Closed
Bug 754380
Opened 12 years ago
Closed 7 years ago
crash in PresShell::FlushPendingNotifications @ nsRootPresContext::UpdatePluginGeometry
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-3cff4fa0-79ff-43f7-8015-0344f2120511 . ============================================================= Seen while sifting through Firefox 12 crash stats but seen in Firefox 13 betas as well. https://crash-stats.mozilla.com/report/list?signature=nsRootPresContext::UpdatePluginGeometry%28%29 - all Windows crashes. Strong correlation the funmoods.com addon which has been implicated in other crashes as well. nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (58 crashes) 67% (39/58) vs. 2% (547/33193) ffxtlbr@funmoods.com 34% (20/58) vs. 7% (2183/33193) ffxtlbr@babylon.com Frame Module Signature Source 0 xul.dll nsRootPresContext::UpdatePluginGeometry 1 xul.dll PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4148 2 xul.dll CanCacheSubDocument content/base/src/nsDocument.cpp:6938 3 xul.dll ExternalResourceTraverser content/base/src/nsDocument.cpp:793 4 xul.dll nsXULPopupManager::ShowTooltipAtScreen layout/xul/base/src/nsXULPopupManager.cpp:665 5 xul.dll nsXULTooltipListener::LaunchTooltip layout/xul/base/src/nsXULTooltipListener.cpp:545 6 xul.dll nsXULTooltipListener::ShowTooltip layout/xul/base/src/nsXULTooltipListener.cpp:441 7 xul.dll nsXULTooltipListener::sTooltipCallback layout/xul/base/src/nsXULTooltipListener.cpp:739 8 xul.dll nsTArray<CookieDomainTuple,nsTArrayDefaultAllocator>::RemoveElementsAt obj-firefox/dist/include/nsTArray.h:963 9 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:428 10 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:524 11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:657 12 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 13 xul.dll xul.dll@0xb6d5e3 14 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:201 15 xul.dll _SEH_epilog4 16 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:175 17 xul.dll nsSVGPathGeometryFrame::Render layout/svg/base/src/nsSVGPathGeometryFrame.cpp:469 18 @0x74cfffff 19 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:220 20 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3537 21 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107 22 firefox.exe firefox.exe@0x4033 23 firefox.exe __tmainCRTStartup crtexe.c:594 24 firefox.exe _SEH_epilog4 25 kernel32.dll BaseThreadInitThunk 26 ntdll.dll __RtlUserThreadStart 27 urlmon.dll urlmon.dll@0x814ef 28 kernel32.dll LoadStringByReference 29 kernel32.dll LoadStringByReference
|
||
Updated•12 years ago
|
Component: Extension Compatibility → Layout
OS: Windows NT → Windows 7
Product: Firefox → Core
QA Contact: extension.compatibility → layout
Summary: crash in nsRootPresContext::UpdatePluginGeometry (funmoods.com → crash in nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods and Babylon toolbars)
|
|
||
Comment 1•12 years ago
|
||
It's #63 top browser crasher in 12.0, #39 in 13.0b4, #20 in the first days of 13.0b5.
Here are correlations per extension:
*12.0:
nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (214 crashes)
55% (118/214) vs. 2% (2344/120438) ffxtlbr@funmoods.com
28% (59/214) vs. 3% (3883/120438) plugin@yontoo.com
20% (42/214) vs. 1% (967/120438) ffxtlbr@incredibar.com
16% (35/214) vs. 1% (1409/120438) OneClickDownloader@OneClickDownloader.com
18% (38/214) vs. 3% (3309/120438) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
19% (41/214) vs. 6% (7574/120438) ffxtlbr@babylon.com
* 13.0:
nsRootPresContext::UpdatePluginGeometry()|EXCEPTION_ACCESS_VIOLATION_READ (151 crashes)
60% (90/151) vs. 2% (924/41960) ffxtlbr@funmoods.com
23% (35/151) vs. 1% (513/41960) ffxtlbr@incredibar.com
19% (29/151) vs. 2% (777/41960) OneClickDownloader@OneClickDownloader.com
21% (31/151) vs. 3% (1353/41960) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
17% (26/151) vs. 2% (835/41960) {EEE6C361-6118-11DC-9C72-001320C79847}
15% (22/151) vs. 0% (207/41960) ffxtlbr@searchya.com
17% (26/151) vs. 4% (1560/41960) plugin@yontoo.com
12% (18/151) vs. 1% (330/41960) {336D0C35-8A85-403a-B9D2-65C292C39087}
17% (26/151) vs. 6% (2597/41960) ffxtlbr@babylon.com
All these extensions are known to display unwanted ad popups.Keywords: topcrash
Summary: crash in nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods and Babylon toolbars) → crash in nsXULPopupManager::ShowTooltipAtScreen @ nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods toolbar)
|
||
Comment 2•12 years ago
|
||
(In reply to Scoobidiver from comment #1) > All these extensions are known to display unwanted ad popups. Ad popups implies that they might be putting flash into a popup, something we don't support. In nsObjectFrame::PrepForDrawing if someone trys to put a plugin in a popup we will try to use the widget for the main window instead of just failing. I don't know exactly how that could lead to these crashes, but it seems like a bad idea. Can we just return failure if the object frame is in a popup here? Seems like the best thing to do and it might fix this.
Yes, let's do that!
|
|
||
Comment 4•12 years ago
|
||
It's #26 in 13.0.1 and #23 in 14.0b10.
|
|
||
Comment 5•12 years ago
|
||
I filed bug 771351 for comment 2 because I don't know if it will actually help here. I couldn't get any popup panels created when I installed the funmoods toolbar in a throwaway VM.
|
||
Comment 6•12 years ago
|
||
Is this a dupe of bug 781272? Also, bug 781279 has the same crash signature on it as this one here.
|
|
||
Comment 7•12 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #6) > Is this a dupe of bug 781272? No. They don't have the same regression range.
|
||
Comment 8•12 years ago
|
||
Is bug 771351 low risk enough to uplift to FF16 (currently on Aurora)? This bug has been called out as an ongoing top crasher, so while we won't track it, we would definitely take a fix.
Assignee: nobody → tnikkel
|
|
||
Comment 9•12 years ago
|
||
I don't think my patch in bug 771351 did anything to affect these crashes. (Anyone think otherwise?) So there isn't a patch to uplift.
Assignee: tnikkel → nobody
|
|
||
Comment 10•12 years ago
|
||
There are only 75 crashes in 16.0b3 while there were 1029 in 16.0b2. The working range is: http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=cad589192f3c&tochange=de3f06a549de
|
|
||
Comment 11•12 years ago
|
||
It's #28 top browser crasher in 16.0b6, #51 in 17.0a2 and #67 in 18.0a1 with other bugs that share this signature.
Summary: crash in nsXULPopupManager::ShowTooltipAtScreen @ nsRootPresContext::UpdatePluginGeometry (mainly with Funmoods toolbar) → crash in PresShell::FlushPendingNotifications @ nsRootPresContext::UpdatePluginGeometry
|
|
||
Comment 12•12 years ago
|
||
It's #50 top browser crasher w/o hangs in 17.0, so no longer a top crasher.
Keywords: topcrash
|
||
Updated•9 years ago
|
Crash Signature: [@ nsRootPresContext::UpdatePluginGeometry()] → [@ nsRootPresContext::UpdatePluginGeometry()]
[@ nsRootPresContext::UpdatePluginGeometry]
|
||
Comment 13•7 years ago
|
||
I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox (except some obsolete Fx <18).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•