Flash Player crashes with mozalloc_abort on Ubuntu when messing with Sound Preferences

RESOLVED INCOMPLETE

Status

()

RESOLVED INCOMPLETE
7 years ago
a year ago

People

(Reporter: jimsonx, Unassigned)

Tracking

9 Branch
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

1:Launch any flash content in firefox
2:Right click on the SWF and choose "Settings..." to open the settings panel, keep it open.
3: From the Ubuntu main menu, Go to System -> Preferences -> Sound. At this point Flash Player may crash
4: Click on different tabs, modify settings, just dink around here. If still no crash, try closing it
5:If no crash happens,repeat the step 3-4 until FP crashes.


Actual results:

Firefox says Flash Player has crashed.

Also seeing this on the commandline:
ABORT: X_GetWindowAttributes: BadWindow (invalid Window parameter); 2 requests ago: file /builds/slave/rel-m-rel-lnx-bld/build/toolkit/xre/nsX11ErrorHandler.cpp, line 199

The crash callstack isn't too helpful:
Program received signal SIGSEGV, Segmentation fault.
0x00f68f23 in mozalloc_abort(char const*) () from /usr/lib/firefox-8.0/libmozalloc.so
(gdb) bt 10
#0  0x00f68f23 in mozalloc_abort(char const*) () from /usr/lib/firefox-8.0/libmozalloc.so
#1  0x0119861d in ?? () from /usr/lib/firefox-8.0/libxul.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)


Expected results:

No crash. I am not sure if this is a Firefox bug. But am filing it for now for some initial triage investigation from the Firefox crew. Seems to be a bad malloc related to a bad Gdk Window?
(Reporter)

Updated

7 years ago
OS: Windows Vista → Linux
Hardware: x86_64 → x86
(Reporter)

Comment 1

7 years ago
Might be Ubuntu specific. Tested on a native machine running Ubuntu 10.04. Was not able to reliably reproduce on a native Ubuntu 11 machine. But have seen it crash there, too. Unable to reproduce on a Virtual Machine of Ubuntu 11.

Comment 2

7 years ago
This is us intentionally aborting because of a runtime error (through the X11 Error handler), so it has nothing to do with malloc. Removing the security flag.

When the plugin crashes does it say "crash report available"? If so, please submit them or visit about:crashes to submit them and then paste the crash report IDs here.
Group: core-security
Component: Untriaged → Plug-ins
Product: Firefox → Core
QA Contact: untriaged → plugins

Comment 3

6 years ago
jimsonx?

> When the plugin crashes does it say "crash report available"? If so, please
> submit them or visit about:crashes to submit them and then paste the crash
> report IDs here.

Updated

a year ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.