Closed Bug 614979 Opened 9 years ago Closed 9 years ago

Flash Plugin Crashes [@ RtlEnterCriticalSection ]

Categories

(Core :: Plug-ins, defect, critical)

All
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla2.0b8
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: scott001, Assigned: benjamin)

References

()

Details

(Keywords: regression, topcrash)

Crash Data

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101126 Firefox/4.0b8pre
Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101126 Firefox/4.0b8pre

For the past week or 2 I have been getting floods of crashes, this is the #1 top crasher right now on crash-stats.

Reproducible: Always

Steps to Reproduce:
1. Goto [@ RtlEnterCriticalSection ] 
2. Set play to 1080p, play, make it full screen.
3. Escape Fullscreen then reload page or close tab
4. Check about:crashes on tab close or see plugin crash on reload
Actual Results:  
Plugin crashes with RtlEnterCriticalSection

Expected Results:  
No Crash

http://crash-stats.mozilla.com/report/index/f5a3a1e6-23a0-4812-9f13-b53b92101126

File: NPSWF32.dll
Version: 10.1.102.64
Shockwave Flash 10.1 r102

Adapter Description: NVIDIA GeForce G102M
Vendor ID: 10de
Device ID: 0873
Adapter RAM: 512
Adapter Drivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Driver Version: 8.17.12.6099
Driver Date: 10-16-2010
Direct2D Enabled: true
DirectWrite Enabled: true
GPU Accelerated Windows: 1/1 Direct3D 10
(In reply to comment #0)
> User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre)
> Gecko/20101126 Firefox/4.0b8pre
> Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre)
> Gecko/20101126 Firefox/4.0b8pre
> 
> For the past week or 2 I have been getting floods of crashes, this is the #1
> top crasher right now on crash-stats.
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> 1. Goto http://www.youtube.com/watch?v=Cj6ho1-G6tw 
> 2. Set play to 1080p, play, make it full screen.
> 3. Escape Fullscreen then reload page or close tab
> 4. Check about:crashes on tab close or see plugin crash on reload
> Actual Results:  
> Plugin crashes with RtlEnterCriticalSection
> 
> Expected Results:  
> No Crash
> 
> http://crash-stats.mozilla.com/report/index/f5a3a1e6-23a0-4812-9f13-b53b92101126
> 
> File: NPSWF32.dll
> Version: 10.1.102.64
> Shockwave Flash 10.1 r102
> 
> Adapter Description: NVIDIA GeForce G102M
> Vendor ID: 10de
> Device ID: 0873
> Adapter RAM: 512
> Adapter Drivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
> Driver Version: 8.17.12.6099
> Driver Date: 10-16-2010
> Direct2D Enabled: true
> DirectWrite Enabled: true
> GPU Accelerated Windows: 1/1 Direct3D 10
Regression window(cached hourly):
Works;
http://hg.mozilla.org/mozilla-central/rev/c81efbbacc62
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101021 Firefox/4.0b8pre ID:20101021162014
Fails;
http://hg.mozilla.org/mozilla-central/rev/e5f3177aa3bc
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101021 Firefox/4.0b8pre ID:20101021160721
Pushlog;
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c81efbbacc62&tochange=e5f3177aa3bc
Blocks: 596094
Status: UNCONFIRMED → NEW
blocking2.0: --- → ?
Ever confirmed: true
Keywords: regression
Target Milestone: --- → mozilla2.0
Version: unspecified → Trunk
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 607299
Steps to reproduce this one..

1. Load http://www.youtube.com/watch?v=Cj6ho1-G6tw
2. Change to 1080p, play, enter full screen
3. Exit full screen and reload the tab or close the tab
4. log crash
Commented to wrong bug but it applies on this duplicate too.
Jim, the regression window in comment 2 here indicates that this was triggered by your changes, but the bug this is marked a dupe of, which is itself marked a dupe of bug 556194 goes much farther back than the regression range that Alice found. Wondering if we've duped correctly here?
(In reply to comment #6)
> Jim, the regression window in comment 2 here indicates that this was triggered
> by your changes, but the bug this is marked a dupe of, which is itself marked a
> dupe of bug 556194 goes much farther back than the regression range that Alice
> found. Wondering if we've duped correctly here?

I need to chat with bsmedberg about that. Apparently there's a problem with freeing up these async queries, and my reorg of some of the setprop/getprop code made it worse. I think though if we fix bug 556194 the problem goes away.
Jim triggered a preexisting bug. This is a proper dup.
Or not, we're not clearing the window quickly enough after NPP_Destroy.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
blocking2.0: ? → beta9+
Assignee: nobody → benjamin
(In reply to comment #10)
> Created attachment 496216 [details] [diff] [review]
> Destroy the window at NPP_Destroy, not instance destructor, rev. 1

This doesn't unhook the throttle subclass, or guarantee the flash message window is gone. I'd suggest turning off our throttling logic as well to be safe.

Did this fix the crash?
Yes, this fixes the crash. I'm not sure what you mean about the throttle subclass, because it destroys the window so it doesn't really matter, right?
Comment on attachment 496216 [details] [diff] [review]
Destroy the window at NPP_Destroy, not instance destructor, rev. 1

(In reply to comment #12)
> Yes, this fixes the crash. I'm not sure what you mean about the throttle
> subclass, because it destroys the window so it doesn't really matter, right?

I just want to be sure flash destroys the message window when we destroy the plugin window. If that's the case, great, and that would explain why this fixes the problem.
Attachment #496216 - Flags: review?(jmathies) → review+
Keywords: topcrash
http://hg.mozilla.org/mozilla-central/rev/22bb9d6626c5 (landed on Thursday)
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Target Milestone: mozilla2.0 → mozilla2.0b8
As per today's meeting, beta 9 will be a time-based release. Marking these all betaN+. Please move it back to beta9+ if  you believe it MUST be in the next beta (ie: trunk is in an unshippable state without this)
blocking2.0: beta9+ → betaN+
(In reply to comment #15)
> As per today's meeting, beta 9 will be a time-based release. Marking these all
> betaN+. Please move it back to beta9+ if  you believe it MUST be in the next
> beta (ie: trunk is in an unshippable state without this)

Why did it even have a Beta9 status? This bug is marked as fixed since before Beta 8.
Crash Signature: [@ RtlEnterCriticalSection ]
You need to log in before you can comment on or make changes to this bug.