Last Comment Bug 777460 - crash in nsNPAPIPluginInstance::CreateSharedHandle on Honeycomb and above
: crash in nsNPAPIPluginInstance::CreateSharedHandle on Honeycomb and above
: crash, topcrash
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: Trunk
: ARM Android
-- critical (vote)
: mozilla19
Assigned To: James Willcox (:snorp) (
: Benjamin Smedberg [:bsmedberg]
Depends on:
  Show dependency treegraph
Reported: 2012-07-25 12:15 PDT by Scoobidiver (away)
Modified: 2012-10-30 08:05 PDT (History)
4 users (show)
ryanvm: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Guard against null plugin instance on Android (3.41 KB, patch)
2012-10-25 08:54 PDT, James Willcox (:snorp) (
blassey.bugs: review+
lukasblakk+bugs: approval‑mozilla‑aurora+
lukasblakk+bugs: approval‑mozilla‑beta+
Details | Diff | Splinter Review

Description User image Scoobidiver (away) 2012-07-25 12:15:34 PDT
It has been hit by one user in 17.0a1/20120721041038 and 17.0a1/20120725030556, each time after bug 687267 landed on m-c.

Signature 	nsNPAPIPluginInstance::CreateSharedHandle More Reports Search
UUID	678911b3-3080-4481-982e-63a2d2120725
Date Processed	2012-07-25 19:06:20
Uptime	41
Last Crash	48 seconds before submission
Install Age	7.5 minutes since version was first installed.
Install Time	2012-07-25 18:58:06
Product	FennecAndroid
Version	17.0a1
Build ID	20120725030556
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux #1 SMP PREEMPT Fri Dec 9 16:44:21 KST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x24
App Notes 	
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra -- OpenGL ES 2.0 -- Model: GT-P7510, Product: GT-P7510, Manufacturer: samsung, Hardware: p3'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ 
samsung GT-P7510
EMCheckCompatibility	True
Adapter Vendor ID	NVIDIA Corporation
Adapter Device ID	NVIDIA Tegra

Frame 	Module 	Signature 	Source
0 	nsNPAPIPluginInstance::CreateSharedHandle 	xpcom/base/nsAutoPtr.h:1003
1 	nsPluginInstanceOwner::GetImageContainer 	dom/plugins/base/nsPluginInstanceOwner.cpp:185
2 	nsObjectFrame::BuildLayer 	layout/generic/nsObjectFrame.cpp:1607
3 	nsDisplayPlugin::BuildLayer 	layout/generic/nsObjectFrame.h:297
4 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
5 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
6 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
7 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
8 	nsDisplayScrollLayer::BuildLayer 	layout/base/nsDisplayList.cpp:2198
9 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
10 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
11 	nsDisplayOwnLayer::BuildLayer 	layout/base/nsDisplayList.cpp:2069
12 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
13 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
14 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
15 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
16 	nsDisplayList::PaintForFrame 	layout/base/nsDisplayList.cpp:615
17 	nsDisplayList::PaintRoot 	layout/base/nsDisplayList.cpp:551
18 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1786
19 	PresShell::Paint 	layout/base/nsPresShell.cpp:5290
20 	nsViewManager::Refresh 	view/src/nsViewManager.cpp:339
21 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:763
22 	HandleEvent 	view/src/nsView.cpp:127

More reports at:
Comment 1 User image Robert Kaiser 2012-10-08 08:34:36 PDT
Now that we have solved the CM10 crash stuff, this is the #1 top crasher on (Aurora) 17 for Android.
Comment 2 User image Scoobidiver (away) 2012-10-08 08:48:41 PDT
(In reply to Robert Kaiser ( from comment #1)
> this is the #1 top crasher on (Aurora) 17 for Android.
... with many dupes.
Comment 3 User image Alex Keybl [:akeybl] 2012-10-08 15:58:40 PDT
(In reply to Scoobidiver from comment #2)
> (In reply to Robert Kaiser ( from comment #1)
> > this is the #1 top crasher on (Aurora) 17 for Android.
> ... with many dupes.

Before tracking, I'd like to make sure that more than one user is seeing this issue. Thanks for clarifying Scoobidiver.
Comment 4 User image Scoobidiver (away) 2012-10-11 02:06:43 PDT
From 19.0a1/20121009, every crash signatures on Linux have a Windows look.
For this bug, more reports at:
Comment 5 User image Scoobidiver (away) 2012-10-12 01:52:33 PDT
It's #1 top crasher on 17.0b1 with some dupes.
Comment 6 User image Lukas Blakk [:lsblakk] use ?needinfo 2012-10-12 15:18:33 PDT
Not sure if this has to do with the outage right now, but I don't see any crashes here (in fact, only 9 total) so let's see if that's still true post-outage
Comment 7 User image Scoobidiver (away) 2012-10-12 15:23:20 PDT
(In reply to Lukas Blakk [:lsblakk] from comment #6)
> browser
This view is updated once a day while is updated continuously.
Comment 8 User image Lukas Blakk [:lsblakk] use ?needinfo 2012-10-15 15:40:53 PDT
It's the # topcrasher right now, lots of duplicate crash reports make me think this is a very reproducible bug.  Passing this on to James for now since it looks to be a regression from bug 687267 flash support.
Comment 9 User image Lukas Blakk [:lsblakk] use ?needinfo 2012-10-23 17:28:37 PDT
#3 topcrasher - sent email to Brad and James to find out where we're at with this.
Comment 10 User image James Willcox (:snorp) ( 2012-10-25 08:54:13 PDT
Created attachment 675144 [details] [diff] [review]
Guard against null plugin instance on Android
Comment 11 User image James Willcox (:snorp) ( 2012-10-26 10:51:09 PDT
Comment 12 User image Ryan VanderMeulen [:RyanVM] 2012-10-26 19:09:45 PDT
Comment 13 User image Lukas Blakk [:lsblakk] use ?needinfo 2012-10-29 10:19:17 PDT
Is this a safe enough fix to nominate for branch uplift?  We can still take a speculative fix for tomorrow's Beta 4.
Comment 14 User image James Willcox (:snorp) ( 2012-10-29 23:09:02 PDT
Comment on attachment 675144 [details] [diff] [review]
Guard against null plugin instance on Android

[Approval Request Comment]
Low risk patch, fixes a top crasher

Note You need to log in before you can comment on or make changes to this bug.