Closed
Bug 841916
Opened 12 years ago
Closed 12 years ago
ABORT: IPDL error [PPluginScriptableObjectChild]: "Error deserializing 'Variant'"
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Assigned: gfritzsche)
References
Details
(Keywords: assertion, sec-moderate, testcase)
Attachments
(3 files)
###!!! ABORT: IPDL error [PPluginScriptableObjectChild]: "Error deserializing 'Variant'". abort()ing as a result.: file PPluginScriptableObjectChild.cpp, line 1252
###!!! ASSERTION: Cannot call AnnotateCrashReport in child processes from non-main thread.: 'Error', file toolkit/crashreporter/nsExceptionHandler.cpp, line 1490
I have the "Java Plugin" shim that comes with Mac OS X 10.8, but not Java. So the plugin is just trying to draw a "Missing Java" thing, repeatedly.
Reporter | ||
Comment 1•12 years ago
|
||
Comment 2•12 years ago
|
||
Probably the same as bug 839750, but this has a testcase.
Assignee | ||
Comment 3•12 years ago
|
||
(In reply to Jesse Ruderman from comment #0)
> Created attachment 714597 [details]
> testcase (takes about a minute)
Did you use any specific build config?
It's been running here for >15 minutes without incidents, so there must be timing or functional differences.
Assignee | ||
Updated•12 years ago
|
QA Contact: georg.fritzsche
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → georg.fritzsche
QA Contact: georg.fritzsche
Reporter | ||
Comment 4•12 years ago
|
||
I can reproduce using an empty profile and the build from https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1361281414/
Reporter | ||
Comment 5•12 years ago
|
||
I can reproduce with this one in a non-optimized, local debug build.
Assignee | ||
Updated•12 years ago
|
Priority: -- → P2
Assignee | ||
Comment 6•12 years ago
|
||
Weird, with both opt & non-opt debug build i'm only sometimes/intermittently hitting bug 841914:
###!!! [Parent][AsyncChannel] Error: Route error: message sent to unknown actor ID
###!!! [Parent][RPCChannel] Error: Route error: message sent to unknown actor ID
###!!! ASSERTION: Bad type!: 'actor->Type() == Proxy', file /Users/georg/moz/mozilla-central-2/dom/plugins/ipc/PluginScriptableObjectChild.cpp, line 63
Assignee | ||
Comment 7•12 years ago
|
||
Ok, i actually hit this once now on the non-opt debug build, but it's far from reproducible for me :(
Reporter | ||
Comment 8•12 years ago
|
||
If you want to fix bug 841914 first, that's ok with me :)
Comment 9•12 years ago
|
||
Georg, can you suggest a security rating here?
Assignee | ||
Comment 10•12 years ago
|
||
(In reply to Al Billings [:abillings] from comment #9)
> Georg, can you suggest a security rating here?
Going over the severity rating description in the wiki i'd think sec-low to sec-moderate:
Apparently a Java bug leading to a bad state in the plugin-container which should be rather hard to use in a controlled exploit.
But i am familiar with the security approaches here, so please take that with a grain of salt.
Comment 11•12 years ago
|
||
I will call it a "sec-moderate" as it doesn't seem like a low but I could be wrong.
Keywords: sec-moderate
Assignee | ||
Comment 12•12 years ago
|
||
(In reply to Georg Fritzsche [:gfritzsche] from comment #7)
> Ok, i actually hit this once now on the non-opt debug build, but it's far
> from reproducible for me :(
This is weird: While the testcase still reproduces "often", it sometimes switches to the assertion from bug 841914 for multiple consecutive runs.
Trying to add tracing seems to change the timing too much and it doesn't reproduce anymore.
There is a new trace on bug 845735 though which reproduces intermittently on try; maybe this helps out here too.
Assignee | ||
Comment 13•12 years ago
|
||
Jesse, as i understood it you were triggering this and bug 841914 consistently.
Would you mind re-checking if they still occur with bug 831768 having landed?
Reporter | ||
Comment 14•12 years ago
|
||
WFM. (I let each testcase run for a few minutes, using a Tinderbox build built from 126563fd3ba1.)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Comment 15•12 years ago
|
||
(In reply to Jesse Ruderman from comment #14)
> WFM.
Cool, thanks Jesse :)
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•7 years ago
|
Group: core-security-release
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•