Closed
Bug 588445
Opened 14 years ago
Closed 14 years ago
Crash in [@ mozilla::plugins::PPluginInstanceChild::OnCallReceived ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(blocking2.0 betaN+)
RESOLVED
DUPLICATE
of bug 593467
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: marcia, Assigned: BenWa)
References
Details
(Keywords: crash, Whiteboard: [4b2], [4b4])
Crash Data
Attachments
(1 file)
|
5.08 KB,
text/html
|
Details |
Seen while running Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b4) Gecko/20100817 Firefox/4.0b4. Using Flash Version: 10.1.82.76
STR:
1. Load vimeo.com and blip.tv
2. Right click to go into full screen
During one series of testing I got the beachball and crashed in this stack.
http://crash-stats.mozilla.com/report/index/bp-30f0aed3-b49a-45c2-bb9a-4a2492100817
Frame Module Signature [Expand] Source
0 libmozalloc.dylib mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:64
1 XUL NS_DebugBreak_P xpcom/base/nsDebugImpl.cpp:379
2 XUL mozilla::plugins::PPluginInstanceChild::OnCallReceived PPluginInstanceChild.cpp:1947
3 XUL mozilla::plugins::PPluginModuleChild::OnCallReceived PPluginModuleChild.cpp:546
4 XUL mozilla::ipc::RPCChannel::DispatchIncall ipc/glue/RPCChannel.cpp:510
5 XUL mozilla::ipc::RPCChannel::MaybeProcessDeferredIncall ipc/glue/RPCChannel.cpp:350
6 XUL mozilla::ipc::RPCChannel::OnMaybeDequeueOne ipc/glue/RPCChannel.cpp:415
7 XUL MessageLoop::DeferOrRunPendingTask ipc/chromium/src/base/message_loop.cc:339
8 XUL MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:447
9 XUL base::MessagePumpCFRunLoopBase::RunWorkSource ipc/chromium/src/base/message_pump_mac.mm:291
10 CoreFoundation __CFRunLoopDoSources0
11 CoreFoundation __CFRunLoopRun
12 CoreFoundation CFRunLoopRunSpecific
13 CoreFoundation CFRunLoopRunInMode
14 HIToolbox RunCurrentEventLoopInMode
15 HIToolbox ReceiveNextEventCommon
16 HIToolbox BlockUntilNextEventMatchingListInMode
17 AppKit _DPSNextEvent
18 AppKit -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
19 AppKit -[NSApplication run]
20 XUL base::MessagePumpNSApplication::DoRun ipc/chromium/src/base/message_pump_mac.mm:677
21 XUL base::MessagePumpCFRunLoopBase::Run ipc/chromium/src/base/message_pump_mac.mm:213
22 XUL MessageLoop::Run ipc/chromium/src/base/message_loop.cc:219
23 XUL XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:432
24 plugin-container main ipc/app/MozillaRuntimeMain.cpp:87
25 plugin-container plugin-container@0xf05
26 @0x4
|
Assignee | |
Comment 1•14 years ago
|
||
I posted this information pertaining to this issue in another bug:
Knowing what is at PPluginModuleChild.cpp:546 would let us know what message is
causing the de-serialization error, unfortunately the files are generated by
the build process and my line 546 does not correspond. I do know that the right
click menu uses ConvertPoint from PPluginModule if the crash was a result of
the right click menu.
|
Reporter | |
Comment 2•14 years ago
|
||
I was able to crash twice in this stack on this video: http://icanhascheezburger.com/2010/08/18/funny-pictures-video-pinball-kitteh/
While on the page, I click the play button, then initiated a Control click - I think the trick is to hold the Control key down for a moment before doing the right click - I seem to crash consistently when I do that.
Here is some stuff from the Console right around the time that the crash occurred:
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox _DPSNextEvent+0x0000034F [/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x00048A89]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]+0x0000009C [/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x000482CA]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox -[NSApplication run]+0x00000335 [/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x0000A55B]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox NS_InvokeByIndex_P+0x0003D8FD [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/XUL +0x00D880DD]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox NS_InvokeByIndex_P+0x0003CF76 [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/XUL +0x00D87756]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox NS_InvokeByIndex_P+0x0002B914 [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/XUL +0x00D760F4]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox XRE_InitChildProcess+0x0000033E [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/XUL +0x00010D6E]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox start+0x000000EC [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container +0x00000FBC]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox start+0x00000036 [/Users/marcia/Desktop/beta4/Firefox.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container +0x00000F06]
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! ABORT: [PPluginInstanceChild] abort()ing as a result: file PPluginInstanceChild.cpp, line 1947
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][RPCChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][RPCChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][RPCChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
8/18/10 10:40:49 AM [0x0-0x3d93d9].org.mozilla.firefox ###!!! [Parent][AsyncChannel] Error: Channel error: cannot send/recv
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
Whiteboard: [4b2] → [4b2], [4b4]
|
|
Reporter | |
Comment 3•14 years ago
|
||
http://abc.go.com/watch/greys-anatomy/SH559058/VD5569672/the-time-warp was playing in a sole tab, and when I revisited the tab it had crashed in this stack as well, without any right click intervention.
|
|
Assignee | |
Comment 4•14 years ago
|
||
I can't reproduce with the first link and the 2nd link is not available to Canada.
Can you run the following commands to enable additional logging and start firefox beta 4 from the commands line:
export NSPR_LOG_MODULES=Plugin:5,PluginNPP:5,PluginNPN:5,IPCPlugins:5
Maybe also take a quick look at about:support/about:config to see if any ipc preference are not set to their defaults.
|
|
Reporter | |
Comment 5•14 years ago
|
||
Attaching the console output after turning on logging.
The prefs in about:config seem to be OK - both flash and java are set to true.
|
||
Comment 6•14 years ago
|
||
Benoit, handing this to you, and marking this a blocker. If you think this should be assigned to someone else please say so :)
Assignee: nobody → b56girard
blocking2.0: ? → betaN+
|
|
Assignee | |
Comment 7•14 years ago
|
||
I'll take a look. I'm working on a patch to prevent FatalError from being inlined. This will let us know what IPC message causes the abort from the crash report.
|
|
Assignee | |
Comment 8•14 years ago
|
||
Can we reproduce this issue? I believe it may be the same issue as bug 593467. With a recent stacktrace with the patch for bug 589371 we should be able to tell if they are the same.
|
|
Reporter | |
Comment 10•14 years ago
|
||
I can reproduce the issue using the STR in Bug 590933 (see Comment 2) using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b7pre) Gecko/20100926 Firefox/4.0b7pre with Flash Version 10.1.82.76. My report is here but hasn't been processed yet: http://crash-stats.mozilla.com/report/pending/73b98908-3424-4571-8b0b-140742100927
To trigger the crash it seems you have to go all the way to the end of the increase text size range by using Command+ and then going back down using Command-
|
|
Reporter | |
Comment 11•14 years ago
|
||
The crash in Comment 10 is in [@ NS_StackWalk ], and I had another crash on another 10.6 machine in [@ NS_StackWalk ]. Do you want me to dupe this to Bug 593467?
http://crash-stats.mozilla.com/report/index/bp-14cfca81-973e-4120-b888-d727d2100927 was my other crash today in that stack.
|
|
Assignee | |
Comment 12•14 years ago
|
||
Yup with these reports we can confirm that they are the same problem. The relevant part is 'PPluginInstanceChild.cpp:1658' matches indicating that the crash is causes by the same invalid IPC message (until PPluginInstance.ipdl is changed).
Status: NEW → RESOLVED
Closed: 14 years ago
OS: Mac OS X → All
Resolution: --- → DUPLICATE
|
||
Updated•14 years ago
|
Crash Signature: [@ mozilla::plugins::PPluginInstanceChild::OnCallReceived ]
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•