Closed Bug 657129 Opened 9 years ago Closed 8 years ago

[Direct2D] [Win64] Flash x64 Crash on GMail [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]

Categories

(Core :: Plug-ins, defect, critical)

x86_64
Windows 7
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla9

People

(Reporter: Virtual, Assigned: m_kato)

References

()

Details

(Keywords: crash, nightly-community, regression)

Crash Data

Attachments

(1 file, 2 obsolete files)

User-Agent:       Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110513 Firefox/6.0a1
Build Identifier: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110513 Firefox/6.0a1

Creating a new message in GMail causing the Flash plug-in to crash

Reproducible: Sometimes
Version: unspecified → Trunk
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
Summary: [Win64] Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] → [Win64] Flash Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
Summary: [Win64] Flash Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] → [Win64] Flash x64 10.3.162.28 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
Updating Flash to version 11.0.1.60 (Beta 2) now I got different crash
https://crash-stats.mozilla.com/report/index/bp-17e32f26-71c1-4727-bbd3-b9efc2110716
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] → [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] [@ npswf64_11_0_1.dll@0x17fb72 ]
Summary: [Win64] Flash x64 10.3.162.28 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] → [Win64] Flash x64 10.3.162.28 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] [@ npswf64_11_0_1.dll@0x17fb72 ]
Awww, sorry wrong copy paste...
https://crash-stats.mozilla.com/report/index/653834f1-be2e-4699-b2b7-1b9da2110717
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] [@ npswf64_11_0_1.dll@0x17fb72 ] → [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
Summary: [Win64] Flash x64 10.3.162.28 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] [@ npswf64_11_0_1.dll@0x17fb72 ] → [Win64] Flash x64 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
I want to add that it didn't crash in safe-mode.
So after doing some test with all add-ons, themes, personas and plug-ins (without Flash) disabled. All I can see is that after disabling Direct2D (gfx.direct2d.disabled;true), I get no crashes anymore.
Depends on: 527707
Summary: [Win64] Flash x64 Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ] → [Direct2D] [Win64] Flash x64 Crash on GMail [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
Component: General → Plug-ins
Product: Firefox → Core
Works fine for me... FF4 64Bit with Flash 64Bit.
Try with builds that fails (see above), because Fx4 it too old.
Gack. Sorry about that, I meant FF Nightly 64bit. No idea why I typed in the 4...
Are you sure, that you're using latest Firefox nightly from
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/
and latest Flash from
http://labs.adobe.com/downloads/flashplayer11.html

If you do, please paste you Graphic info from about:support



Mine for example

Graphics
Adapter Description - NVIDIA GeForce 8600 GT
Vendor ID - 10de
Device ID - 0402
Adapter RAM - 256
Adapter Drivers - nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Driver Version - 8.17.12.8019
Driver Date - 7-23-2011
Direct2D Enabled - true
DirectWrite Enabled - true (6.1.7601.17563)
ClearType Parameters - ClearType parameters not found
WebGL Renderer - NVIDIA Corporation -- GeForce 8600 GT/PCI/SSE2 -- 3.3.0GPU
Accelerated Windows - 1/1 Direct3D 10
Flashplayer 11.0 d1 x86_64 beta

Definitely default 64Bit nightly from M-C, updated nightly.

Graphics infodump from about:support:

Adapter Description        ATI Mobility Radeon HD 4650
Vendor ID                  1002
Device ID                  9480
Adapter RAM                1024
Adapter Drivers            aticfx64 aticfx64 aticfx32 aticfx32 atiumd64 atidxx64 atiumdag atidxx32 atiumdva atiumd6a atitmm64
Driver Version             8.861.0.0
Driver Date                5-24-2011
Direct2D Enabled           true
DirectWrite Enabled        true (6.1.7601.17563)
ClearType Parameters       ClearType parameters not found
WebGL Renderer             ATI Technologies Inc. -- ATI Mobility Radeon HD 4650 -- 3.3.10834 Compatibility Profile Context
GPU Accelerated Windows    1/1 Direct3D 10
OK, thank you
this could be only nVidia related as I see
The flash bits crash, but my browser remains functional.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: 6 Branch → Trunk
Assignee: nobody → m_kato
Attached patch fix v1 (obsolete) — Splinter Review
Attached patch fix v1.1 (obsolete) — Splinter Review
Attachment #555067 - Attachment is obsolete: true
Attachment #555339 - Flags: review?(jones.chris.g)
Comment on attachment 555339 [details] [diff] [review]
fix v1.1

This doesn't look right.  It can result in a 64-bit process thinking the segment is one size, but a 32-bit process thinking the segment is another size.  This little hidden size field that we store at the end of the segment is only read and written as a uint32 (should be!), so I'm not sure what this patch is fixing.
Attachment #555339 - Flags: review?(jones.chris.g)
Attached patch fix v2Splinter Review
Attachment #555339 - Attachment is obsolete: true
Comment on attachment 555623 [details] [diff] [review]
fix v2

or should use uint64?
Attachment #555623 - Flags: review?(jones.chris.g)
Comment on attachment 555623 [details] [diff] [review]
fix v2

Ouch, this is a nasty bug :/.  Thanks for the fix.

We don't have any use cases for >4GB shmem segments, and there are aren't any alignment problems we have to worry about so far, so uint32 is just fine.
Attachment #555623 - Flags: review?(jones.chris.g) → review+
http://hg.mozilla.org/mozilla-central/rev/4ef3f576a4b9
Whiteboard: [inbound]
Target Milestone: --- → mozilla9
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
VERIFIED FIXED
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:9.0a1) Gecko/20110828 Firefox/9.0a1

Thank you!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.