Closed Bug 656006 Opened 13 years ago Closed 13 years ago

Crash [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*) ] | ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox7 affected, firefox8 affected, firefox9 fixed, firefox10 fixed)

Status:
VERIFIED FIXED
Milestone:
mozilla10
Tracking Flags:
Tracking Status
firefox7 --- affected
firefox8 --- affected
firefox9 --- fixed
firefox10 --- fixed

People

(Reporter: bc, Assigned: jaas)

References

(
URL
)

Details

(4 keywords, Whiteboard: [qa!])

Crash Data

Attachments

(2 files)

fix v1.0
1.45 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review
aurora fix v1.0
1.47 KB, patch
christian
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
see also Bug 623638
	
1. http://www.babista.de/shop/Mode-fuer-Maenner/Themen/Outdoor-Bekleidung-Hemd/product/142003/group/167390/Produktzoom-Flashviewer.a1405.0.html

2. ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file c:\work\mozilla\builds\2.0.0\mozilla\firefox-debug\dist\include\nsAutoPtr.h, line 1117

3. Crash nightly: bp-1de6430a-e70d-4fdc-8e9d-132582110510
         1.9.2  : bp-6a6b023c-d7e0-4244-b3d4-ca48f2110510

 	xul.dll!nsRefPtr<nsNPAPIPluginInstance>::operator->()  Line 1117 + 0x23 bytes	C++
 	xul.dll!nsPluginStreamListenerPeer::OnStartRequest(nsIRequest * request=0x06551ddc, nsISupports * aContext=0x00000000)  Line 557 + 0xb bytes	C++
 	xul.dll!nsObjectLoadingContent::OnStartRequest(nsIRequest * aRequest=0x06551ddc, nsISupports * aContext=0x00000000)  Line 739 + 0x2d bytes	C++
 	xul.dll!nsHttpChannel::CallOnStartRequest()  Line 773 + 0x44 bytes	C++
 	xul.dll!nsHttpChannel::ContinueProcessNormal(unsigned int rv=0)  Line 1224 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::ProcessNormal()  Line 1162	C++
 	xul.dll!nsHttpChannel::ProcessResponse()  Line 1111 + 0x8 bytes	C++
 	xul.dll!nsHttpChannel::OnStartRequest(nsIRequest * request=0x067c7e00, nsISupports * ctxt=0x00000000)  Line 3899 + 0xe bytes	C++
 	xul.dll!nsInputStreamPump::OnStateStart()  Line 441 + 0x2c bytes	C++
 	xul.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x05a98920)  Line 397 + 0xb bytes	C++
 	xul.dll!nsInputStreamReadyEvent::Run()  Line 115	C++
 	xul.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012d730)  Line 618 + 0x19 bytes	C++
 	xul.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x04624df0, int mayWait=1)  Line 250 + 0x16 bytes	C++
 	xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate=0x0039fcf8)  Line 134 + 0xe bytes	C++
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler()  Line 203	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!nsBaseAppShell::Run()  Line 191	C++
 	xul.dll!nsAppShell::Run()  Line 248 + 0x9 bytes	C++

A quick save and test didn't reproduce. :-(
I can reproduce on a Mac nightly - https://crash-stats.mozilla.com/report/index/fc7b4f85-9810-4b12-98e2-99cba2110510
OS: Windows XP → All
Hardware: x86 → All
update crash bugs to critical per guidelines.
Severity: normal → critical
Crash Signature: [@ nsPluginStreamListenerPeer::OnStartRequest(nsIRequest*, nsISupports*) ]
There are only a hand full of crashes in the last week (7 total). Two involve Flash (10.3.183.7 and 10.3.183.10) but I can not reproduce them nor the original url in automation or locally. I think this is wfm and any further reproducible instances deserve a new bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
I was reading code for something else, noticed a bug that should cause crashes, and sure enough here is the report. This is our bug, not surprised it is hard to repro though. Patch coming up.
Assignee: nobody → joshmoz
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Attached patch fix v1.0Splinter Review 

        Attachment #572097 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 572097 [details] [diff] [review]
fix v1.0

r=me

        Attachment #572097 -
        Flags: review?(bzbarsky) → review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        aurora fix v1.0Splinter Review
      

    


  

        Attachment #572112 -
        Flags: approval-mozilla-aurora?

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/b820af78bed1
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10

    
    

    
  
Comment on attachment 572112 [details] [diff] [review]
aurora fix v1.0

[triage comment]

Approved for aurora. Please land today if at all possible.

        Attachment #572112 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

    
  
Whiteboard: [qa+]

    
    

    
  
Could you please tell me how to test this ?

    
    

    
  
Paul, normally just loading the url would be sufficient however I can no longer reproduce the crash on older builds so it is not possible to test a crashing build then test a non crash build to see if the patch actually fixed this particular issue. I think we just need to punt.

    
    

    
  
FWIW, I just retested the 3 urls I had for this crash in the automation on Beta/9, Aurora/10, Nightly/11 on Linux, Mac, Windows and did not reproduce any crashes. I'll call it verified.
Status: RESOLVED → VERIFIED

    
    

    
  
I agree. The issue is not reproducible on:

Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 5.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 5.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Windows NT 6.1; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Windows NT 6.1; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Windows NT 6.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20100101 Firefox/9.0
Mozilla/5.0 (X11; Linux i686; rv:10.0a2) Gecko/20111128 Firefox/10.0a2
Mozilla/5.0 (X11; Linux i686; rv:11.0a1) Gecko/20111128 Firefox/11.0a1
Keywords: verified-aurora, 
          
            verified-beta
Whiteboard: [qa+] → [qa!]

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: