Closed
Bug 849613
Opened 11 years ago
Closed 11 years ago
crash in mozilla::Selection::Extend with Java plugin
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Tracking
(firefox20 unaffected, firefox21 affected)
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox20 | --- | unaffected |
firefox21 | --- | affected |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [closeme 2013-05-01])
Crash Data
It first showed up in 21.0a2/20130224 and is currently #7 top crasher in 21.0a2 on Mac OS X. It might be bug 839750. Signature mozalloc_abort(char const*) | NS_DebugBreak_P | mozilla::Selection::Extend(nsINode*, int) More Reports Search UUID eb66176d-18a8-4ff1-8291-f8b742130310 Date Processed 2013-03-10 09:29:19 Process Type plugin Java-appletplugin Version:14.6.1 Filename: JavaAppletPlugin.plugin Uptime 32 Install Age 1.6 days since version was first installed. Install Time 2013-03-08 19:55:13 Product Firefox Version 21.0a2 Build ID 20130308042013 Release Channel aurora OS Mac OS X OS Version 10.8.2 12C60 Build Architecture amd64 Build Architecture Info family 6 model 23 stepping 6 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0x0 App Notes AdapterVendorID: 0x10de, AdapterDeviceID: 0x 863GL Context? GL Context+ GL Layers? GL Layers+ Processor Notes sp-processor03.phx1.mozilla.com_9903:2008; MDSW emitted too many frames, triggering truncation; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID 0x10de Adapter Device ID 0x 863 Frame Module Signature Source 0 libmozalloc.dylib mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:30 1 XUL NS_DebugBreak_P xpcom/base/nsDebugImpl.cpp:379 2 XUL mozilla::Selection::Extend layout/generic/nsSelection.cpp:4749 3 libdyld.dylib LockHelper::~LockHelper 4 libsystem_c.dylib __vfprintf 5 libdyld.dylib dyld_stub_binder_ 6 XUL _ZZL11toHexStringPKhjR19nsACString_internalE6digits 7 libmozglue.dylib arena_malloc jemalloc.c:1714 8 libmozglue.dylib je_malloc jemalloc.c:4239 9 libsystem_c.dylib malloc_zone_malloc 10 libsystem_c.dylib malloc 11 XUL nsACString_internal::MutatePrep xpcom/string/src/nsSubstring.cpp:177 12 XUL _ZZL11toHexStringPKhjR19nsACString_internalE6digits 13 XUL nsACString_internal::ReplacePrepInternal obj-firefox/x86_64/dist/include/nsCharTraits.h:395 14 XUL _ZZL11toHexStringPKhjR19nsACString_internalE6digits 15 XUL nsACString_internal::ReplaceASCII obj-firefox/x86_64/dist/include/nsCharTraits.h:395 16 libmozglue.dylib arena_malloc jemalloc.c:1714 17 plugin-container plugin-container@0xa3 18 XUL _ZZL11toHexStringPKhjR19nsACString_internalE6digits 19 XUL mozilla::plugins::PPluginScriptableObjectChild::FatalError const obj-firefox/x86_64/ipc/ipdl/PPluginScriptableObjectChild.cpp:1252 20 XUL mozilla::plugins::PPluginScriptableObjectChild::CallGetParentProperty obj-firefox/x86_64/ipc/ipdl/PPluginScriptableObjectChild.cpp:576 21 XUL _ZZL11toHexStringPKhjR19nsACString_internalE6digits 22 XUL mozilla::plugins::PluginScriptableObjectChild::ScriptableGetProperty dom/plugins/ipc/PluginScriptableObjectChild.cpp:232 23 XUL mozilla::plugins::child::_getproperty dom/plugins/ipc/PluginModuleChild.cpp:1427 24 JavaAppletPlugin JavaAppletPlugin@0x24a8 25 JavaAppletPlugin JavaAppletPlugin@0x1fbc 26 JavaAppletPlugin JavaAppletPlugin@0x26bb 27 XUL mozilla::plugins::PluginInstanceChild::UpdateWindowAttributes dom/plugins/ipc/PluginInstanceChild.cpp:3207 28 CoreFoundation CFBasicHashFindBucket 29 XUL mozilla::plugins::PluginInstanceChild::DoAsyncSetWindow dom/plugins/ipc/PluginInstanceChild.cpp:2823 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=mozalloc_abort%28char+const*%29+|+NS_DebugBreak_P+|+mozilla%3A%3ASelection%3A%3AExtend%28nsINode*%2C+int%29
Comment 1•11 years ago
|
||
This stack is busted, mozilla::plugins::PPluginScriptableObjectChild::FatalError is the relevant frame. I think this basically the same as bug 841916, bug 841914, and bug 845735. The new java plugin on mac really sucks.
Updated•11 years ago
|
Priority: -- → P2
Comment 2•11 years ago
|
||
Let's watch the crash-stats for this to see if it got fixed by bug 831768 too.
Depends on: 831768
Whiteboard: [closeme 2013-05-01]
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•