Last Comment Bug 657129 - [Direct2D] [Win64] Flash x64 Crash on GMail [@ mozalloc_abort(char const* const) | NS_DebugBreak_P ]
: [Direct2D] [Win64] Flash x64 Crash on GMail [@ mozalloc_abort(char const* con...
Status: VERIFIED FIXED
: crash, crashreportid, regression
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: x86_64 Windows 7
: -- critical (vote)
: mozilla9
Assigned To: Makoto Kato [:m_kato] (PTO 9/22-9/25)
:
Mentors:
http://a4tech.com/support.asp
Depends on: 527707 d2d
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-14 07:31 PDT by Virtual_ManPL [:Virtual] - (ni? me)
Modified: 2011-08-29 02:24 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
fix v1 (3.58 KB, patch)
2011-08-23 03:54 PDT, Makoto Kato [:m_kato] (PTO 9/22-9/25)
no flags Details | Diff | Splinter Review
fix v1.1 (1.06 KB, patch)
2011-08-24 00:53 PDT, Makoto Kato [:m_kato] (PTO 9/22-9/25)
no flags Details | Diff | Splinter Review
fix v2 (868 bytes, patch)
2011-08-24 19:36 PDT, Makoto Kato [:m_kato] (PTO 9/22-9/25)
cjones.bugs: review+
Details | Diff | Splinter Review

Description Virtual_ManPL [:Virtual] - (ni? me) 2011-05-14 07:31:41 PDT
User-Agent:       Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110513 Firefox/6.0a1
Build Identifier: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:6.0a1) Gecko/20110513 Firefox/6.0a1

Creating a new message in GMail causing the Flash plug-in to crash

Reproducible: Sometimes
Comment 1 Virtual_ManPL [:Virtual] - (ni? me) 2011-05-14 07:32:29 PDT
Crash report:
https://crash-stats.mozilla.com/report/index/bf1945d0-2b3a-4081-a823-1510f2110514
Comment 3 Virtual_ManPL [:Virtual] - (ni? me) 2011-07-17 02:58:47 PDT
Updating Flash to version 11.0.1.60 (Beta 2) now I got different crash
https://crash-stats.mozilla.com/report/index/bp-17e32f26-71c1-4727-bbd3-b9efc2110716
Comment 4 Virtual_ManPL [:Virtual] - (ni? me) 2011-07-17 03:02:01 PDT
Awww, sorry wrong copy paste...
https://crash-stats.mozilla.com/report/index/653834f1-be2e-4699-b2b7-1b9da2110717
Comment 5 Virtual_ManPL [:Virtual] - (ni? me) 2011-08-02 01:25:13 PDT
I want to add that it didn't crash in safe-mode.
So after doing some test with all add-ons, themes, personas and plug-ins (without Flash) disabled. All I can see is that after disabling Direct2D (gfx.direct2d.disabled;true), I get no crashes anymore.
Comment 7 ZeDestructor 2011-08-05 04:22:28 PDT
Works fine for me... FF4 64Bit with Flash 64Bit.
Comment 8 Virtual_ManPL [:Virtual] - (ni? me) 2011-08-05 10:14:02 PDT
Try with builds that fails (see above), because Fx4 it too old.
Comment 9 ZeDestructor 2011-08-05 19:54:45 PDT
Gack. Sorry about that, I meant FF Nightly 64bit. No idea why I typed in the 4...
Comment 10 Virtual_ManPL [:Virtual] - (ni? me) 2011-08-06 01:09:27 PDT
Are you sure, that you're using latest Firefox nightly from
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/
and latest Flash from
http://labs.adobe.com/downloads/flashplayer11.html

If you do, please paste you Graphic info from about:support



Mine for example

Graphics
Adapter Description - NVIDIA GeForce 8600 GT
Vendor ID - 10de
Device ID - 0402
Adapter RAM - 256
Adapter Drivers - nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
Driver Version - 8.17.12.8019
Driver Date - 7-23-2011
Direct2D Enabled - true
DirectWrite Enabled - true (6.1.7601.17563)
ClearType Parameters - ClearType parameters not found
WebGL Renderer - NVIDIA Corporation -- GeForce 8600 GT/PCI/SSE2 -- 3.3.0GPU
Accelerated Windows - 1/1 Direct3D 10
Comment 11 ZeDestructor 2011-08-06 07:47:00 PDT
Flashplayer 11.0 d1 x86_64 beta

Definitely default 64Bit nightly from M-C, updated nightly.

Graphics infodump from about:support:

Adapter Description        ATI Mobility Radeon HD 4650
Vendor ID                  1002
Device ID                  9480
Adapter RAM                1024
Adapter Drivers            aticfx64 aticfx64 aticfx32 aticfx32 atiumd64 atidxx64 atiumdag atidxx32 atiumdva atiumd6a atitmm64
Driver Version             8.861.0.0
Driver Date                5-24-2011
Direct2D Enabled           true
DirectWrite Enabled        true (6.1.7601.17563)
ClearType Parameters       ClearType parameters not found
WebGL Renderer             ATI Technologies Inc. -- ATI Mobility Radeon HD 4650 -- 3.3.10834 Compatibility Profile Context
GPU Accelerated Windows    1/1 Direct3D 10
Comment 12 Virtual_ManPL [:Virtual] - (ni? me) 2011-08-06 14:06:06 PDT
OK, thank you
this could be only nVidia related as I see
Comment 14 ZeDestructor 2011-08-07 03:27:05 PDT
The flash bits crash, but my browser remains functional.
Comment 15 Makoto Kato [:m_kato] (PTO 9/22-9/25) 2011-08-23 03:54:44 PDT
Created attachment 555067 [details] [diff] [review]
fix v1
Comment 16 Makoto Kato [:m_kato] (PTO 9/22-9/25) 2011-08-24 00:53:57 PDT
Created attachment 555339 [details] [diff] [review]
fix v1.1
Comment 17 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2011-08-24 15:47:54 PDT
Comment on attachment 555339 [details] [diff] [review]
fix v1.1

This doesn't look right.  It can result in a 64-bit process thinking the segment is one size, but a 32-bit process thinking the segment is another size.  This little hidden size field that we store at the end of the segment is only read and written as a uint32 (should be!), so I'm not sure what this patch is fixing.
Comment 18 Makoto Kato [:m_kato] (PTO 9/22-9/25) 2011-08-24 19:36:57 PDT
Created attachment 555623 [details] [diff] [review]
fix v2
Comment 19 Makoto Kato [:m_kato] (PTO 9/22-9/25) 2011-08-24 19:38:04 PDT
Comment on attachment 555623 [details] [diff] [review]
fix v2

or should use uint64?
Comment 20 Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2011-08-25 14:06:06 PDT
Comment on attachment 555623 [details] [diff] [review]
fix v2

Ouch, this is a nasty bug :/.  Thanks for the fix.

We don't have any use cases for >4GB shmem segments, and there are aren't any alignment problems we have to worry about so far, so uint32 is just fine.
Comment 21 Makoto Kato [:m_kato] (PTO 9/22-9/25) 2011-08-25 18:21:31 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/4ef3f576a4b9
Comment 22 Matt Brubeck (:mbrubeck) 2011-08-26 09:30:49 PDT
http://hg.mozilla.org/mozilla-central/rev/4ef3f576a4b9
Comment 23 Virtual_ManPL [:Virtual] - (ni? me) 2011-08-29 02:24:42 PDT
VERIFIED FIXED
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:9.0a1) Gecko/20110828 Firefox/9.0a1

Thank you!

Note You need to log in before you can comment on or make changes to this bug.