Closed
Bug 774599
Opened 13 years ago
Closed 12 years ago
Crash when content of unknown MIME type is encountered
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-basecamp:+)
VERIFIED
FIXED
| blocking-basecamp | + |
People
(Reporter: romaxa, Assigned: fabrice)
References
Details
(Keywords: crash, reproducible, Whiteboard: [LOE:M] [WebAPI:P0])
Crash Data
Attachments
(1 file)
|
1.90 KB,
patch
|
justin.lebar+bug
:
review+
|
Details | Diff | Splinter Review |
Program received signal SIGSEGV, Segmentation fault.
0x3b4918f6 in mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest (this=0x616630, entityID=<value optimized out>)
at B2G/gecko/uriloader/exthandler/ExternalHelperAppParent.cpp:67
67 mStatus = mListener->OnStartRequest(this, nsnull);
(gdb) bt
#0 0x3b4918f6 in mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest (this=0x616630, entityID=<value optimized out>)
at B2G/gecko/uriloader/exthandler/ExternalHelperAppParent.cpp:67
#1 0x3b5eb9a8 in mozilla::dom::PExternalHelperAppParent::OnMessageReceived (this=0x616630, __msg=...)
at B2G/objdir-gecko/ipc/ipdl/PExternalHelperAppParent.cpp:215
#2 0x3b606a52 in mozilla::dom::PContentParent::OnMessageReceived (this=0x35c858, __msg=...)
at B2G/objdir-gecko/ipc/ipdl/PContentParent.cpp:1143
#3 0x3b5e51b0 in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0x35c860, msg=...) at B2G/gecko/ipc/glue/AsyncChannel.cpp:473
#4 0x3b5e9b1a in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x35c860) at B2G/gecko/ipc/glue/RPCChannel.cpp:402
#5 0x3b5d9e16 in DispatchToMethod<mozilla::plugins::PluginInstanceChild, void (mozilla::plugins::PluginInstanceChild::*)()> (this=<value optimized out>)
at B2G/gecko/ipc/chromium/src/base/tuple.h:383
#6 RunnableMethod<mozilla::plugins::PluginInstanceChild, void (mozilla::plugins::PluginInstanceChild::*)(), Tuple0>::Run (this=<value optimized out>)
at B2G/gecko/ipc/chromium/src/base/task.h:307
#7 0x3b5e84d0 in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:430
#8 mozilla::ipc::RPCChannel::DequeueTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/RPCChannel.h:453
#9 0x3b6ac704 in MessageLoop::RunTask (this=0x1a0d8, task=0xaed9181c) at B2G/gecko/ipc/chromium/src/base/message_loop.cc:326
#10 0x3b6ad552 in MessageLoop::DeferOrRunPendingTask (this=0x35c860, pending_task=<value optimized out>)
at B2G/gecko/ipc/chromium/src/base/message_loop.cc:334
#11 0x3b6ae130 in MessageLoop::DoWork (this=0x1a0d8) at B2G/gecko/ipc/chromium/src/base/message_loop.cc:434
#12 0x3b5e7f84 in mozilla::ipc::MessagePump::Run (this=0xf598, aDelegate=0x1a0d8) at B2G/gecko/ipc/glue/MessagePump.cpp:86
#13 0x3b6ac6b4 in MessageLoop::RunInternal (this=0x3bad24b1) at B2G/gecko/ipc/chromium/src/base/message_loop.cc:208
#14 0x3b6ac76a in MessageLoop::RunHandler (this=0x1a0d8) at B2G/gecko/ipc/chromium/src/base/message_loop.cc:201
#15 MessageLoop::Run (this=0x1a0d8) at B2G/gecko/ipc/chromium/src/base/message_loop.cc:175
#16 0x3b57addc in nsBaseAppShell::Run (this=0x1e2560) at B2G/gecko/widget/xpwidgets/nsBaseAppShell.cpp:163
#17 0x3b4bad74 in nsAppStartup::Run (this=0x1e2508) at B2G/gecko/toolkit/components/startup/nsAppStartup.cpp:257
#18 0x3af43d32 in XREMain::XRE_mainRun (this=0xaed91a5c) at B2G/gecko/toolkit/xre/nsAppRunner.cpp:3787
#19 0x3af464b8 in XREMain::XRE_main (this=0xaed91a5c, argc=<value optimized out>, argv=0xaed93c44, aAppData=<value optimized out>)
at B2G/gecko/toolkit/xre/nsAppRunner.cpp:3864
#20 0x3af46604 in XRE_main (argc=1, argv=0xaed93c44, aAppData=0xa980, aFlags=<value optimized out>)
at B2G/gecko/toolkit/xre/nsAppRunner.cpp:3940
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) frame 0
#0 0x3b4918f6 in mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest (this=0x616630, entityID=<value optimized out>)
at B2G/gecko/uriloader/exthandler/ExternalHelperAppParent.cpp:67
67 mStatus = mListener->OnStartRequest(this, nsnull);
(gdb) p mListener
$1 = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
(gdb)
|
||
Updated•13 years ago
|
Severity: normal → critical
Crash Signature: [@ mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest]
Keywords: crash
From michelleluna:
Steps to reproduce:
go to PianoTeaching.com
tap the Half-Time show play button
phone reboots [ed: b2g process crashes and restarts]
This is 100% reproducible for me.
(gdb) f 4
#4 0x415bdc52 in mozilla::dom::ExternalHelperAppParent::RecvOnStartRequest (this=0x221ddb0, entityID=...) at /home/cjones/mozilla/inbound/uriloader/exthandler/ExternalHelperAppParent.cpp:67
(gdb) p entityID
$1 = (const nsCString &) @0xbee5de54: {
<nsACString_internal> = {
mData = 0x330ce90 "%222040fc1-ef72e-4bf7d7cea07b1%22/980782/Tue, 08 May 2012 02:53:14 GMT",
mLength = 70,
mFlags = 5
}, <No data fields>}
Whatever the entity ID is ...
I don't know what kind of media file we're trying to play here, will check on desktop.
Blocks: b2g-e10s-work
blocking-basecamp: --- → +
It's an .mp3
The response from the server here is
HTTP/1.1 200 OK
Date: Sat, 18 Aug 2012 01:56:52 GMT
Server: Apache/2.2.22
Last-Modified: Tue, 08 May 2012 02:53:14 GMT
ETag: "2040fc1-ef72e-4bf7d7cea07b1"
Accept-Ranges: bytes
Content-Length: 980782
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: audio/mpeg
so nothing silly like serving octet-stream.
Guys, any ideas why we don't recognize this as playable content and just navigate to it?
If I directly request http://pianoadventures.com/audio/mp3s/CD1002-21.mp3, I get the same crash.
|
||
Updated•13 years ago
|
Keywords: reproducible
There are really two separate bugs here
- unknown content causes the b2g process to crash, bad. Looks like we expect to have some sort of platform/frontend-specific fallback content sink but there isn't one for b2g. We need to implement this as a safeguard against unknown MIME types.
- mp3/mp4 behave like unknown content types, even though (on gonk) we can play them with native controls
Component: File Handling → General
Product: Core → Boot2Gecko
Summary: [B2G] gecko crashes on attempt to open mp3 or mp4 files → Crash when content of unknown MIME type is encountered
|
|
||
Comment 6•13 years ago
|
||
Gaia issue that's tracking this btw - https://github.com/mozilla-b2g/gaia/issues/2929
I think what we want to do here is add a "real" implementation of uriloader/exthandler/gonk that converts unhandled content into web activities. Cargo-culting the C++ side of this looks pretty easy, but I'm not sure
- how to initiate a new activity from C++
- what to do if there's no handler for the activity
- if there is a handler, how to transfer the content bytes (in-memory Blob I guess?)
Using this implementation to hook the pdf.js app into b2g, generically, would be a nice target.
|
||
Comment 8•13 years ago
|
||
Looks like it's trying to load a plugin and doesn't even touch our media code.
|
|
||
Comment 9•13 years ago
|
||
I tried to reproduce. I got to "pianoteaching.com" and it redirects to "pianoadventures.com" and I see no sign of a "half time play button".
Oh, sorry: patch in bug 783736. You're right! :) (s/plugin/external application/)
(In reply to Chris Double (:doublec) from comment #9)
> I tried to reproduce. I got to "pianoteaching.com" and it redirects to
> "pianoadventures.com" and I see no sign of a "half time play button".
The link is in an "ad" embedded on the page. Would recommend using http://people.mozilla.com/~cjones/media.html --- the MP3 link goes to the same content.
|
Assignee | |
Comment 12•13 years ago
|
||
(In reply to Chris Jones [:cjones] [:warhammer] from comment #7)
> I think what we want to do here is add a "real" implementation of
> uriloader/exthandler/gonk that converts unhandled content into web
> activities. Cargo-culting the C++ side of this looks pretty easy, but I'm
> not sure
> - how to initiate a new activity from C++
> - what to do if there's no handler for the activity
> - if there is a handler, how to transfer the content bytes (in-memory Blob
> I guess?)
>
> Using this implementation to hook the pdf.js app into b2g, generically,
> would be a nice target.
We already hooked up pdf.js with b2g/components/ContentHandler.js that leads to firing a "view" activity here: https://mxr.mozilla.org/mozilla-central/source/b2g/chrome/content/shell.js#326
A nice followup would be to register components for all the "view" activities that are registered. But this is what navigator.registerContentHandler() should do also...
For unknown types, nsIExternalURLHandlerService is probably what we want.
|
||
Comment 14•13 years ago
|
||
(In reply to Andrew Overholt [:overholt] from comment #13)
> Justin, can you take this?
I can, although it's somewhat out of my depth and I have plenty of bugs in my depth, so if someone else has time, they should grab this...
|
||
Comment 15•13 years ago
|
||
(In reply to Justin Lebar [:jlebar] from comment #14)
> (In reply to Andrew Overholt [:overholt] from comment #13)
> > Justin, can you take this?
>
> I can, although it's somewhat out of my depth and I have plenty of bugs in
> my depth, so if someone else has time, they should grab this...
Stealing.
Assignee: justin.lebar+bug → 21
Whiteboard: [LOE:M]
|
||
Updated•12 years ago
|
Whiteboard: [LOE:M] → [LOE:M] [WebAPI:P0]
|
|
||
Comment 16•12 years ago
|
||
Vivien, are you actually going to work on this? If not, we should unassign you from the bug so the PMs can find a new owner.
|
|
||
Comment 17•12 years ago
|
||
(In reply to Justin Lebar [:jlebar] from comment #16)
> Vivien, are you actually going to work on this? If not, we should unassign
> you from the bug so the PMs can find a new owner.
I will but I'm a bit under water for now so I can't tell when I will start :/
|
|
Assignee | |
Comment 18•12 years ago
|
||
I found why we crashed by reading a comment in the android code (https://mxr.mozilla.org/mozilla-central/source/uriloader/exthandler/android/nsOSHelperAppService.cpp#34).
Since we don't have any external application fallback, the fix just makes sure that we don't return a null pointer for the nsIMIMEInfo object.
Assignee: 21 → fabrice
Attachment #661560 -
Flags: review?(justin.lebar+bug)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #661560 -
Flags: review?(jones.chris.g)
|
|
Assignee | |
Comment 19•12 years ago
|
||
Also, I have a test page at https://people.mozilla.com/~fdesre/handler/
The ".rar file" link crashes without the patch, but not with the patch.
|
|
||
Updated•12 years ago
|
Attachment #661560 -
Flags: review?(justin.lebar+bug) → review+
|
|
Assignee | |
Updated•12 years ago
|
Attachment #661560 -
Flags: review?(jones.chris.g)
|
|
Assignee | |
Comment 20•12 years ago
|
||
|
||
Comment 21•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•