Note: There are a few cases of duplicates in user autocompletion which are being worked on.

crash in nsNPAPIPluginInstance::CreateSharedHandle on Honeycomb and above

RESOLVED FIXED in Firefox 17

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: Scoobidiver (away), Assigned: snorp)

Tracking

({crash, topcrash})

Trunk
mozilla19
ARM
Android
crash, topcrash
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(firefox17+ fixed, firefox18 fixed, fennec17+)

Details

(Whiteboard: [native-crash], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
It has been hit by one user in 17.0a1/20120721041038 and 17.0a1/20120725030556, each time after bug 687267 landed on m-c.

Signature 	nsNPAPIPluginInstance::CreateSharedHandle More Reports Search
UUID	678911b3-3080-4481-982e-63a2d2120725
Date Processed	2012-07-25 19:06:20
Uptime	41
Last Crash	48 seconds before submission
Install Age	7.5 minutes since version was first installed.
Install Time	2012-07-25 18:58:06
Product	FennecAndroid
Version	17.0a1
Build ID	20120725030556
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Fri Dec 9 16:44:21 KST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x24
App Notes 	
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra -- OpenGL ES 2.0 -- Model: GT-P7510, Product: GT-P7510, Manufacturer: samsung, Hardware: p3'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ 
samsung GT-P7510
samsung/GT-P7510/GT-P7510:3.2/HTJ85B/UEKMP:user/release-keys
EMCheckCompatibility	True
Adapter Vendor ID	NVIDIA Corporation
Adapter Device ID	NVIDIA Tegra

Frame 	Module 	Signature 	Source
0 	libxul.so 	nsNPAPIPluginInstance::CreateSharedHandle 	xpcom/base/nsAutoPtr.h:1003
1 	libxul.so 	nsPluginInstanceOwner::GetImageContainer 	dom/plugins/base/nsPluginInstanceOwner.cpp:185
2 	libxul.so 	nsObjectFrame::BuildLayer 	layout/generic/nsObjectFrame.cpp:1607
3 	libxul.so 	nsDisplayPlugin::BuildLayer 	layout/generic/nsObjectFrame.h:297
4 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
5 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
6 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
7 	libxul.so 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
8 	libxul.so 	nsDisplayScrollLayer::BuildLayer 	layout/base/nsDisplayList.cpp:2198
9 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
10 	libxul.so 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
11 	libxul.so 	nsDisplayOwnLayer::BuildLayer 	layout/base/nsDisplayList.cpp:2069
12 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1768
13 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
14 	libxul.so 	mozilla::::ContainerState::ProcessDisplayItems 	layout/base/FrameLayerBuilder.cpp:1713
15 	libxul.so 	mozilla::FrameLayerBuilder::BuildContainerLayerFor 	layout/base/FrameLayerBuilder.cpp:2332
16 	libxul.so 	nsDisplayList::PaintForFrame 	layout/base/nsDisplayList.cpp:615
17 	libxul.so 	nsDisplayList::PaintRoot 	layout/base/nsDisplayList.cpp:551
18 	libxul.so 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1786
19 	libxul.so 	PresShell::Paint 	layout/base/nsPresShell.cpp:5290
20 	libxul.so 	nsViewManager::Refresh 	view/src/nsViewManager.cpp:339
21 	libxul.so 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:763
22 	libxul.so 	HandleEvent 	view/src/nsView.cpp:127
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsNPAPIPluginInstance%3A%3ACreateSharedHandle

Comment 1

5 years ago
Now that we have solved the CM10 crash stuff, this is the #1 top crasher on (Aurora) 17 for Android.
tracking-firefox17: --- → ?
(Reporter)

Comment 2

5 years ago
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> this is the #1 top crasher on (Aurora) 17 for Android.
... with many dupes.

Comment 3

5 years ago
(In reply to Scoobidiver from comment #2)
> (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> > this is the #1 top crasher on (Aurora) 17 for Android.
> ... with many dupes.

Before tracking, I'd like to make sure that more than one user is seeing this issue. Thanks for clarifying Scoobidiver.
(Reporter)

Comment 4

5 years ago
From 19.0a1/20121009, every crash signatures on Linux have a Windows look.
For this bug, more reports at: https://crash-stats.mozilla.com/report/list?signature=nsNPAPIPluginInstance%3A%3ACreateSharedHandle%28%29
Crash Signature: [@ nsNPAPIPluginInstance::CreateSharedHandle] → [@ nsNPAPIPluginInstance::CreateSharedHandle] [@ nsNPAPIPluginInstance::CreateSharedHandle()]
(Reporter)

Comment 5

5 years ago
It's #1 top crasher on 17.0b1 with some dupes.
Keywords: topcrash
Summary: crash in nsNPAPIPluginInstance::CreateSharedHandle on Honeycomb → crash in nsNPAPIPluginInstance::CreateSharedHandle on Honeycomb and above
Not sure if this has to do with the outage right now, but I don't see any crashes here (in fact, only 9 total) so let's see if that's still true post-outage

https://crash-stats.mozilla.com/topcrasher/byversion/FennecAndroid/17.0b1/14/browser
(Reporter)

Comment 7

5 years ago
(In reply to Lukas Blakk [:lsblakk] from comment #6)
> https://crash-stats.mozilla.com/topcrasher/byversion/FennecAndroid/17.0b1/14/
> browser
This view is updated once a day while https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=FennecAndroid%3A17.0b1&do_query=1 is updated continuously.
(Reporter)

Updated

5 years ago
tracking-fennec: --- → ?
It's the # topcrasher right now, lots of duplicate crash reports make me think this is a very reproducible bug.  Passing this on to James for now since it looks to be a regression from bug 687267 flash support.
Assignee: nobody → snorp
status-firefox17: --- → affected
status-firefox18: --- → affected
status-firefox19: --- → affected
tracking-firefox17: ? → +
tracking-fennec: ? → 17+
#3 topcrasher - sent email to Brad and James to find out where we're at with this.
Created attachment 675144 [details] [diff] [review]
Guard against null plugin instance on Android
Attachment #675144 - Flags: review?(blassey.bugs)
Attachment #675144 - Flags: review?(blassey.bugs) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e5ac0909f057
https://hg.mozilla.org/mozilla-central/rev/e5ac0909f057
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
(Reporter)

Updated

5 years ago
status-firefox19: affected → ---
Is this a safe enough fix to nominate for branch uplift?  We can still take a speculative fix for tomorrow's Beta 4.
Comment on attachment 675144 [details] [diff] [review]
Guard against null plugin instance on Android

[Approval Request Comment]
Low risk patch, fixes a top crasher
Attachment #675144 - Flags: approval-mozilla-beta?
Attachment #675144 - Flags: approval-mozilla-aurora?
Attachment #675144 - Flags: approval-mozilla-beta?
Attachment #675144 - Flags: approval-mozilla-beta+
Attachment #675144 - Flags: approval-mozilla-aurora?
Attachment #675144 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/1ea0c1cf9d2a
https://hg.mozilla.org/releases/mozilla-beta/rev/5c16cf77238e
status-firefox17: affected → fixed
status-firefox18: affected → fixed
You need to log in before you can comment on or make changes to this bug.