Closed Bug 716041 Opened 13 years ago Closed 7 years ago

Flash Player crashes with mozalloc_abort on Ubuntu when messing with Sound Preferences

Categories

(Core Graveyard :: Plug-ins, defect)

9 Branch
x86
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: jimsonx, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 Steps to reproduce: 1:Launch any flash content in firefox 2:Right click on the SWF and choose "Settings..." to open the settings panel, keep it open. 3: From the Ubuntu main menu, Go to System -> Preferences -> Sound. At this point Flash Player may crash 4: Click on different tabs, modify settings, just dink around here. If still no crash, try closing it 5:If no crash happens,repeat the step 3-4 until FP crashes. Actual results: Firefox says Flash Player has crashed. Also seeing this on the commandline: ABORT: X_GetWindowAttributes: BadWindow (invalid Window parameter); 2 requests ago: file /builds/slave/rel-m-rel-lnx-bld/build/toolkit/xre/nsX11ErrorHandler.cpp, line 199 The crash callstack isn't too helpful: Program received signal SIGSEGV, Segmentation fault. 0x00f68f23 in mozalloc_abort(char const*) () from /usr/lib/firefox-8.0/libmozalloc.so (gdb) bt 10 #0 0x00f68f23 in mozalloc_abort(char const*) () from /usr/lib/firefox-8.0/libmozalloc.so #1 0x0119861d in ?? () from /usr/lib/firefox-8.0/libxul.so Backtrace stopped: previous frame inner to this frame (corrupt stack?) Expected results: No crash. I am not sure if this is a Firefox bug. But am filing it for now for some initial triage investigation from the Firefox crew. Seems to be a bad malloc related to a bad Gdk Window?
OS: Windows Vista → Linux
Hardware: x86_64 → x86
Might be Ubuntu specific. Tested on a native machine running Ubuntu 10.04. Was not able to reliably reproduce on a native Ubuntu 11 machine. But have seen it crash there, too. Unable to reproduce on a Virtual Machine of Ubuntu 11.
This is us intentionally aborting because of a runtime error (through the X11 Error handler), so it has nothing to do with malloc. Removing the security flag. When the plugin crashes does it say "crash report available"? If so, please submit them or visit about:crashes to submit them and then paste the crash report IDs here.
Group: core-security
Component: Untriaged → Plug-ins
Product: Firefox → Core
QA Contact: untriaged → plugins
jimsonx? > When the plugin crashes does it say "crash report available"? If so, please > submit them or visit about:crashes to submit them and then paste the crash > report IDs here.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.