Closed
Bug 754380
Opened 13 years ago
Closed 8 years ago
crash in PresShell::FlushPendingNotifications @ nsRootPresContext::UpdatePluginGeometry
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-3cff4fa0-79ff-43f7-8015-0344f2120511 .
=============================================================
Seen while sifting through Firefox 12 crash stats but seen in Firefox 13 betas as well. https://crash-stats.mozilla.com/report/list?signature=nsRootPresContext::UpdatePluginGeometry%28%29 - all Windows crashes. Strong correlation the funmoods.com addon which has been implicated in other crashes as well.
nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (58 crashes)
67% (39/58) vs. 2% (547/33193) ffxtlbr@funmoods.com
34% (20/58) vs. 7% (2183/33193) ffxtlbr@babylon.com
Frame Module Signature Source
0 xul.dll nsRootPresContext::UpdatePluginGeometry
1 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4148
2 xul.dll CanCacheSubDocument content/base/src/nsDocument.cpp:6938
3 xul.dll ExternalResourceTraverser content/base/src/nsDocument.cpp:793
4 xul.dll nsXULPopupManager::ShowTooltipAtScreen layout/xul/base/src/nsXULPopupManager.cpp:665
5 xul.dll nsXULTooltipListener::LaunchTooltip layout/xul/base/src/nsXULTooltipListener.cpp:545
6 xul.dll nsXULTooltipListener::ShowTooltip layout/xul/base/src/nsXULTooltipListener.cpp:441
7 xul.dll nsXULTooltipListener::sTooltipCallback layout/xul/base/src/nsXULTooltipListener.cpp:739
8 xul.dll nsTArray<CookieDomainTuple,nsTArrayDefaultAllocator>::RemoveElementsAt obj-firefox/dist/include/nsTArray.h:963
9 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:428
10 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:524
11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:657
12 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
13 xul.dll xul.dll@0xb6d5e3
14 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201
15 xul.dll _SEH_epilog4
16 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:175
17 xul.dll nsSVGPathGeometryFrame::Render layout/svg/base/src/nsSVGPathGeometryFrame.cpp:469
18 @0x74cfffff
19 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:220
20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3537
21 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107
22 firefox.exe firefox.exe@0x4033
23 firefox.exe __tmainCRTStartup crtexe.c:594
24 firefox.exe _SEH_epilog4
25 kernel32.dll BaseThreadInitThunk
26 ntdll.dll __RtlUserThreadStart
27 urlmon.dll urlmon.dll@0x814ef
28 kernel32.dll LoadStringByReference
29 kernel32.dll LoadStringByReference
|
||
Updated•13 years ago
|
Component: Extension Compatibility → Layout
OS: Windows NT → Windows 7
Product: Firefox → Core
QA Contact: extension.compatibility → layout
Summary: crash in nsRootPresContext::UpdatePluginGeometry (funmoods.com → crash in nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods and Babylon toolbars)
|
|
||
Comment 1•13 years ago
|
||
It's #63 top browser crasher in 12.0, #39 in 13.0b4, #20 in the first days of 13.0b5.
Here are correlations per extension:
*12.0:
nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (214 crashes)
55% (118/214) vs. 2% (2344/120438) ffxtlbr@funmoods.com
28% (59/214) vs. 3% (3883/120438) plugin@yontoo.com
20% (42/214) vs. 1% (967/120438) ffxtlbr@incredibar.com
16% (35/214) vs. 1% (1409/120438) OneClickDownloader@OneClickDownloader.com
18% (38/214) vs. 3% (3309/120438) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
19% (41/214) vs. 6% (7574/120438) ffxtlbr@babylon.com
* 13.0:
nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (151 crashes)
60% (90/151) vs. 2% (924/41960) ffxtlbr@funmoods.com
23% (35/151) vs. 1% (513/41960) ffxtlbr@incredibar.com
19% (29/151) vs. 2% (777/41960) OneClickDownloader@OneClickDownloader.com
21% (31/151) vs. 3% (1353/41960) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
17% (26/151) vs. 2% (835/41960) {EEE6C361-6118-11DC-9C72-001320C79847}
15% (22/151) vs. 0% (207/41960) ffxtlbr@searchya.com
17% (26/151) vs. 4% (1560/41960) plugin@yontoo.com
12% (18/151) vs. 1% (330/41960) {336D0C35-8A85-403a-B9D2-65C292C39087}
17% (26/151) vs. 6% (2597/41960) ffxtlbr@babylon.com
All these extensions are known to display unwanted ad popups.
Keywords: topcrash
Summary: crash in nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods and Babylon toolbars) → crash in nsXULPopupManager::ShowTooltipAtScreen @ nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods toolbar)
|
||
Comment 2•13 years ago
|
||
(In reply to Scoobidiver from comment #1)
> All these extensions are known to display unwanted ad popups.
Ad popups implies that they might be putting flash into a popup, something we don't support. In nsObjectFrame::PrepForDrawing if someone trys to put a plugin in a popup we will try to use the widget for the main window instead of just failing. I don't know exactly how that could lead to these crashes, but it seems like a bad idea.
Can we just return failure if the object frame is in a popup here? Seems like the best thing to do and it might fix this.
Yes, let's do that!
|
|
||
Comment 4•13 years ago
|
||
It's #26 in 13.0.1 and #23 in 14.0b10.
|
|
||
Comment 5•13 years ago
|
||
I filed bug 771351 for comment 2 because I don't know if it will actually help here. I couldn't get any popup panels created when I installed the funmoods toolbar in a throwaway VM.
|
||
Comment 6•12 years ago
|
||
Is this a dupe of bug 781272?
Also, bug 781279 has the same crash signature on it as this one here.
|
|
||
Comment 7•12 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #6)
> Is this a dupe of bug 781272?
No. They don't have the same regression range.
|
||
Comment 8•12 years ago
|
||
Is bug 771351 low risk enough to uplift to FF16 (currently on Aurora)? This bug has been called out as an ongoing top crasher, so while we won't track it, we would definitely take a fix.
Assignee: nobody → tnikkel
|
|
||
Comment 9•12 years ago
|
||
I don't think my patch in bug 771351 did anything to affect these crashes. (Anyone think otherwise?) So there isn't a patch to uplift.
Assignee: tnikkel → nobody
|
|
||
Comment 10•12 years ago
|
||
There are only 75 crashes in 16.0b3 while there were 1029 in 16.0b2.
The working range is:
http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=cad589192f3c&tochange=de3f06a549de
|
|
||
Comment 11•12 years ago
|
||
It's #28 top browser crasher in 16.0b6, #51 in 17.0a2 and #67 in 18.0a1 with other bugs that share this signature.
Summary: crash in nsXULPopupManager::ShowTooltipAtScreen @ nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods toolbar) → crash in PresShell::FlushPendingNotifications @ nsRootPresContext::UpdatePluginGeometry
|
|
||
Comment 12•12 years ago
|
||
It's #50 top browser crasher w/o hangs in 17.0, so no longer a top crasher.
Keywords: topcrash
|
||
Updated•9 years ago
|
Crash Signature: [@ nsRootPresContext::UpdatePluginGeometry()] → [@ nsRootPresContext::UpdatePluginGeometry()]
[@ nsRootPresContext::UpdatePluginGeometry]
|
||
Comment 13•8 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <18).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•