[@ std::_Construct<MessageLoop::PendingTask, MessageLoop::PendingTask>(MessageLoop::PendingTask*, MessageLoop::PendingTask const&) ]

RESOLVED DUPLICATE of bug 657588

Status

()

--
critical
RESOLVED DUPLICATE of bug 657588
7 years ago
7 years ago

People

(Reporter: bc, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 657588], crash signature, URL)

(Reporter)

Description

7 years ago
1. Load http://adobe.com/software/flash/about in debug Firefox build
2. Attach debugger to plugin-container process
3. Load Url (either reload until crash or load the next url)
4. Crash [@ std::_Construct<MessageLoop::PendingTask, MessageLoop::PendingTask>(MessageLoop::PendingTask*, MessageLoop::PendingTask const&) ] 

Only seen on Windows XP on Nightly/9, Aurora/8, Beta/7 so far. Seen with 10.3.183.10 as well at least 10.3.183.7.

Other crash locations are possible. This may be related to the heap corruption issues seen in bug 678538. Did see one example where a mutex lock was null.

One example:

http://damewii.com/juego-wii-we-dare-276.fx

+		_Ptr	0x040b2f18 {task=0xcdcdcdcd delayed_run_time={...} sequence_num=-842150451 ...}	MessageLoop::PendingTask *
+		_Val	{task=??? delayed_run_time={...} sequence_num=??? ...}	const MessageLoop::PendingTask &
		_Vptr	0x040b2f18	void *

Note unitialized value in _Ptr->task

>	xul.dll!std::_Construct<MessageLoop::PendingTask,MessageLoop::PendingTask>(MessageLoop::PendingTask * _Ptr=0x040b2f18, const MessageLoop::PendingTask & _Val={...})  Line 53 + 0x1d bytes	C++
 	xul.dll!std::allocator<MessageLoop::PendingTask>::construct(MessageLoop::PendingTask * _Ptr=0x040b2f18, const MessageLoop::PendingTask & _Val={...})  Line 156 + 0xd bytes	C++
 	xul.dll!std::deque<MessageLoop::PendingTask,std::allocator<MessageLoop::PendingTask> >::push_back(const MessageLoop::PendingTask & _Val={...})  Line 827	C++

https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=std%3A%3A_Construct&reason_type=contains&date=09%2F22%2F2011%2013%3A01%3A49&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=std%3A%3A_Construct%3CMessageLoop%3A%3APendingTask%2C%20MessageLoop%3A%3APendingTask%3E%28MessageLoop%3A%3APendingTask*%2C%20MessageLoop%3A%3APendingTask%20const%26%29

https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=std%3A%3A_Construct&reason_type=contains&date=09%2F22%2F2011%2013%3A01%3A49&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=hang%20|%20std%3A%3A_Construct%3CMessageLoop%3A%3APendingTask%2C%20MessageLoop%3A%3APendingTask%3E%28MessageLoop%3A%3APendingTask*%2C%20MessageLoop%3A%3APendingTask%20const%26%29

http://damewii.com/juego-wii-we-dare-276.fx
http://netaatoz.blog21.fc2.com/blog-entry-1813.html  (nsfw)
http://videomasti.net/page/2/
http://www.kenh88.com/sao-hoa-tim-me--mars-needs-moms-2011-vsub-5-play-66-4536-63-472856.html
http://www.blogdelnarco.com/2011/08/capturan-tres-integrantes-de-los-zetas.html
http://www.incontri-x-sesso.com/?id=1%252525252526track=IT-Exit-Megasesso (nsfw)
http://www.pspiso.com/mkv-movie-collection-t958411.html?t=958411%25252526highlight=bond%2525252Bfilms

Comment 1

7 years ago
This looks exactly like bug 657588, are they different?
(Reporter)

Comment 2

7 years ago
Could be the same base issue. Whether we dupe and which direction depends on whether the base issue is in mozilla code or adobe code.

Updated

7 years ago
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 657588
Whiteboard: [sg:investigate] → [sg:dupe 657588]
You need to log in before you can comment on or make changes to this bug.