Last Comment Bug 656006 - Crash [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*) ] | ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0
: Crash [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*...
Status: VERIFIED FIXED
[qa!]
: assertion, crash, verified-aurora, verified-beta
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla10
Assigned To: Josh Aas
:
Mentors:
http://www.babista.de/shop/Mode-fuer-...
Depends on:
Blocks: 532972
  Show dependency treegraph
 
Reported: 2011-05-10 07:12 PDT by Bob Clary [:bc:]
Modified: 2015-10-16 11:51 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
affected
affected
fixed
fixed


Attachments
fix v1.0 (1.45 KB, patch)
2011-11-04 15:11 PDT, Josh Aas
bzbarsky: review+
Details | Diff | Splinter Review
aurora fix v1.0 (1.47 KB, patch)
2011-11-04 15:38 PDT, Josh Aas
christian: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Bob Clary [:bc:] 2011-05-10 07:12:31 PDT
see also Bug 623638
	
1. http://www.babista.de/shop/Mode-fuer-Maenner/Themen/Outdoor-Bekleidung-Hemd/product/142003/group/167390/Produktzoom-Flashviewer.a1405.0.html

2. ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file c:\work\mozilla\builds\2.0.0\mozilla\firefox-debug\dist\include\nsAutoPtr.h, line 1117

3. Crash nightly: bp-1de6430a-e70d-4fdc-8e9d-132582110510
         1.9.2  : bp-6a6b023c-d7e0-4244-b3d4-ca48f2110510

 	xul.dll!nsRefPtr<nsNPAPIPluginInstance>::operator->()  Line 1117 + 0x23 bytes	C++
 	xul.dll!nsPluginStreamListenerPeer::OnStartRequest(nsIRequest * request=0x06551ddc, nsISupports * aContext=0x00000000)  Line 557 + 0xb bytes	C++
 	xul.dll!nsObjectLoadingContent::OnStartRequest(nsIRequest * aRequest=0x06551ddc, nsISupports * aContext=0x00000000)  Line 739 + 0x2d bytes	C++
 	xul.dll!nsHttpChannel::CallOnStartRequest()  Line 773 + 0x44 bytes	C++
 	xul.dll!nsHttpChannel::ContinueProcessNormal(unsigned int rv=0)  Line 1224 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::ProcessNormal()  Line 1162	C++
 	xul.dll!nsHttpChannel::ProcessResponse()  Line 1111 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::OnStartRequest(nsIRequest * request=0x067c7e00, nsISupports * ctxt=0x00000000)  Line 3899 + 0xe bytes	C++
 	xul.dll!nsInputStreamPump::OnStateStart()  Line 441 + 0x2c bytes	C++
 	xul.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x05a98920)  Line 397 + 0xb bytes	C++
 	xul.dll!nsInputStreamReadyEvent::Run()  Line 115	C++
 	xul.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012d730)  Line 618 + 0x19 bytes	C++
 	xul.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x04624df0, int mayWait=1)  Line 250 + 0x16 bytes	C++
 	xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate=0x0039fcf8)  Line 134 + 0xe bytes	C++
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler()  Line 203	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!nsBaseAppShell::Run()  Line 191	C++
 	xul.dll!nsAppShell::Run()  Line 248 + 0x9 bytes	C++

A quick save and test didn't reproduce. :-(
Comment 1 Marcia Knous [:marcia - use ni] 2011-05-10 13:33:25 PDT
I can reproduce on a Mac nightly - https://crash-stats.mozilla.com/report/index/fc7b4f85-9810-4b12-98e2-99cba2110510
Comment 2 Bob Clary [:bc:] 2011-05-14 08:02:37 PDT
update crash bugs to critical per guidelines.
Comment 3 Bob Clary [:bc:] 2011-09-27 10:36:29 PDT
There are only a hand full of crashes in the last week (7 total). Two involve Flash (10.3.183.7 and 10.3.183.10) but I can not reproduce them nor the original url in automation or locally. I think this is wfm and any further reproducible instances deserve a new bug.
Comment 4 Josh Aas 2011-11-04 15:06:16 PDT
I was reading code for something else, noticed a bug that should cause crashes, and sure enough here is the report. This is our bug, not surprised it is hard to repro though. Patch coming up.
Comment 5 Josh Aas 2011-11-04 15:11:01 PDT
Created attachment 572097 [details] [diff] [review]
fix v1.0
Comment 6 Boris Zbarsky [:bz] 2011-11-04 15:17:16 PDT
Comment on attachment 572097 [details] [diff] [review]
fix v1.0

r=me
Comment 7 Josh Aas 2011-11-04 15:38:07 PDT
Created attachment 572112 [details] [diff] [review]
aurora fix v1.0
Comment 8 Josh Aas 2011-11-05 09:48:23 PDT
pushed to mozilla-inbound

http://hg.mozilla.org/integration/mozilla-inbound/rev/b820af78bed1
Comment 9 Ed Morley [:emorley] 2011-11-06 05:28:06 PST
https://hg.mozilla.org/mozilla-central/rev/b820af78bed1
Comment 10 christian 2011-11-07 13:23:08 PST
Comment on attachment 572112 [details] [diff] [review]
aurora fix v1.0

[triage comment]

Approved for aurora. Please land today if at all possible.
Comment 11 Josh Aas 2011-11-07 14:04:02 PST
pushed to mozilla-aurora

http://hg.mozilla.org/releases/mozilla-aurora/rev/3ed4686333f2
Comment 12 Paul Silaghi, QA [:pauly] 2011-11-28 05:00:15 PST
Could you please tell me how to test this ?
Comment 13 Bob Clary [:bc:] 2011-11-28 06:01:05 PST
Paul, normally just loading the url would be sufficient however I can no longer reproduce the crash on older builds so it is not possible to test a crashing build then test a non crash build to see if the patch actually fixed this particular issue. I think we just need to punt.
Comment 14 Bob Clary [:bc:] 2011-11-28 06:20:27 PST
FWIW, I just retested the 3 urls I had for this crash in the automation on Beta/9, Aurora/10, Nightly/11 on Linux, Mac, Windows and did not reproduce any crashes. I'll call it verified.
Comment 15 Paul Silaghi, QA [:pauly] 2011-11-28 07:30:59 PST
I agree. The issue is not reproducible on:

Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 5.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 5.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 6.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 6.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (X11; Linux i686; rv:10.0a2) Gecko/20111128 Firefox/10.0a2
Mozilla/5.0 (X11; Linux i686; rv:11.0a1) Gecko/20111128 Firefox/11.0a1

Note You need to log in before you can comment on or make changes to this bug.