Closed
Bug 816445
Opened 12 years ago
Closed 11 years ago
crash in nsNPAPIPluginInstance::SetWindow @ SetOrigin with DivX plugin
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox18+ fixed)
RESOLVED
FIXED
People
(Reporter: scoobidiver, Assigned: spohl)
References
Details
(Keywords: crash, reproducible)
Crash Data
It's currently #6 top crasher in 18.0b1 on Mac OS X. Signature SetOrigin More Reports Search UUID bf9c0650-b24c-4774-8d5b-ef7902121129 Date Processed 2012-11-29 02:41:28 Uptime 218 Last Crash more than 3 months before submission Install Age 1.1 days since version was first installed. Install Time 2012-11-28 01:33:34 Product Firefox Version 18.0 Build ID 20121121075611 Release Channel beta OS Mac OS X OS Version 10.6.8 10K549 Build Architecture x86 Build Architecture Info family 6 model 23 stepping 10 Crash Reason EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE Crash Address 0x44c61854 App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x 8a4GL Context? GL Context+ GL Layers? GL Layers+ Processor Notes /data/socorro/stackwalk/bin/exploitable: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID 0x10de Adapter Device ID 0x 8a4 Frame Module Signature Source 0 QD SetOrigin 1 DivXBrowserPlugin DivXBrowserPlugin@0x6457d 2 DivXBrowserPlugin DivXBrowserPlugin@0x60b75 3 DivXBrowserPlugin DivXBrowserPlugin@0x15cac 4 DivXBrowserPlugin DivXBrowserPlugin@0x259e 5 DivXBrowserPlugin DivXBrowserPlugin@0x80cb 6 DivXBrowserPlugin DivXBrowserPlugin@0x8449 7 XUL nsNPAPIPluginInstance::SetWindow dom/plugins/base/nsNPAPIPluginInstance.cpp:578 8 XUL nsNPAPIPluginInstance::GetIsOOP xpcom/base/nsAutoPtr.h:898 9 XUL nsPluginNativeWindow::CallSetWindow dom/plugins/base/nsPluginNativeWindow.h:65 10 XUL nsObjectFrame::CallSetWindow layout/generic/nsObjectFrame.cpp:741 11 XUL nsChildView::QueryInterface widget/cocoa/nsChildView.mm:261 12 XUL nsChildView::GetNativeData widget/cocoa/nsChildView.mm:470 13 XUL nsObjectFrame::CallSetWindow layout/generic/nsObjectFrame.cpp:682 14 libmozglue.dylib double_conversion::Bignum::MultiplyByUInt64 mfbt/double-conversion/bignum.cc:286 15 XUL nsPluginInstanceOwner::CallSetWindow dom/plugins/base/nsPluginInstanceOwner.cpp:3691 16 XUL nsPluginHost::InstantiateEmbeddedPluginInstance dom/plugins/base/nsPluginHost.cpp:1039 17 CoreFoundation CFRunLoopRunSpecific More reports at: https://crash-stats.mozilla.com/report/list?signature=SetOrigin
|
||
Comment 1•12 years ago
|
||
There are a whole bunch of these in the 20121121075611 build of FF 18 on 2012-11-26 through 2012-11-29 (today). Any chance these are all from the same person?
|
Reporter | |
Comment 2•12 years ago
|
||
(In reply to Steven Michaud from comment #1) > There are a whole bunch of these in the 20121121075611 build of FF 18 on > 2012-11-26 through 2012-11-29 (today). Any chance these are all from the > same person? It has been hit by six users in 18.0b1 (different install times).
|
||
Updated•12 years ago
|
|
|
||
Comment 3•12 years ago
|
||
Hopefully QA can get some URLs and try to reproduce.
|
||
Comment 4•12 years ago
|
||
I tried to reproduce this crash on: - Mac OS X 10.6.8 - Mac OS X 10.7.5 - Mac OS X 10.8 For every OS I installed DivX plugins: - DivX Plus Web Player 2.2 - DivX VOD Helper Plug-in 1.1 Tested on Firefox 18.0 Beta 1 and then for Firefox 18.0 Beta 2 for several sites that use movies in with DivX player. Tried also maps.google.com using MapsGL, facebook, youtube. No crashes occurred for any of this instances. Anything I could help here? Any idea of another plugin or configuration that could produce this?
|
||
Comment 5•12 years ago
|
||
URLs for this with a count higher than 1 (can give you the others as well if needed): 5 http://www.speedmax.fr/voitures.php?type=22&marque=6&mod=7 4 about:blank 3 http://180upload.com/3llrej6k93l2 2 http://www.speedmax.fr/voitures.php?type=27&marque=5&mod=7 2 http://www.zalaa.com/31oxykecehf8/sparks-sng-xvid.avi.htm 2 http://sharebees.com/5sbceugdi268 Note that those (except about:blank) all seem to be movie downloads (as expected with a DivX plugin) so there might be unappropriate or illegal content in there.
|
||
Comment 6•12 years ago
|
||
(In reply to Virgil Dicu [:virgil] [QA] from comment #4) > I tried to reproduce this crash on: > - Mac OS X 10.6.8 > - Mac OS X 10.7.5 > - Mac OS X 10.8 > For every OS I installed DivX plugins: > - DivX Plus Web Player 2.2 > - DivX VOD Helper Plug-in 1.1 > > Tested on Firefox 18.0 Beta 1 and then for Firefox 18.0 Beta 2 for several > sites that use movies in with DivX player. > Tried also maps.google.com using MapsGL, facebook, youtube. > No crashes occurred for any of this instances. > > Anything I could help here? Any idea of another plugin or configuration that > could produce this? Virgil - can you try reproducing using the URLs in comment 5?
Assignee: nobody → smichaud
QA Contact: virgil.dicu
|
|
||
Comment 7•12 years ago
|
||
I tried the URL's from comment 5 on: - Mac OS X 10.6.8 - Mac OS X 10.7.5 - Mac OS X 10.8 For every OS I installed DivX plugin: - DivX Plus Web Player HTML 2.1.2.145 Could not reproduce this crash while dogfooding on the URL's provided, for Firefox 18.0 beta 1. I opened the URL's multiple tabs, refreshed them, let the videos play for a long time, use the players buttons...
|
Assignee | |
Updated•12 years ago
|
Assignee: smichaud → spohl.mozilla.bugs
|
|
||
Comment 8•12 years ago
|
||
Still hovering at around #8 in the Mac crash report. We haven't been able to reproduce, so we're looking for other avenues to investigate. Has anybody had the chance to look at possibly related code changes in the FF18 timeframe, given the fact that this signature isn't showing up on the 17 top crash list?
|
|
||
Comment 9•12 years ago
|
||
It'd be worthwhile for someone to compare the debug IDs from the crash reports to those for recent versions of the DivX plugin. With luck we may find that these crashes don't happen with the most recent version (or versions) of DivX. Then we can do as we're doing for bug 816442 -- blocklist the versions that crash.
|
|
Assignee | |
Comment 10•12 years ago
|
||
I'll compare the debug IDs. It seems like this might be the other way around though: The latest version of the DivX plugin seems to have been released on 11/16/2012, which seems to coincide with the recent spike in crashes.
|
|
Assignee | |
Comment 11•12 years ago
|
||
See: http://blog.divx.com/2012/11/16/introducing-divx-plus-software-9/
|
|
Assignee | |
Comment 12•12 years ago
|
||
I was able to reproduce! This happens with an older DivX browser Plugin. It is still available here: http://mac.oldapps.com/divx.php?old_divx=1138 The crash occurs when trying to play back an embedded DivX video. When accessing a page with this older plugin, the browser prompts to restart in 32-bit mode (most likely since the plugin at the time was only available in 32-bit). The crash occurs immediately after restart of the browser. The debug ID of the plugin matches the one in this (and other) reports. I haven't had time to look into this yet, but frame 14 in the call stack above seems suspicious for a process in 32-bit mode: 14 libmozglue.dylib double_conversion::Bignum::MultiplyByUInt64 mfbt/double-conversion/bignum.cc:286 Should we blocklist?
|
|
||
Comment 13•12 years ago
|
||
Does even the latest DivX plugin work properly? If even it forces a restart in 32-bit mode, I'd say it really isn't working properly. (And notice that all the crashes reported at Socorro are in 32-bit mode.) But 816442 also involved forcing a restart in 32-bit mode. We still technically support doing this (restarting in 32-bit mode). And we needed to do it for Carbon-event-mode plugins. But Carbon event mode is about to be desupported (in FF 19) -- see bug 598397.
|
|
||
Comment 14•12 years ago
|
||
> But 816442 Bug 816442.
|
|
Assignee | |
Comment 15•12 years ago
|
||
Starting with DivX 7.2 (released 12 July, 2010), this doesn't seem to be an issue anymore because a restart in 32-bit mode is no longer required. DivX 9 seems to be the latest version and doesn't crash either.
|
|
||
Comment 16•12 years ago
|
||
Blocklist away! :-)
|
|
Reporter | |
Updated•12 years ago
|
Keywords: qawanted → reproducible
|
|
||
Comment 17•12 years ago
|
||
I'm late to the party, but great work guys :)
|
|
Reporter | |
Comment 18•11 years ago
|
||
Since the landing of bug 821972, there's only one crash in 18.0b7 with the DivX plugin: bp-36d8c805-784d-4bcd-a695-e24002130107.
Keywords: topcrash
|
|
Assignee | |
Comment 19•11 years ago
|
||
Marking this as fixed per comment 18. Please reopen if this crash still occurs.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•