Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Crash [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*) ] | ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0




6 years ago
2 years ago


(Reporter: bc, Assigned: Josh Aas)


(Blocks: 1 bug, 4 keywords)

assertion, crash, verified-aurora, verified-beta

Firefox Tracking Flags

(firefox7 affected, firefox8 affected, firefox9 fixed, firefox10 fixed)


(Whiteboard: [qa!], crash signature, URL)


(2 attachments)



6 years ago
see also Bug 623638

2. ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file c:\work\mozilla\builds\2.0.0\mozilla\firefox-debug\dist\include\nsAutoPtr.h, line 1117

3. Crash nightly: bp-1de6430a-e70d-4fdc-8e9d-132582110510
         1.9.2  : bp-6a6b023c-d7e0-4244-b3d4-ca48f2110510

 	xul.dll!nsRefPtr<nsNPAPIPluginInstance>::operator->()  Line 1117 + 0x23 bytes	C++
 	xul.dll!nsPluginStreamListenerPeer::OnStartRequest(nsIRequest * request=0x06551ddc, nsISupports * aContext=0x00000000)  Line 557 + 0xb bytes	C++
 	xul.dll!nsObjectLoadingContent::OnStartRequest(nsIRequest * aRequest=0x06551ddc, nsISupports * aContext=0x00000000)  Line 739 + 0x2d bytes	C++
 	xul.dll!nsHttpChannel::CallOnStartRequest()  Line 773 + 0x44 bytes	C++
 	xul.dll!nsHttpChannel::ContinueProcessNormal(unsigned int rv=0)  Line 1224 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::ProcessNormal()  Line 1162	C++
 	xul.dll!nsHttpChannel::ProcessResponse()  Line 1111 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::OnStartRequest(nsIRequest * request=0x067c7e00, nsISupports * ctxt=0x00000000)  Line 3899 + 0xe bytes	C++
 	xul.dll!nsInputStreamPump::OnStateStart()  Line 441 + 0x2c bytes	C++
 	xul.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x05a98920)  Line 397 + 0xb bytes	C++
 	xul.dll!nsInputStreamReadyEvent::Run()  Line 115	C++
 	xul.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012d730)  Line 618 + 0x19 bytes	C++
 	xul.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x04624df0, int mayWait=1)  Line 250 + 0x16 bytes	C++
 	xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate=0x0039fcf8)  Line 134 + 0xe bytes	C++
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler()  Line 203	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!nsBaseAppShell::Run()  Line 191	C++
 	xul.dll!nsAppShell::Run()  Line 248 + 0x9 bytes	C++

A quick save and test didn't reproduce. :-(
I can reproduce on a Mac nightly -
OS: Windows XP → All
Hardware: x86 → All

Comment 2

6 years ago
update crash bugs to critical per guidelines.
Severity: normal → critical
Crash Signature: [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*) ]

Comment 3

6 years ago
There are only a hand full of crashes in the last week (7 total). Two involve Flash ( and but I can not reproduce them nor the original url in automation or locally. I think this is wfm and any further reproducible instances deserve a new bug.
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME

Comment 4

6 years ago
I was reading code for something else, noticed a bug that should cause crashes, and sure enough here is the report. This is our bug, not surprised it is hard to repro though. Patch coming up.
Assignee: nobody → joshmoz
Resolution: WORKSFORME → ---

Comment 5

6 years ago
Created attachment 572097 [details] [diff] [review]
fix v1.0
Attachment #572097 - Flags: review?(bzbarsky)

Comment 6

6 years ago
Comment on attachment 572097 [details] [diff] [review]
fix v1.0

Attachment #572097 - Flags: review?(bzbarsky) → review+

Comment 7

6 years ago
Created attachment 572112 [details] [diff] [review]
aurora fix v1.0
Attachment #572112 - Flags: approval-mozilla-aurora?


6 years ago
status-firefox10: --- → affected
status-firefox7: --- → affected
status-firefox8: --- → affected
status-firefox9: --- → affected

Comment 8

6 years ago
pushed to mozilla-inbound

Comment 9

6 years ago
Last Resolved: 6 years ago6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10

Comment 10

6 years ago
Comment on attachment 572112 [details] [diff] [review]
aurora fix v1.0

[triage comment]

Approved for aurora. Please land today if at all possible.
Attachment #572112 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Comment 11

6 years ago
pushed to mozilla-aurora
status-firefox10: affected → fixed
status-firefox9: affected → fixed
Whiteboard: [qa+]
Could you please tell me how to test this ?

Comment 13

6 years ago
Paul, normally just loading the url would be sufficient however I can no longer reproduce the crash on older builds so it is not possible to test a crashing build then test a non crash build to see if the patch actually fixed this particular issue. I think we just need to punt.

Comment 14

6 years ago
FWIW, I just retested the 3 urls I had for this crash in the automation on Beta/9, Aurora/10, Nightly/11 on Linux, Mac, Windows and did not reproduce any crashes. I'll call it verified.
I agree. The issue is not reproducible on:

Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 5.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 5.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 6.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 6.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (X11; Linux i686; rv:10.0a2) Gecko/20111128 Firefox/10.0a2
Mozilla/5.0 (X11; Linux i686; rv:11.0a1) Gecko/20111128 Firefox/11.0a1
Keywords: verified-aurora, verified-beta
Whiteboard: [qa+] → [qa!]
Keywords: testcase-wanted
You need to log in before you can comment on or make changes to this bug.