Closed Bug 745782 Opened 13 years ago Closed 8 years ago

Flash plugin crashing on ICS with checkJNI

Categories

(Firefox for Android Graveyard :: Plugins, defect)

Product:
Firefox for Android Graveyard
Component:
Plugins
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: toonetown, Unassigned)

Details

(Keywords: crash, Whiteboard: [native-crash])

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.18.5 (KHTML, like Gecko) Version/5.2 Safari/535.18.5 Steps to reproduce: Running fennec (built with android:debuggable=true) on ICS crashes whenever loading the flash plugin. Actual results: The crash looks like: JNI ERROR (app bug): accessed stale local reference 0x27100065 (index 25 in a table of size 24) Expected results: According to the documentation at http://android-developers.blogspot.com/2011/11/jni-local-reference-changes-in-ics.html, ICS was updated to catch some common bug practices. This one appears to be happening in the section called "Bug: Calling PopLocalFrame() and continuing to use a popped reference". It appears that using the AutoLocalJNIFrame in the CreateSurface function of widget/android/AndroidBridge.cpp, the deconstructor is being called (which calls PopLocalFrame) and then we are returning a jobject - which is likely to be used in other locations. This is what appears to be causing the crash. This seems to happen when running with android:debuggable=true - but in "release" mode, it just has a bug where the object could possibly be garbage collected, and then we try to use it. As I am not terribly familiar with JNI (or c++, for that matter), I don't know the best way to address this issue, or I would create a patch. :)
The full log (with surrounding messages) is: I/GeckoAppShell(15427): createSurface E/dalvikvm(15427): JNI ERROR (app bug): accessed stale local reference 0x27100065 (index 25 in a table of size 24) E/dalvikvm(15427): VM aborting F/libc (15427): Fatal signal 11 (SIGSEGV) at 0xdeadd00d (code=1) Again - this is when I run the nightly built with debuggable=true - when I run the nightly available for download, I get these log entries: I/GeckoAppShell(15467): createSurface I/GeckoAppShell(15467): showSurface:Surface(name=null, identity=0) @ x:20 y:54 w:438 h:267 inverted: false blend: true metadata: {"width":480,"height":690,"pageWidth":480,"pageHeight":690.1224489795918,"zoom":0.4897959183673469,"x":0,"y":0} (The showSurface call is never made in debuggable=true case)
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
OS: Mac OS X → Android
Hardware: x86 → ARM
Whiteboard: [native-crash]
Is flash working on debug builds for others?
Component: General → Plugins
Severity: critical → major
Flash is going away: bug 1381916.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.