Closed
Bug 748701
Opened 12 years ago
Closed 12 years ago
crash in nsObjectLoadingContent::IsPluginEnabledForType
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox14+ verified, blocking-fennec1.0 +)
VERIFIED
FIXED
mozilla15
People
(Reporter: scoobidiver, Assigned: jaws)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [native-crash][qa+:paul.silaghi])
Crash Data
Attachments
(2 files)
|
575 bytes,
text/html
|
Details | |
|
1.32 KB,
patch
|
jaas
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
It first appeared in 14.0a1/20120422 and affects currently two users in Nightly. The regression range might be: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=22bfdebf5cae&tochange=990f6542747b Signature nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&) More Reports Search UUID 3aab2a3a-8eed-4919-842a-311712120424 Date Processed 2012-04-24 22:14:48 Uptime 2267 Last Crash 19.7 hours before submission Install Age 7.9 hours since version was first installed. Install Time 2012-04-24 14:22:14 Product Firefox Version 14.0a1 Build ID 20120424030709 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x0116, AdapterSubsysID: 15001558, AdapterDriverVersion: 8.15.10.2653 Has dual GPUs. GPU #2: AdapterVendorID2: 0x10de, AdapterDeviceID2: 0x0dce, AdapterSubsysID2: 15001558, AdapterDriverVersion2: 8.17.12.9573D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility True Total Virtual Memory 4294836224 Available Virtual Memory 3477127168 System Memory Use Percentage 30 Available Page File 13615034368 Available Physical Memory 5928677376 Frame Module Signature Source 0 xul.dll nsObjectLoadingContent::IsPluginEnabledForType content/base/src/nsObjectLoadingContent.cpp:523 1 xul.dll nsObjectLoadingContent::LoadObject content/base/src/nsObjectLoadingContent.cpp:1448 2 xul.dll nsObjectLoadingContent::LoadObject content/base/src/nsObjectLoadingContent.cpp:1254 3 xul.dll nsHTMLSharedObjectElement::StartObjectLoad content/html/content/src/nsHTMLSharedObjectElement.cpp:486 4 xul.dll nsHTMLSharedObjectElement::StartObjectLoad content/html/content/src/nsHTMLSharedObjectElement.cpp:144 5 xul.dll nsRunnableMethodImpl<void obj-firefox/dist/include/nsThreadUtils.h:345 6 xul.dll nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4730 7 xul.dll nsDocument::EndUpdate content/base/src/nsDocument.cpp:4040 8 xul.dll nsHTMLDocument::EndUpdate content/html/document/src/nsHTMLDocument.cpp:2275 9 xul.dll nsHtml5TreeOpExecutor::FlushDocumentWrite parser/html/nsHtml5TreeOpExecutor.cpp:654 10 xul.dll nsHtml5StringParser::Tokenize parser/html/nsHtml5StringParser.cpp:161 11 xul.dll nsContentUtils::ParseFragmentHTML content/base/src/nsContentUtils.cpp:3988 12 xul.dll XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:359 13 xul.dll XPCConvert::NativeData2JS js/xpconnect/src/xpcprivate.h:3291 14 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2408 15 mozjs.dll js::PropertyCache::fill js/src/jspropertycache.cpp:110 16 mozjs.dll js::GetPropertyHelper js/src/jsobj.cpp:5124 17 mozjs.dll js::GetPropertyOperation js/src/jsinterpinlines.h:266 18 mozjs.dll js::Interpret js/src/jsinterp.cpp:2757 19 mozjs.dll js::ContextStack::pushInvokeFrame js/src/vm/Stack.cpp:778 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=nsObjectLoadingContent%3A%3AIsPluginEnabledForType%28nsCString+const%26%29
|
Reporter | |
Comment 1•12 years ago
|
||
More reports at: https://crash-stats.mozilla.com/report/list?signature=nsObjectLoadingContent%3A%3AIsPluginEnabledForType
Crash Signature: [@ nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&)] → [@ nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&)]
[@ nsObjectLoadingContent::IsPluginEnabledForType]
OS: Windows 7 → All
Hardware: x86 → All
Whiteboard: [native-crash]
|
||
Comment 2•12 years ago
|
||
Tap on the button to get the crash (it opens a new window, closes it, then changes the embed src of the closed window).
|
Assignee | |
Comment 3•12 years ago
|
||
Thanks for the test case Martijn. This patch checks for null on the document's window object before dereferencing it for the top window.
|
||
Updated•12 years ago
|
blocking-fennec1.0: ? → +
Attachment #619082 -
Flags: review?(joshmoz) → review+
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [native-crash] → [native-crash][waiting on bug 750661]
|
|
Assignee | |
Comment 4•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/d8a01f198883
Blocks: 711618
status-firefox14:
--- → affected
tracking-firefox14:
--- → ?
Target Milestone: --- → mozilla15
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [native-crash][waiting on bug 750661] → [native-crash]
|
||
Updated•12 years ago
|
|
|
Assignee | |
Comment 5•12 years ago
|
||
Comment on attachment 619082 [details] [diff] [review] Patch for bug [Approval Request Comment] Regression caused by (bug #): bug 711618 User impact if declined: hard to hit but easily reproducible crashes Testing completed (on m-c, etc.): locally, just landed on mozilla-inbound Risk to taking this patch (and alternatives if risky): none expected String changes made by this patch: none
Attachment #619082 -
Flags: approval-mozilla-aurora?
|
||
Comment 6•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d8a01f198883
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment on attachment 619082 [details] [diff] [review] Patch for bug Review of attachment 619082 [details] [diff] [review]: ----------------------------------------------------------------- ::: content/base/src/nsObjectLoadingContent.cpp @@ +528,1 @@ > NS_ENSURE_SUCCESS(rv, rv); Shouldn't this line (NS_ENSURE_SUCCESS) be removed now?
|
|
Assignee | |
Comment 8•12 years ago
|
||
it shouldn't be removed, it should actually have rv assigned to in the line above. thanks for catching this.
|
||
Comment 9•12 years ago
|
||
Comment on attachment 619082 [details] [diff] [review] Patch for bug [Triage Comment] Less crashes, noble cause.
Attachment #619082 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 10•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/42c6be86ed0d
|
|
Assignee | |
Comment 11•12 years ago
|
||
Fixed the typo found in comment #7 on inbound (already made the change to the Aurora patch): https://hg.mozilla.org/integration/mozilla-inbound/rev/3be54da1aba4
|
||
Comment 13•12 years ago
|
||
Cannot reproduce the crash loading the test case on Nightly 2012-04-22, Nightly 2012-04-23, Nightly 2012-05-01. Any thoughts ?
|
|
||
Comment 14•12 years ago
|
||
Did you have set up Plugins to "Tap to Play" in your settings?
|
|
||
Comment 15•12 years ago
|
||
Sorry, I missed that. Able to see the crash on nightly 2012-04-23 with click_to_play pref set on true. Verified fixed on FF 14b8 on Win 7, Ubuntu 12.04 and Mac OS X 10.6.
Status: RESOLVED → VERIFIED
Whiteboard: [native-crash] → [native-crash][qa+:paul.silaghi]
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•