771345 - crash in mozilla::plugins::PluginInstanceChild::EnsureCurrentBuffer

Status: RESOLVED WORKSFORME

(Core Graveyard :: Plug-ins, defect)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is 
report bp-1237e594-a3b5-4ff1-ba1e-ffbd32120705 .
============================================================= 

Seen while looking at the explosive report - https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char%20const*%20const%29%20|%20mozalloc_handle_oom%28unsigned%20int%29%20|%20moz_xmalloc%20|%20mozilla::plugins::PluginInstanceChild::EnsureCurrentBuffer%28%29

Small spike in FF 14B10 in this signature. 99% correlation to Flash Version 11.3.300.262. Almost all crashes are Windows 7.

Frame 	Module 	Signature 	Source
0 	mozalloc.dll 	mozalloc_abort 	memory/mozalloc/mozalloc_abort.cpp:79
1 	mozalloc.dll 	mozalloc_handle_oom 	memory/mozalloc/mozalloc_oom.cpp:60
2 	mozalloc.dll 	moz_xmalloc 	
3 	xul.dll 	mozilla::plugins::PluginInstanceChild::EnsureCurrentBuffer 	dom/plugins/ipc/PluginInstanceChild.cpp:2647
4 	xul.dll 	mozilla::plugins::PluginInstanceChild::ShowPluginFrame 	dom/plugins/ipc/PluginInstanceChild.cpp:3102
5 	xul.dll 	mozilla::plugins::PluginInstanceChild::InvalidateRectDelayed 	dom/plugins/ipc/PluginInstanceChild.cpp:3352
6 	xul.dll 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:318
7 	xul.dll 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:326
8 	xul.dll 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:426
9 	xul.dll 	base::MessagePumpForUI::DoRunLoop 	ipc/chromium/src/base/message_pump_win.cc:214
10 	xul.dll 	base::MessagePumpWin::RunWithDispatcher 	ipc/chromium/src/base/message_pump_win.cc:53
11 	xul.dll 	base::MessagePumpWin::Run 	ipc/chromium/src/base/message_pump_win.h:78
12 	xul.dll 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:208
13 	xul.dll 	MessageLoop::RunHandler 	
14 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:175
15 	xul.dll 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:513
16 	plugin-container.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
17 	plugin-container.exe 	__tmainCRTStartup 	crtexe.c:594
18 	kernel32.dll 	BaseThreadInitThunk 	
19 	ntdll.dll 	__RtlUserThreadStart 	
20 	ntdll.dll 	_RtlUserThreadStart

Comment 1

[Scoobidiver (away)]

It's #71 top crasher in 14.0b10 and #98 in 15.0a2.

The Beta regression range is (between 14.0b9 and b10):
http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=d050090e578c&tochange=e4445f905091
The Aurora regression range is (spiked in 15.0a2/20120624):
http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=2107bc8dd678&tochange=e967f0934767
It might be a regression from bug 686335 that landed in 14.0b9, not b10, and was backed out in 14.0b11.

Comment 2

[Scoobidiver (away)]

It has replaced a preexisting crash signature that is #69 top crasher in 13.0.1.

Comment 3

[Benjamin Smedberg]

This doesn't look related to bug 686335 to me: it's present in 13.0.1 and the 14 betas where bug 7686335 was backed out or never landed, and from my current diagnosis I'm pretty sure this is just a protected-mode bug in Flash 11.3.

Comment 4

[Virtual_ManPL [:Virtual] 🇵🇱 - (please needinfo? me - so I will see your comment/reply/question/etc.)]

I'm marking this bug as WORKSFORME as bug crashlog signature didn't appear from a long time (over half year) in Firefox.