Closed
Bug 901963
Opened 12 years ago
Closed 12 years ago
crash in mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Tracking
(firefox24 unaffected, firefox25 affected, firefox26 fixed)
RESOLVED
FIXED
mozilla26
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| firefox25 | --- | affected |
| firefox26 | --- | fixed |
People
(Reporter: scoobidiver, Assigned: m_kato)
References
Details
(4 keywords)
Crash Data
Attachments
(1 file)
|
1.86 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
It started spiking in 26.0a1/20130806 although there's one crash in 25.0a1/20130805. The regression range for the spike is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=482b9d04974a&tochange=a0dd80f800e2
It might be a regression from bug 899026.
Comments talk about Flash unusable.
Stack traces are various and still buggy on 64-bit builds.
It's not a blocker as long as it's restricted to 64-bit builds but the crash volume is worth it (about 400 crashes an hour).
More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=mozilla%3A%3Aplugins%3A%3APluginInstanceChild%3A%3ASetWindowLongPtrWHook%28HWND__*%2C+int%2C+__int64%29
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=SetWindowLongPtrWHook%28HWND__*%2C+int%2C+__int64%29
latest crash when i clicked on youtube player window
https://crash-stats.mozilla.com/report/index/78386a1f-8738-47b4-b7d2-0fe872130806
first crash when youtube page start playing a video.
https://crash-stats.mozilla.com/report/index/39524148-e7ac-4e45-8d0f-764572130806
I will return with more information as i collect them.
|
||
Comment 2•12 years ago
|
||
This appears as if it will always crash when attempting to instantiate a Flash process on win64. That's a pretty serious functional regression.
Makoko, could you have a look please?
Assignee: nobody → m_kato
Priority: -- → P2
|
Reporter | |
Updated•12 years ago
|
Crash Signature: [@ mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook(HWND__*, int, __int64)]
[@ SetWindowLongPtrWHook(HWND__*, int, __int64) ] → [@ mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook(HWND__*, int, __int64)]
[@ SetWindowLongPtrWHook(HWND__*, int, __int64) ]
[@ SetWindowLongPtrAHook(HWND__*, int, __int64) ]
|
Assignee | |
Comment 3•12 years ago
|
||
|
|
Assignee | |
Comment 4•12 years ago
|
||
Comment on attachment 786714 [details] [diff] [review]
fix
This is a regression by bug 899026. jmp rel32 offset and disp32 are signed, not unsigned.
Attachment #786714 -
Flags: review?(ehsan)
|
|
Reporter | |
Updated•12 years ago
|
|
|
Reporter | |
Updated•12 years ago
|
Crash Signature: [@ mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook(HWND__*, int, __int64)]
[@ SetWindowLongPtrWHook(HWND__*, int, __int64) ]
[@ SetWindowLongPtrAHook(HWND__*, int, __int64) ] → [@ mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook(HWND__*, int, __int64)]
[@ SetWindowLongPtrWHook(HWND__*, int, __int64) ]
[@ SetWindowLongPtrAHook(HWND__*, int, __int64) ]
[@ SetPluginHidden ]
[@ PL_DHashTableOperate | nsLocalFile::Rel…
|
||
Updated•12 years ago
|
tracking-firefox25:
--- → ?
tracking-firefox26:
--- → ?
|
|
Reporter | |
Comment 5•12 years ago
|
||
Tracking flags are for versions that are going to be released. 64-bit Firefox 25 and 26 are not scheduled.
tracking-firefox25:
? → ---
tracking-firefox26:
? → ---
|
||
Comment 6•12 years ago
|
||
Comment on attachment 786714 [details] [diff] [review]
fix
Review of attachment 786714 [details] [diff] [review]:
-----------------------------------------------------------------
Oops!
Attachment #786714 -
Flags: review?(ehsan) → review+
|
||
Comment 7•12 years ago
|
||
|
|
||
Comment 8•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
|
|
Reporter | |
Updated•12 years ago
|
|
|
||
Comment 9•12 years ago
|
||
Makoto, did you want to request Aurora uplift for this and bug 899026?
|
|
Assignee | |
Comment 10•12 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #9)
> Makoto, did you want to request Aurora uplift for this and bug 899026?
No. But I want to back out bug 899026 on aurora.
|
||
Comment 11•12 years ago
|
||
I just started testing 64bit builds on Windows 7. I see this as a high volume crash in bughunter debug builds on Beta/25 Win7 x86_64 with a number of urls.
For example,
http://video-links.info/nv.php?url=zvdwb3xhbxa86
EXCEPTION_ACCESS_VIOLATION_EXEC
mozilla::plugins::PluginInstanceChild::SetWindowLongPtrWHook NPSWF64_11_9_900_117.dll@0x14583ff NPSWF64_11_9_900_117.dll@0x28ecf8 NPSWF64_11_9_900_117.dll@0x28f025 NPSWF64_11_9_900_117.dll@0x10fe5bf
breakpad's exploitability rates this as a medium.
MS' !exploitable rates this as exploitable due to DEP violation.
In opt nightly just prior to this fix with http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2013/08/2013-08-08-03-02-05-mozilla-central/firefox-26.0a1.en-US.win64-x86_64.zip, I get bp-e0b72383-19ff-4ca4-9171-31f592131012
0 @0x177877634
1 xul.dll xul.dll@0xb6c8cf
2 NPSWF64_11_9_900_117.dll F1149524817___________________________
bug 899026 appears to be on Beta/25 and has not been backed out. This patch is on both aurora and central but not beta.
Benjamin, do you think we can get this on beta/25 ?
Flags: needinfo?(benjamin)
|
|
||
Comment 12•12 years ago
|
||
I'm not sure why we're testing FF25 win64 builds, but this is very unlikely to be actually exploitable and we're only shipping nightly in win64 mode as far as I know, so I don't think there's a strong reason to uplift this to beta.
Flags: needinfo?(benjamin)
Comment 11 is private:
false
|
||
Updated•4 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•