Closed Bug 631002 Opened 13 years ago Closed 13 years ago

Crash [@ mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**) ]

Categories

(Core Graveyard :: Plug-ins, defect)

x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED
mozilla2.0b12

People

(Reporter: scoobidiver, Assigned: benjamin)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

It is a residual crash signature that exists in 3.6 and the trunk.
It is #74 top crasher in 4.0b10 over the last week.
It happens mainly on Windows XP.

Signature	mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**)
UUID	7c83bdf8-e868-4061-903c-d68a92110202
Time 	2011-02-02 09:49:33.572162
Uptime	11
Last Crash	2448 seconds (40.8 minutes) before submission
Install Age	169599 seconds (2.0 days) since version was first installed.
Product	Firefox
Version	4.0b10
Build ID	20110121161358
Branch	2.0
OS	Windows NT
OS Version	5.1.2600 Service Pack 3
CPU	x86
CPU Info	AuthenticAMD family 15 model 107 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0xd
App Notes 	AdapterVendorID: 10de, AdapterDeviceID: 0240, AdapterDriverVersion: 6.14.11.6218

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	mozilla::ipc::RPCChannel::RPCFrame::Describe 	obj-firefox/dist/include/mozilla/ipc/RPCChannel.h:257
1 	xul.dll 	mozilla::ipc::RPCChannel::DumpRPCStack 	ipc/glue/RPCChannel.cpp:697
2 	xul.dll 	mozilla::ipc::RPCChannel::DebugAbort 	ipc/glue/RPCChannel.cpp:660
3 	xul.dll 	mozilla::ipc::RPCChannel::Call 	ipc/glue/RPCChannel.cpp:159
4 	xul.dll 	mozilla::plugins::PPluginModuleParent::CallPPluginInstanceConstructor 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:324
5 	xul.dll 	mozilla::plugins::PluginModuleParent::NPP_New 	dom/plugins/PluginModuleParent.cpp:819
6 	xul.dll 	nsNPAPIPluginInstance::InitializePlugin 	modules/plugin/base/src/nsNPAPIPluginInstance.cpp:415
7 	xul.dll 	nsNPAPIPluginInstance::Initialize 	modules/plugin/base/src/nsNPAPIPluginInstance.cpp:148
8 	xul.dll 	nsPluginHost::TrySetUpPluginInstance 	modules/plugin/base/src/nsPluginHost.cpp:1380
9 	xul.dll 	nsPluginHost::SetUpPluginInstance 	modules/plugin/base/src/nsPluginHost.cpp:1261

More reports at:
https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=mozilla%3A%3Aipc%3A%3ARPCChannel%3A%3ARPCFrame%3A%3ADescribe%28int*%2C%20char%20const**%2C%20char%20const**%2C%20char%20const**%29
Since this is just fluff past CallPPluginInstanceConstructor followed by DebugAbort, I say this is plugin domain.
Component: IPC → Plug-ins
QA Contact: ipc → plugins
I don't think that's a safe assumption, but we need more stack. The runtime-abort is about !ProcessingSyncMessage() at http://hg.mozilla.org/mozilla-central/diff/5658b405d622/ipc/glue/RPCChannel.cpp
Stack according to MSVC:

 	xul.dll!mozilla::ipc::RPCChannel::RPCFrame::Describe(id=0x0012be00, dir=0x0012bde8, sems=0x0012bdec, name=0x0012bdf0)  Line 257	C++
>	xul.dll!mozilla::ipc::RPCChannel::DumpRPCStack(outfile=0x781d4b18, pfx=0x0012be2c)  Line 700	C++
 	xul.dll!mozilla::ipc::RPCChannel::DebugAbort(file=0x0012bed4, line=0x0000009f, cond=0x10b53780, why=0x10b5375c, type=0x0012bed4, reply=false)  Line 662	C++
 	xul.dll!mozilla::ipc::RPCChannel::Call(msg=0x0a0f6f80, reply=0x0012bf00)  Line 160	C++
 	xul.dll!mozilla::plugins::PPluginModuleParent::CallPPluginInstanceConstructor(actor=0x0a6200c0, aMimeType={...}, aMode=0x0001, aNames={...}, aValues={...}, rv=0x0012bfd4)  Line 325	C++
 	xul.dll!mozilla::plugins::PluginModuleParent::NPP_New(pluginType=0x0a0f6ee0, instance=0x0a096a68, mode=0x0001, argc=0x00c0, argn=0x05a4f400, argv=0x098f15e0, saved=0x00000000, error=0x0012bfd4)  Line 819	C++
 	xul.dll!nsNPAPIPluginInstance::InitializePlugin()  Line 415	C++
 	xul.dll!nsNPAPIPluginInstance::Initialize(aOwner=0x0a0fa6a0, aMIMEType=0x0a2a3d38)  Line 148	C++
 	xul.dll!nsPluginHost::TrySetUpPluginInstance(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 1381	C++
 	xul.dll!nsPluginHost::SetUpPluginInstance(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 1265	C++
 	xul.dll!nsPluginHost::DoInstantiateEmbeddedPlugin(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0, aAllowOpeningStreams=0x00000001)  Line 1086	C++
 	xul.dll!nsPluginHost::InstantiateEmbeddedPlugin(aMimeType=0x0a2a3d38, aURL=0x0a21f240, aOwner=0x0a0fa6a0)  Line 968	C++
 	xul.dll!nsObjectFrame::InstantiatePlugin(aPluginHost=0x088ff2c0, aMimeType=0x0a2a3d38, aURI=0x0a21f240)  Line 1043	C++
 	xul.dll!nsObjectFrame::Instantiate(aMimeType=0x0a2a3d38, aURI=0x0a21f240)  Line 2402	C++
 	xul.dll!nsObjectLoadingContent::Instantiate(aFrame=0x0a28d9c0, aMIMEType={...}, aURI=0x0a21f240)  Line 1892	C++
 	xul.dll!nsAsyncInstantiateEvent::Run()  Line 167	C++
 	xul.dll!nsThread::ProcessNextEvent(mayWait=0x10b22368, result=0x0012c764)  Line 639	C++
 	xul.dll!nsCOMPtr_base::assign_from_gs_contractid(gs={...}, iid={...})  Line 132	C++
 	xul.dll!nsContentTreeOwner::ShowAsModal()  Line 552	C++
 	xul.dll!nsWindowWatcher::OpenWindowJSInternal(aParent=, aUrl=0x00000000, aName=, aFeatures=, aDialog=, argv=, aCalledFromJS=, _retval=0x00000000) 	C++
<<bogus frames here>>
 	xul.dll!NS_InvokeByIndex_P(that=0x039bed80, methodIndex=0x00000003, paramCount=0x00000006, params=0x0012cb58)  Line 103	C++
 	xul.dll!XPC_WN_CallMethod(cx=0x0573d900, argc=0x00000005, vp=0x03c001d8)  Line 1593	C++
 	mozjs.dll!CallCompiler::generateNativeStub()  Line 666	C++
 	mozjs.dll!js::mjit::ic::NativeCall(f={...}, ic=0x00000000)  Line 873	C++
 	mozjs.dll!js::mjit::EnterMethodJIT(cx=0x00000000, fp=0x00000000, code=0x00000000, stackLimit=0x00000000)  Line 748	C++
 	mozjs.dll!CheckStackAndEnterMethodJIT(cx=0x00000000, fp=0x03c000a0, code=0x08aebfc8)  Line 775	C++
 	mozjs.dll!js::mjit::JaegerShot(cx=0x00000000)  Line 791	C++
 	mozjs.dll!js::RunScript(cx=0x0573d900, script=0x066944e0, fp=0x03c000a0)  Line 654	C++
 	mozjs.dll!js::Invoke(cx=0x0573d900, argsRef={...}, flags=0x00000000)  Line 737	C++
 	mozjs.dll!js::ExternalInvoke(cx=0x0573d900, thisv={...}, fval={...}, argc=0x00000008, argv=0x0012d5e0, rval=0x0012d4d8)  Line 858	C++
 	mozjs.dll!JS_CallFunctionValue(cx=0x0573d900, obj=0x0a106360, fval=0xffff000706d80888, argc=0x00000008, argv=0x0012d5e0, rval=0x0012d4d8)  Line 5020	C++
 	xul.dll!nsXPCWrappedJSClass::CallMethod(wrapper=0x0a0f2fc0, methodIndex=0x0007, info=0x0349eee8, nativeParams=0x0012d72c)  Line 1700	C++
 	xul.dll!nsXPCWrappedJS::CallMethod(methodIndex=0x0007, info=0x0349eee8, params=0x0012d72c)  Line 588	C++
 	xul.dll!PrepareAndDispatch(self=0x0a0eea80, methodIndex=0x00000007, args=0x0012d7e4, stackBytesToPop=0x0012d7d4)  Line 114	C++
 	xul.dll!SharedStub()  Line 142	C++
 	xul.dll!nsPluginHost::HandleBadPlugin(aLibrary=0x00000068, aInstance=0x00000009)  Line 3447	C++
 	xul.dll!nsCOMPtr_base::assign_from_gs_contractid_with_error(gs={...}, iid={...})  Line 141	C++
 	xul.dll!nsCOMPtr<nsIPluginHost>::nsCOMPtr<nsIPluginHost>(gs={...})  Line 636	C++
 	xul.dll!nsNPAPIPluginInstance::GetValueFromPlugin(variable=0x00000000, value=0x088ff2c0)  Line 616	C++
 	xul.dll!nsNPAPIPluginInstance::GetJSObject(cx=0x0573d900, outObject=0x0012da0c)  Line 726	C++
 	xul.dll!nsHTMLPluginObjElementSH::GetPluginJSObject(cx=0x0573d900, obj=0x089b62a0, plugin_inst=0x09f56d00, plugin_obj=0x0012da0c, plugin_proto=0x00000001)  Line 9889	C++
 	xul.dll!nsHTMLPluginObjElementSH::SetupProtoChain(wrapper=0x0a01ab40, cx=0x0573d900, obj=0x089b62a0)  Line 9634	C++
 	xul.dll!nsObjectFrame::NotifyContentObjectWrapper()  Line 2712	C++
 	xul.dll!nsObjectFrame::TryNotifyContentObjectWrapper()  Line 2447	C++
 	xul.dll!nsObjectFrame::Instantiate(aMimeType=0x08673cd8, aURI=0x087b91c0)  Line 2410	C++
 	xul.dll!nsObjectLoadingContent::Instantiate(aFrame=0x09f05978, aMIMEType={...}, aURI=0x087b91c0)  Line 1892	C++
 	xul.dll!nsAsyncInstantiateEvent::Run()  Line 167	C++
 	xul.dll!nsThread::ProcessNextEvent(mayWait=0x0035b402, result=0xacf54afb)  Line 639	C++
 	nspr4.dll!PR_AssertCurrentThreadOwnsLock(lock=)  Line 404	C
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler()  Line 203	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!nsBaseAppShell::Run()  Line 201	C++
 	xul.dll!nsAppShell::Run()  Line 264	C++
 	xul.dll!nsAppStartup::Run()  Line 218	C++
 	xul.dll!XRE_main(argc=0x00000001, argv=0x021170b0, aAppData=0x02113200)  Line 3777	C++
 	firefox.exe!wmain(argc=0x00000001, argv=0x02135080)  Line 128	C++
 	firefox.exe!__tmainCRTStartup()  Line 591	C
 	kernel32.dll!_BaseProcessStart@4() 	

What appears to actually be happening is that the __try/__catch blocks in the plugin host are catching a crash somewhere under nsNPAPIPluginInstance::GetValueFromPlugin. I tend to think that we ought to remove all these __try/__catch blocks and just crash here, now that we have OOPP in general. If we don't, we certainly need to be reporting the exception.
I want to land this for FF4, and afterwards we can rip this code out entirely.
Assignee: nobody → benjamin
Status: NEW → ASSIGNED
Attachment #509540 - Flags: review?(joshmoz)
Attachment #509540 - Flags: review?(joshmoz) → review+
Attachment #509540 - Flags: approval2.0+
http://hg.mozilla.org/mozilla-central/rev/958c71be62e0

We should expect some new crash signatures to appear after this lands.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Blocks: 613314
Target Milestone: --- → mozilla2.0b12
Crash Signature: [@ mozilla::ipc::RPCChannel::RPCFrame::Describe(int*, char const**, char const**, char const**) ]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: