Closed Bug 876270 Opened 7 years ago Closed 7 years ago

crash in mozilla::plugins::parent::_getvalue

Categories

(Core :: Plug-ins, defect)

24 Branch
ARM
Android
defect
Not set
blocker

Tracking

()

RESOLVED FIXED
mozilla24
Tracking Status
firefox23 --- unaffected
firefox24 + fixed

People

(Reporter: scoobidiver, Assigned: blassey)

References

Details

(Keywords: crash, regression, topcrash, Whiteboard: [native-crash][startupcrash])

Crash Data

Attachments

(1 file)

It first showed up in 24.0a1/20130526 with an hourly crash rate of 13 crashes/hour. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=7a2f7a45819a&tochange=0fed3377c839

Signature 	mozilla::plugins::parent::_getvalue More Reports Search
UUID	a24599ca-3340-4f17-a113-fadd52130526
Date Processed	2013-05-26 16:29:17
Uptime	74
Last Crash	1.4 minutes before submission
Install Age	12.6 minutes since version was first installed.
Install Time	2013-05-26 16:07:03
Product	FennecAndroid
Version	24.0a1
Build ID	20130526031046
Release Channel	nightly
OS	Android
OS Version	0.0.0 Linux 3.0.31-813049 #1 SMP PREEMPT Thu Apr 25 21:04:17 KST 2013 armv7l samsung/p4notewifiue/p4notewifi:4.1.2/JZO54K/N8013UEUCMD3:user/release-keys
Build Architecture	arm
Build Architecture Info	ARMv0
Crash Reason	SIGSEGV
Crash Address	0xc
App Notes 	
AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-N8013, Product: p4notewifiue, Manufacturer: samsung, Hardware: smdk4x12'
GL Layers! EGL? EGL+ GL Context? GL Context+ GL Layers+ 
samsung GT-N8013
samsung/p4notewifiue/p4notewifi:4.1.2/JZO54K/N8013UEUCMD3:user/release-keys
Processor Notes 	sp-processor07_phx1_mozilla_com_22302:2012; exploitability tool: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	ARM
Adapter Device ID	Mali-400 MP
Device	samsung GT-N8013
Android API Version	16 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	libdvm.so 	libdvm.so@0x49704 	
1 	libxul.so 	mozilla::plugins::parent::_getvalue 	android-ndk-r8e-arm-gcc4.6/platforms/android-9/arch-arm/usr/include/jni.h:805
...
15 	libxul.so 	mozilla::PluginPRLibrary::NP_Initialize 	dom/plugins/base/PluginPRLibrary.cpp:52
16 	libxul.so 	mozilla::PluginPRLibrary::NP_Shutdown 	dom/plugins/base/PluginPRLibrary.cpp:125
17 	libnss3.so 	PR_UnloadLibrary 	nsprpub/pr/src/linking/prlink.c:1041
18 	libxul.so 	mozilla::PluginPRLibrary::NPP_New 	dom/plugins/base/PluginPRLibrary.cpp:204
19 	libxul.so 	nsNPAPIPlugin::CreatePlugin 	dom/plugins/base/nsNPAPIPlugin.cpp:461
20 	libxul.so 	nsLocalFile::Append 	xpcom/io/nsLocalFileUnix.cpp:1931
21 	libxul.so 	nsLocalFile::Release 	obj-firefox/dist/include/mozilla/mozalloc.h:225
22 	libxul.so 	nsLocalFile::Append 	xpcom/io/nsLocalFileUnix.cpp:1931
23 	libxul.so 	nsPluginHost::EnsurePluginLoaded 	dom/plugins/base/nsPluginHost.cpp:1422

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Aplugins%3A%3Aparent%3A%3A_getvalue
I suspect bug 867517.
Crash Signature: [@ mozilla::plugins::parent::_getvalue] → [@ mozilla::plugins::parent::_getvalue] [@ libstdc++.so@0x8f7] [@ libc malloc (deleted)@0x1505e ] [@ libc malloc (deleted)@0x83e ] [@ libc malloc (deleted)@0xdc6 ] [@ libc malloc (deleted)@0xff7e ] [@ libflashplayer.so@0x79c8ff ]
Summary: crash in mozilla::plugins::parent::_getvalue on ICS and above → crash in mozilla::plugins::parent::_getvalue
Duplicate of this bug: 876354
Crash Signature: [@ mozilla::plugins::parent::_getvalue] [@ libstdc++.so@0x8f7] [@ libc malloc (deleted)@0x1505e ] [@ libc malloc (deleted)@0x83e ] [@ libc malloc (deleted)@0xdc6 ] [@ libc malloc (deleted)@0xff7e ] [@ libflashplayer.so@0x79c8ff ] → [@ mozilla::plugins::parent::_getvalue] [@ JNI_CreateJavaVM | mozilla::plugins::parent::_getvalue] [@ libstdc++.so@0x8f7] [@ libc malloc (deleted)@0x1505e ] [@ libc malloc (deleted)@0x6cbe ] [@ libc malloc (deleted)@0x83e ] [@ libc malloc (deleted)@…
blassey, does bug 867517 affect Android Fx or is it just the glue for external embedders?
Flags: needinfo?(blassey.bugs)
The bug itself isn't supposed to impact Android Fx, but what has landed so far is a refactor patch. If it caused a crash, I broke something in the refactor.
Flags: needinfo?(blassey.bugs)
Attached patch patchSplinter Review
Assignee: nobody → blassey.bugs
Attachment #754872 - Flags: review?(snorp)
Comment on attachment 754872 [details] [diff] [review]
patch

Review of attachment 754872 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good. It seems weird to return a local ref, but I just checked the Android source and they do the same thing. Whatever.

::: dom/plugins/base/nsNPAPIPlugin.cpp
@@ +2266,3 @@
>          return NPERR_GENERIC_ERROR;
>  
> +      jobject ret = bridge->GetContext();

Probably want to return an error is this is null
Attachment #754872 - Flags: review?(snorp) → review+
https://hg.mozilla.org/mozilla-central/rev/f94b15104c8c
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
Duplicate of this bug: 876544
tracking-fennec: ? → ---
You need to log in before you can comment on or make changes to this bug.