Closed
Bug 816442
Opened 12 years ago
Closed 12 years ago
crash in nsNPAPIPluginStreamListener::OnStartBinding @ QuickTime with Flip4Mac
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox17 unaffected, firefox18+ affected)
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox17 | --- | unaffected |
firefox18 | + | affected |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, topcrash, Whiteboard: [startupcrash])
Crash Data
It's #1 top crasher in 18.0b1 on Mac.
It first showed up in 18.0a1/20120912085832. The regression range might be:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=96287ad60bef&tochange=d260fcec71ce
Signature GetPixBaseAddr More Reports Search
UUID 7a4b6f12-7d2a-43d6-9aa6-e8ad62121128
Date Processed 2012-11-28 13:21:37
Uptime 8
Last Crash 18.6 minutes before submission
Install Age 18.9 minutes since version was first installed.
Install Time 2012-11-28 13:02:36
Product Firefox
Version 18.0
Build ID 20121121075611
Release Channel beta
OS Mac OS X
OS Version 10.7.5 11G63
Build Architecture x86
Build Architecture Info family 6 model 15 stepping 6
Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address 0xffffffffa0600f2f
App Notes
AdapterVendorID: 0x10de, AdapterDeviceID: 0x 393GL Context? GL Context+ GL Layers? GL Layers+
EMCheckCompatibility True
Adapter Vendor ID 0x10de
Adapter Device ID 0x 393
Frame Module Signature Source
0 QD GetPixBaseAddr
1 QuickTimeComponents QuickTimeComponents@0x601316
2 QuickTimeComponents QuickTimeComponents@0x606020
3 CarbonCore CarbonCore@0x424fd
4 CarbonCore CarbonCore@0xf143c
5 CarbonCore CarbonCore@0xf147c
6 QuickTimeComponents QuickTimeComponents@0x5fd7d5
7 CarbonCore CarbonCore@0x67414
8 CarbonCore CarbonCore@0x6745d
9 QuickTime QuickTime@0x4d3df
10 QuickTime QuickTime@0x4d2f4
11 QuickTime QuickTime@0x2f267
12 QuickTime QuickTime@0x2db2c
13 QuickTime QuickTime@0x336ae
14 Flip4Mac WMV Plugin Flip4Mac WMV Plugin@0x599e
15 Flip4Mac WMV Plugin Flip4Mac WMV Plugin@0x7459
16 XUL nsNPAPIPluginStreamListener::OnStartBinding dom/plugins/base/nsNPAPIPluginStreamListener.cpp:323
17 XUL CMMFRandTemplate
18 XUL nsHttp::ResolveAtom Mutex.h:83
19 XUL nsNPAPIPluginStreamListener::OnStartBinding dom/plugins/base/nsNPAPIPluginStreamListener.cpp:285
20 XUL CMMFRandTemplate
21 XUL nsRuleNode::GetStyleData layout/style/nsRuleNode.h:142
22 XUL nsPluginStreamListenerPeer::SetUpStreamListener dom/plugins/base/nsPluginStreamListenerPeer.cpp:1080
23 XUL nsPluginStreamListenerPeer::SetUpStreamListener dom/plugins/base/nsPluginStreamListenerPeer.cpp:1192
24 XUL _ZN7mozilla3cssL11kCharsetSymE
25 Flip4Mac WMV Plugin Flip4Mac WMV Plugin@0x72f2
26 libmozglue.dylib double_conversion::BignumDtoa mfbt/double-conversion/bignum-dtoa.cc:619
27 XUL CMMFRandTemplate
28 libsystem_c.dylib libsystem_c.dylib@0xb1922
29 XUL RDFServiceImpl::GetAnonymousResource::gChars
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=GetPixBaseAddr
Reporter | ||
Updated•12 years ago
|
Crash Signature: [@ GetPixBaseAddr] → [@ GetPixBaseAddr]
[@ QD@0x188fe]
[@ RegisterDrawingNotification]
[@ QuickTime@0x3d24a]
[@ QuickTime@0x2f443]
Summary: crash in nsNPAPIPluginStreamListener::OnStartBinding @ GetPixBaseAddr with Flip4Mac → crash in nsNPAPIPluginStreamListener::OnStartBinding @ QuickTime with Flip4Mac
Comment 1•12 years ago
|
||
I found one in the 20120906030518 build (bp-4b424e6e-eaf8-4a53-a84e-2f0d42121113). And in any case there seem to be too few of these to reliably establish a regression range.
One odd thing: These appear all to be crashes in the main process, in 32-bit mode. But on OS X 10.6 and up we default to running all plugins out-of-process, and of course we default to running in 64-bit mode.
Comment 2•12 years ago
|
||
I can't find any of these dated earlier than 2012-11-26. So I'll bet we're dealing with a new version of Flip4Mac.
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to Steven Michaud from comment #1)
> One odd thing: These appear all to be crashes in the main process, in
> 32-bit mode. But on OS X 10.6 and up we default to running all plugins
> out-of-process, and of course we default to running in 64-bit mode.
Some comments say:
"caltran video. Crashed when going to the 32 bit mode"
"Trying to open a page with a 32-bit plugin."
"Tried to use this: <embed src="piano.mp3" type="application/x-mplayer2" autostart="true" playcount="true" loop="true" height="0" width="0"> FF asked to restart in 32bit mode, which I let it do, then it crashed on loading the page."
(In reply to Steven Michaud from comment #2)
> I can't find any of these dated earlier than 2012-11-26.
There are plenty of crashes before, some on September 14th.
> So I'll bet we're dealing with a new version of Flip4Mac.
Firefox 17 is unaffected so it's a regression in the Firefox code.
Comment 4•12 years ago
|
||
> There are plenty of crashes before, some on September 14th.
Please list some examples.
Reporter | ||
Comment 5•12 years ago
|
||
(In reply to Steven Michaud from comment #4)
> > There are plenty of crashes before, some on September 14th
> Please list some examples.
Here are those before October 30th:
https://crash-stats.mozilla.com/report/list?query_search=signature&date=2012-10-30&range_value=4&range_unit=weeks&signature=GetPixBaseAddr
https://crash-stats.mozilla.com/report/list?query_search=signature&date=2012-10-30&range_value=4&range_unit=weeks&signature=QD%400x188fe
https://crash-stats.mozilla.com/report/list?query_search=signature&date=2012-10-30&range_value=4&range_unit=weeks&signature=RegisterDrawingNotification
https://crash-stats.mozilla.com/report/list?query_search=signature&date=2012-10-30&range_value=4&range_unit=weeks&signature=QuickTime%400x2f443
Comment 6•12 years ago
|
||
OK, thanks. I stand corrected.
Comment 7•12 years ago
|
||
> "Tried to use this: <embed src="piano.mp3"
> type="application/x-mplayer2" autostart="true" playcount="true"
> loop="true" height="0" width="0"> FF asked to restart in 32bit mode,
> which I let it do, then it crashed on loading the page."
This is interesting, and may provide a clue.
Odd, though, that we prompt the user to restart in 32-bit mode. I
thought we only did this for plugins that use the Carbon event model.
I also though there no plugins left with significant market share that
did this (see bug 598397).
If it does turn out that Flip4Mac still uses the Carbon event model
even in its most recent versions, we may need to consider explicitly
dropping support for it.
Comment 8•12 years ago
|
||
Since this is a topcrasher, and therefore fairly urgent, I should probably deal with it. But I won't be the least bit sorry if someone else beats me to it.
The first thing to do is to establish whether or not FF prompts to restart in 32-bit mode even with the most recent versions of Flip4Mac, and figure out why.
Assignee: nobody → smichaud
Comment 9•12 years ago
|
||
bug 766886 landed recently and touched this code on 18+
Comment 10•12 years ago
|
||
These crashes happen in builds that don't have that patch.
Updated•12 years ago
|
Comment 11•12 years ago
|
||
Flip4Mac actually has two current versions: 2.4.4 for OS X 10.5 and 10.6, and 3.0 for OS X 10.7 and 10.8. (http://www.telestream.net/flip4mac/overview.htm)
Version 2.4.4 still uses the QuickTime plugin (as have previous versions of Flip4Mac). But version 3.0 doesn't.
Testing on OS X 10.7.5 with current mozilla-central code, I find that both use CoreAnimation, and work just fine with the few examples I've found (for example http://www.wickham43.net/videoexamplewmp.php). Neither version requests/forces a restart in 32-bit mode.
Comment 12•12 years ago
|
||
QuickTime 7.7.1 (the current version on OS X 10.7.5) also uses CoreAnimation, and also works just fine (with current mozilla-central code).
The following mp3 movie still loads in QuickTime, even when Flip3Mac has been installed and its default settings haven't been altered:
http://fhuhs.org/fhuhs/dynamic/quicktime-examples/
Comment 13•12 years ago
|
||
The examples from comment #11 and comment #12 also work fine in FF 18.0b2, with either version of Flip4Mac (still testing on OS X 10.7.5).
Comment 14•12 years ago
|
||
This bug will probably be intractable until we can find a way to reproduce it.
I suspect we can just add a relnote telling people who use Flip4Mac to make sure they've upgraded to the most recent version appropriate to their version of OS X.
Reporter | ||
Comment 15•12 years ago
|
||
Here is the breakdown by debug identifier on December 1st:
100% (19/19) vs. 15% (75/505) Flip4Mac WMV Plugin
16% (3/19) vs. 2% (9/505) 090F01C24E79421E4FA7EFBF0E5B50930
21% (4/19) vs. 1% (4/505) 0C0E8EEDE2516E9466C57CA8EAA711E30
21% (4/19) vs. 1% (7/505) 4D5979077C481F79317D4F2C859671E40
37% (7/19) vs. 7% (35/505) B41C15F21AD40A763659C1A4324AD7560
5% (1/19) vs. 1% (3/505) F0F119FC17AE8C721045E05990D23F450
(In reply to Steven Michaud from comment #14)
> I suspect we can just add a relnote telling people who use Flip4Mac to make
> sure they've upgraded to the most recent version appropriate to their
> version of OS X.
If you are sure it happens only with old Flip4Mac versions, you should blocklist it.
Comment 16•12 years ago
|
||
But right now we don't really know *which* versions to blocklist.
I suppose we could get that information from the debug IDs you list, but it will be very painful: We'd need to run dump_syms on different versions of Flip4Mac, and I'm not sure older versions are still available to be downloaded.
Comment 17•12 years ago
|
||
For what it's worth, here are debug IDs for the current versions:
Flip4Mac 2.4.4.2's Debug IDs for "Flip4Mac WMV Plugin" binary:
i386 CD3E5781F809A4A3457735B123CBDD160
x86_64 8D1013A4324D4692232740B78A147BE40
Flip4Mac 3.0's Debug IDs for "Flip4Mac WMV Plugin" binary:
i386 FCCBCFA0033F346C94E06B3F7EC433140
x86_64 8659463426CD3E3387E0A78D6E68195F0
Comment 18•12 years ago
|
||
> Flip4Mac 3.0's Debug IDs for "Flip4Mac WMV Plugin" binary:
The full version number (from Info.plist) is 3.0.0.126.
Comment 19•12 years ago
|
||
> You can get earlier version of Flip4Mac by requesting them from support.
> http://www.telestream.net/telestream-support/flip4mac-wmv/contact-support.htm
http://forum.telestream.net/forum/messageview.aspx?catid=9&threadid=9383
So it'll be like pulling teeth :-(
Comment 20•12 years ago
|
||
(In reply to Steven Michaud from comment #19)
> > You can get earlier version of Flip4Mac by requesting them from support.
> > http://www.telestream.net/telestream-support/flip4mac-wmv/contact-support.htm
>
> http://forum.telestream.net/forum/messageview.aspx?catid=9&threadid=9383
>
> So it'll be like pulling teeth :-(
Can we make an in-product change that reports the full version number alongside the crash in appnotes?
Comment 21•12 years ago
|
||
(In reply to comment #20)
That'd be difficult, because Breakpad doesn't actually get (or report) the full version number. Instead it uses dump_syms (or code therefrom) to generate a "debug ID" for each loaded module. It's possible (in principal) to deduce version numbers by comparing a crash-dump's debug IDs to ones generated from modules whose version is known. But this is laborious, and is sometimes impossible (when old versions aren't available for testing).
You could argue that Breakpad should get the true version number from the Info.plist file of every module that's a plugin bundle's executable. But this would (I suspect) significantly complicate Breakpad's code.
Comment 22•12 years ago
|
||
> You could argue that Breakpad should get the true version number
> from the Info.plist file of every module that's a plugin bundle's
> executable. ...
This needs rephrasing:
You could argue that Breakpad should get the true version number (from
the plugin bundle's Info.plist file) for every module that's a plugin
bundle's executable. (If the module is a plugin bundle's executable,
the bundle's Info.plist file will be in a known location relative to
the module's location.) ...
Comment 23•12 years ago
|
||
I promised this same thing to Adobe at our most recent meeting, and it's now filed as bug 818664.
Comment 24•12 years ago
|
||
See https://crash-stats.mozilla.com/topcrasher/byos/Firefox/18.0b3/Mac%20OS%20X/7/browser - the GetPixBaseAddr signature remains #1 on 18.0b3 for the Mac-only list, any chance we get some progress here?
Comment 25•12 years ago
|
||
> any chance we get some progress here?
I doubt it. These crashes aren't reproducible.
However it does appear they don't happen with the latest versions of Flip4Mac. So we should probably follow Scoobidiver's suggestion to blocklist older versions. Which means that someone (not me) will need to figure out which versions to blocklist.
Assignee: smichaud → nobody
Reporter | ||
Comment 26•12 years ago
|
||
There are no crashes in 18.0b7 because of bug 821422.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 27•12 years ago
|
||
A few crashes have happened recently: https://crash-stats.mozilla.com/report/list?signature=GetPixBaseAddr
Comment 28•12 years ago
|
||
I looked at the "debug ID" for "Flip4Mac WMV Plugin" in four of these reports, and none of them matched any of the debug IDs from comment #17.
Maybe we should block any versions < 2.4.4.2, instead of < 2.4.4 (as per bug 821442 comment #0).
Reporter | ||
Comment 29•12 years ago
|
||
With combined signatures, it's #3 top browser crasher in 18.0 on Mac OS X.
Here are recent correlations per Flip4Mac debug identifier:
GetPixBaseAddr|EXC_BAD_ACCESS / KERN_INVALID_ADDRESS (15 crashes)
100% (15/15) vs. 3% (61/2285) Flip4Mac WMV Plugin
27% (4/15) vs. 0% (4/2285) 090F01C24E79421E4FA7EFBF0E5B50930
7% (1/15) vs. 0% (1/2285) 0C0E8EEDE2516E9466C57CA8EAA711E30
7% (1/15) vs. 0% (2/2285) 391C77A6CFE279CF9FD3FC83F52DC0010
7% (1/15) vs. 0% (5/2285) 4D5979077C481F79317D4F2C859671E40
13% (2/15) vs. 0% (7/2285) A0DDA63958EF49676194F7D204F966300
13% (2/15) vs. 0% (5/2285) AEE0C383ED2349E932E85B101544CB560
13% (2/15) vs. 1% (21/2285) B41C15F21AD40A763659C1A4324AD7560
7% (1/15) vs. 0% (5/2285) C7016A412437429BCB52261848B5BAE10
7% (1/15) vs. 0% (6/2285) F0F119FC17AE8C721045E05990D23F450
RegisterDrawingNotification|EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE (10 crashes)
100% (10/10) vs. 3% (61/2285) Flip4Mac WMV Plugin
10% (1/10) vs. 0% (2/2285) 4C8E04D0C3FD4451EA7261FEA1E490760
10% (1/10) vs. 0% (5/2285) 4D5979077C481F79317D4F2C859671E40
20% (2/10) vs. 0% (5/2285) AEE0C383ED2349E932E85B101544CB560
30% (3/10) vs. 1% (21/2285) B41C15F21AD40A763659C1A4324AD7560
20% (2/10) vs. 0% (5/2285) C7016A412437429BCB52261848B5BAE10
0% (0/10) vs. 0% (1/2285) CCC04D27D28E3EC02B710B756CD0B0F50
10% (1/10) vs. 0% (6/2285) F0F119FC17AE8C721045E05990D23F450
There are not enough blocklisted Flip4Mac versions.
Keywords: topcrash
Comment 30•12 years ago
|
||
(Following up comment #29)
Once again, none of these debug IDs match those from comment #17.
> There are not enough blocklisted Flip4Mac versions.
I agree.
Reporter | ||
Comment 31•12 years ago
|
||
Oddly (maybe a forced Flip4Mac update or a code change), there are no crashes in 19.0 and above.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → WORKSFORME
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•