsIPluginInstanceOwner * aOwner=0x000007fee86a3b78) Line 2251 + 0x1c bytes C++
xul.dll!nsObjectFrame::InstantiatePlugin(nsIPluginHost * aPluginHost=0x000000000c527ed0, const char * aMimeType=0x0000000010648a90, nsIURI * aURI=0x0000000010648a90) Line 974 + 0x13 bytes C++
xul.dll!nsObjectFrame::Instantiate(const char * aMimeType=0x00000000108e0ac0, nsIURI * aURI=0x00000000108e0a48) Line 2108 C++
xul.dll!nsObjectLoadingContent::Instantiate(nsIObjectFrame * aFrame=0x000000000025dfc8, const nsACString_internal & aMIMEType={...}, nsIURI * aURI=0x000007fee8a251ff) Line 1885 C++
xul.dll!nsObjectLoadingContent::EnsureInstantiation(nsIPluginInstance * * aInstance=0x000000000025dfc8) Line 914 C++
xul.dll!nsHTMLPluginObjElementSH::GetPluginInstanceIfSafe(nsIXPConnectWrappedNative * wrapper=0x00000000108e0a90, JSObject * obj=0x00000000042b6bb0, nsIPluginInstance * * _result=0x00000000108e09f0) Line 9462 + 0x3 bytes C++
xul.dll!nsHTMLPluginObjElementSH::SetupProtoChain(nsIXPConnectWrappedNative * wrapper=0x00000000042b6bb0, JSContext * cx=0x0000000000000000, JSObject * obj=0x0000000003fc45a0) Line 9543 C++
xul.dll!nsHTMLPluginObjElementSH::PostCreate(nsIXPConnectWrappedNative * wrapper=0x0000000003fc45a0, JSContext * cx=0x0000000000000000, JSObject * obj=0x00000000108e09f0) Line 9663 C++
xul.dll!FinishCreate(XPCCallContext & ccx={...}, XPCWrappedNativeScope * Scope=0x0000000000000000, XPCNativeInterface * Interface=0x000000000025e3e8, nsWrapperCache * cache=0x0000000004728270, XPCWrappedNative * wrapper=0x0000000003fc45a0, XPCWrappedNative * * resultWrapper=0x000000000025e1f0) Line 661 C++
xul.dll!XPCWrappedNative::GetNewOrUsed(XPCCallContext & ccx={...}, nsISupports * Object=0x0000000000000000, XPCWrappedNativeScope * Scope=0x000000000501de70, XPCNativeInterface * Interface=0x0000000004728270, nsWrapperCache * cache=0x00000000108e09f8, int isGlobal=0, XPCWrappedNative * * resultWrapper=0x000000000025e1f0) Line 590 + 0x32 bytes C++
xul.dll!XPCConvert::NativeInterface2JSObject(XPCLazyCallContext & lccx={...}, __int64 * d=0x00000000038a00f0, nsIXPConnectJSObjectHolder * * dest=0x0000000000000000, nsISupports * src=0x000007fee82eda0e, const nsID * iid=0x000007fee8cd3a90, XPCNativeInterface * * Interface=0x000007fee8f4a208, nsWrapperCache * cache=0x00000000108e09f8, JSObject * scope=0x000000000f426a40, int allowNativeWrapper=1, int isGlobal=0, unsigned int * pErr=0x000000000025e330) Line 1204 C++
xul.dll!xpc_qsXPCOMObjectToJsval(XPCLazyCallContext & lccx={...}, nsISupports * p=0x00000000042b6bb0, nsWrapperCache * cache=0x0000000000000001, const nsID * iid=0x000007fee9db9465, XPCNativeInterface * * iface=0x000007fee8f4a208, __int64 * rval=0x00000000038a00f0) Line 1089 + 0x57 bytes C++
xul.dll!nsIDOMDocument_GetElementById(JSContext * cx=0x000000000e9ccd74, unsigned int argc=245157242, __int64 * vp=0x00000000042b6bb0) Line 3819 + 0x33 bytes C++
mozjs.dll!js_Interpret(JSContext * cx=0x0000000000000000) Line 2150 C++
mozjs.dll!js_Invoke(JSContext * cx=0x00000000042b6bb0, const js::InvokeArgsGuard & args={...}, unsigned int flags=256010048) Line 665 C++
mozjs.dll!js_InternalInvoke(JSContext * cx=0x00000000042b6bb0, JSObject * obj=0x0000000003f1e3a0, __int64 fval=256008384, unsigned int flags=69954480, unsigned int argc=1, __int64 * argv=0x000000001c104150, __int64 * rval=0x000000000025ea28) Line 694 + 0x10 bytes C++
mozjs.dll!JS_CallFunction(JSContext * cx=0x0000000003f1e3a0, JSObject * obj=0x0000000000000001, JSFunction * fun=0x000000000f4260c0, unsigned int argc=84293280, __int64 * argv=0x000000001c104150, __int64 * rval=0x000000000025ea28) Line 4635 C++
xul.dll!nsJSContext::CallEventHandler(nsISupports * aTarget=0x00000000050636a0, void * aScope=0x000000000b7916b0, void * aHandler=0x0000000000000000, nsIArray * aargv=0x000000000bdaeb10, nsIVariant * * arv=0x000000000025eb60) Line 2205 C++
xul.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x000007fee8372ecf) Line 230 C++
xul.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x000000000b7916b0, nsIDOMEventListener * aListener=0x000000000025f128, nsIDOMEvent * aDOMEvent=0x0000000004253990, nsPIDOMEventTarget * aCurrentTarget=0x00000000106bd0c8, unsigned int aPhaseFlags=6, nsCxPusher * aPusher=0x000000000025f088) Line 1094 + 0xc bytes C++
xul.dll!nsEventListenerManager::HandleEventInternal(nsPresContext * aPresContext=0x000000000e22d010, nsEvent * aEvent=0x0000000002c70000, nsIDOMEvent * * aDOMEvent=0x000000000025f070, nsPIDOMEventTarget * aCurrentTarget=0x00000000106bd0c8, unsigned int aFlags=6, nsEventStatus * aEventStatus=0x000000000025f078, nsCxPusher * aPusher=0x000000000025f088) Line 1192 C++
xul.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x000000000025f060, nsEvent * aEvent=0x000000000025f060, nsIDOMEvent * * aDOMEvent=0x000007fee8a2a575, nsPIDOMEventTarget * aCurrentTarget=0x00000000106bd0c8, unsigned int aFlags=6, nsEventStatus * aEventStatus=0x000000000025f078, nsCxPusher * aPusher=0x000000000025f088) Line 146 + 0x30 bytes C++
xul.dll!nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=46658088, int aMayHaveNewListenerManagers=237162512, nsCxPusher * aPusher=0x000000000025f088) Line 217 C++
xul.dll!nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor & aVisitor={...}, unsigned int aFlags=6, nsDispatchingCallback * aCallback=0x0000000000000000, int aMayHaveNewListenerManagers=0, nsCxPusher * aPusher=0x000000000025f088) Line 341 + 0x40 bytes C++
xul.dll!nsEventDispatcher::Dispatch(nsISupports * aTarget=0x0000000000000000, nsPresContext * aPresContext=0x000000000025f0f0, nsEvent * aEvent=0x0000000010b20000, nsIDOMEvent * aDOMEvent=0x0000000000000000, nsEventStatus * aEventStatus=0x000000000025f1a0, nsDispatchingCallback * aCallback=0x0000000000000000, nsCOMArray<nsPIDOMEventTarget> * aTargets=0x0000000000000000) Line 630 C++
xul.dll!DocumentViewerImpl::LoadComplete(unsigned int aStatus=3902947169) Line 1051 C++
xul.dll!nsDocShell::EndPageLoad(nsIWebProgress * aProgress=0x0000000000020010, nsIChannel * aChannel=0x0000000004d0c9f0, unsigned int aStatus=3901057715) Line 5764 C++
xul.dll!nsDocShell::OnStateChange(nsIWebProgress * aProgress=0x0000000002ccf968, nsIRequest * aRequest=0x0000000002ccf940, unsigned int aStateFlags=131088, unsigned int aStatus=0) Line 5638 C++
xul.dll!nsDocLoader::FireOnStateChange(nsIWebProgress * aProgress=0x0000000002ccf968, nsIRequest * aRequest=0x000000000e5467f8, int aStateFlags=2, unsigned int aStatus=0) Line 1321 + 0x27 bytes C++
xul.dll!nsDocLoader::doStopDocumentLoad(nsIRequest * request=0x0000000000000000, unsigned int aStatus=1) Line 940 C++
xul.dll!nsDocLoader::DocLoaderIsEmpty(int aFlushLayout=0) Line 807 C++
xul.dll!nsDocLoader::OnStopRequest(nsIRequest * aRequest=0x0000000000000000, nsISupports * aCtxt=0x0000000000000000, unsigned int aStatus=81248384) Line 704 C++
xul.dll!nsLoadGroup::RemoveRequest(nsIRequest * request=0x0000000000000000, nsISupports * ctxt=0x0000000000000000, unsigned int aStatus=3895386845) Line 680 + 0xf bytes C++
xul.dll!nsDocument::DoUnblockOnload() Line 6946 C++
xul.dll!nsDocument::UnblockOnload(int aFireSync=427467344) Line 6887 C++
xul.dll!nsDocument::DispatchContentLoadedEvents() Line 3888 C++
xul.dll!nsRunnableMethodImpl<void (__cdecl nsAttributeTextNode::*)(void) __ptr64,1>::Run() Line 348 C++
xul.dll!nsThread::ProcessNextEvent(int mayWait=0, int * result=0x0000000000000000) Line 547 + 0x6 bytes C++
xul.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x0000000000000001, int mayWait=5604864) Line 250 + 0xd bytes C++
xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate=0x0000000000000002) Line 118 + 0xb bytes C++
xul.dll!MessageLoop::RunHandler() Line 200 C++
xul.dll!MessageLoop::Run() Line 173 + 0x8 bytes C++
xul.dll!nsBaseAppShell::Run() Line 181 C++
xul.dll!nsAppStartup::Run() Line 193 C++
xul.dll!XRE_main(int argc=4672688, char * * argv=0x0000000000000000, const nsXREAppData * aAppData=0x0000000000000000) Line 3625 C++
firefox.exe!NS_internal_main(int argc=6, char * * argv=0x0000000000000000) Line 159 C++
Component: Layout → Plug-ins
QA Contact: layout → plugins
|
|
||
Updated•15 years ago
|
Summary: crash on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html → crash on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml
|
|
||
Comment 4•15 years ago
|
||
In fact, you can reproduce this crash if you have the test plugin available simply by loading:
data:text/html,<embed type="application/x-test" wmode="window">
Granted there probably aren't any 64-bit Windows plugins in the wild, but I think we shouldn't ship a 64-bit Windows build with this bug.
blocking2.0: --- → ?
Summary: crash on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml → crash loading test plugin on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml
|
Assignee | |
Comment 5•15 years ago
|
||
This may occurs with Java Plugin. Also this is only on Windows 7.
Also I will be analyzing with bug 575799, too.
Assignee: nobody → m_kato
|
|
Assignee | |
Comment 6•15 years ago
|
||
|
|
Assignee | |
Updated•15 years ago
|
Attachment #455623 -
Flags: review?(joshmoz)
Severity: normal → critical
Summary: crash loading test plugin on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml → crash loading test plugin on 64-bit win7 tests in /layout/generic/crashtests/505912-1.html , /tests/layout/generic/test/test_plugin_clipping.xhtml [@ _SetWindowLongPtr() | nsPluginNativeWindowWin::SubclassAndAssociateWindow]
|
|
||
Comment 8•15 years ago
|
||
Nice. I figured we were truncating a pointer somewhere, I just couldn't tell where.
Attachment #455623 -
Flags: review?(joshmoz) → review+
|
|
Assignee | |
Comment 9•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•15 years ago
|
blocking2.0: ? → final+
|
||
Comment 10•15 years ago
|
||
This is already fixed?
I have a problem with Java everywhere. For example:
http://upload.youtube.com/my_videos_upload?restrict=java
It nearly always crashs at this site. Is this bug related to the other one?
____
Mozilla/5.0 (Windows NT 6.0; rv:2.0b6) Gecko/20100101 Firefox/4.0b6
|
|
Assignee | |
Comment 11•15 years ago
|
||
(In reply to comment #10)
> This is already fixed?
> I have a problem with Java everywhere. For example:
> http://upload.youtube.com/my_videos_upload?restrict=java
> It nearly always crashs at this site. Is this bug related to the other one?
>
> ____
> Mozilla/5.0 (Windows NT 6.0; rv:2.0b6) Gecko/20100101 Firefox/4.0b6
another bug. maybe, it is bug 601355. (Please turned off JM if you want to use 20101001 or later).
|
||
Updated•14 years ago
|
Crash Signature: [@ _SetWindowLongPtr() | nsPluginNativeWindowWin::SubclassAndAssociateWindow]
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•