Closed Bug 91988 Opened 23 years ago Closed 23 years ago

OSX: Crash clicking on Quicktime movie link several times in a row

Categories

(Core Graveyard :: Plug-ins, defect, P1)

PowerPC
macOS
defect

Tracking

(Not tracked)

VERIFIED FIXED
mozilla0.9.4

People

(Reporter: lchiang, Assigned: peterlubczynski-bugs)

References

()

Details

(Keywords: crash)

Attachments

(2 files)

Crash clicking on Quicktime movie several times in a row reported by Marty Fisher Reproduced: Mac OS 9.1 2001-07-23 build Mac OS X carbon 2001-7-19 build 1. Go to URL above 2. Click on the movie 3. Movie starts playing. As this is happening, click on the movie from the URL a few more times. Crash will eventually happen.
Attached file stdlog file
I had to click on the movie 30 times to actually see the crash. Go a few "Illegal Plugin Operation' dialogs while doig this. Dismissed some..and the n finally crashed. windows 0723 branch. stack: MSVCRT.dll + 0xd14b (0x7800d14b) MSVCRT.dll + 0xcc1c (0x7800cc1c) JS_free [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1429] js_FinalizeObject [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 1774] js_GC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 1221] js_ForceGC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 944] js_DestroyContext [d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 228] JS_DestroyContext [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 884] nsJSContext::~nsJSContext [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 390] nsJSContext::`scalar deleting destructor' nsJSContext::Release [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 397] nsCOMPtr_base::~nsCOMPtr_base [d:\builds\seamonkey\mozilla\xpcom\base\nsCOMPtr.cpp, line 50] nsJSContext::CallEventHandler [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 957] nsJSEventListener::HandleEvent [d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 140] nsEventListenerManager::HandleEventSubType [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 1162] nsEventListenerManager::HandleEvent [d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 2134] nsXULElement::HandleDOMEvent [d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 3635] PresShell::HandleDOMEventWithTarget [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5617] nsButtonBoxFrame::MouseClicked [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp, line 181] nsButtonBoxFrame::HandleEvent [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp, line 119] PresShell::HandleEventInternal [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5586] PresShell::HandleEvent [d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5496] nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 377] nsViewManager::DispatchEvent [d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp, line 2056] HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 68] nsWindow::DispatchEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 724] nsWindow::DispatchWindowEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 741] nsWindow::DispatchKeyEvent [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2390] nsWindow::OnKeyUp [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2470] nsWindow::ProcessMessage [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3113] nsWindow::WindowProc [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 989] USER32.dll + 0x1820 (0x77e71820) 0xc0390001
In the report from Marty (using carbon builds on OS X), it takes about 2-3 clicks to generate the crash. thanks for the stack trace, shrirang
if it crashes on win32, OS->All
OS: Mac System 9.x → All
Hardware: Macintosh → All
Keywords: crash
Ok, I first misread this bug as clicking _in_ the movie would crash. It doesn't (at least not in the 40+ click I tried). Clicking on the link to display the movie (I used the "0.0 MB QuickTime 3 Movie" link) while the movie is playing takes down my OS X build from today on the first try every time.
sorry, I've corrected the summary. I think the bug is easier to see on OS X (one or two clicks will crash). It takes about 10 times on OS 9.1 and even longer on Win32 to see the crash.
Summary: Crash clicking on Quicktime movie several times in a row → Crash clicking on Quicktime movie link several times in a row
Possibly useful: It appears to be related to trying to play an already playing movie rather than multiple instances of the QT plugin playing multiple movies. I did manage to crash on a movie trailer on the QT site so it's not specific to the Final Fantasy movie. And yes, it's much easier to crash under Mac OS X. Unfortunately I'm not getting any useful data when that happens as crash reporter isn't kicking in to give me a stack trace :-(
Ok, got Crash Reporter working an here's what it kicked out: Date/Time: 2001-07-23 20:52:40 -0700 PID: 249 Command: Netscape 6Debug Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x01746140 Thread 0: #0 0x054c3b28 in 0x54c3b28 () #1 0x75b89020 in _MediaSTGetSampleDescriptionCnt () #2 0x7027c99c in _CallComponentDispatch () #3 0x7027c96c in _CallComponentOpen () #4 0x7027bbec in _OpenAComponent () #5 0x7027b9f4 in _OpenComponent () #6 0x75b756f4 in _OpenCodecComponent () #7 0x75b7509c in _DecompressSequenceBeginPrivate () #8 0x75b8fc7c in _DecompressSequenceBeginS () #9 0x01b6b0c4 in _getNewSequence () #10 0x01b70424 in _decompressVideoFrame () #11 0x01b6a20c in _scrubToMediaTime () #12 0x01b686e8 in _VideoMoviesTask () #13 0x702963c0 in _CallComponentFunctionCommon () #14 0x70296648 in _CallComponentFunctionWithStorageProcInfo () #15 0x01b66938 in _VideoComponentDispatch () #16 0x7027ca88 in _CallComponent () #17 0x7027c99c in _CallComponentDispatch () #18 0x75b8ed68 in _MediaMoviesTask () #19 0x75b8e408 in _TaskMovie_priv () #20 0x01bd1284 in _doUpdateMovie () #21 0x01bda4f4 in _internalDoAction () #22 0x01bd0904 in _doUpdateEvent () #23 0x01bda404 in _internalDoAction () #24 0x01bcfc00 in __MCIdle () #25 0x70296248 in _CallComponentFunctionCommon () #26 0x70296648 in _CallComponentFunctionWithStorageProcInfo () #27 0x01bcedfc in __MCComponentDispatch () #28 0x7027ca88 in _CallComponent () #29 0x7027c99c in _CallComponentDispatch () #30 0x75b94dd4 in _MCIdle () #31 0x054aec68 in 0x54aec68 () #32 0x054b079c in 0x54b079c () #33 0x054ab304 in 0x54ab304 () #34 0x03109060 in OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream () #35 0x03118214 in OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 () #36 0x024f40b8 in OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1 () #37 0x024d1568 in HandleEvent__22nsOnDataAvailableEventFv () #38 0x024e2764 in HandlePLEvent__23nsARequestObserverEventFP7PLEvent () #39 0x00214900 in PL_HandleEvent () #40 0x002146ac in PL_ProcessPendingEvents () #41 0x001a04d0 in ProcessPendingEvents__16nsEventQueueImplFv () #42 0x001a05a0 in ProcessPendingEvents__16nsEventQueueImplFv () #43 0x0262d320 in ProcessPLEventQueue__26nsMacNSPREventQueueHandlerFv () #44 0x0262cd10 in RepeatAction__26nsMacNSPREventQueueHandlerFRC11EventRecord () #45 0x02666368 in DoRepeaters__8RepeaterFRC11EventRecord () #46 0x026469d4 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord () #47 0x02646080 in DoMessagePump__16nsMacMessagePumpFv () #48 0x02645708 in Run__10nsAppShellFv () #49 0x0235a2ec in Run__17nsAppShellServiceFv () #50 0x0009b25c in main1__FiPPcP11nsISupports () #51 0x0009e2b8 in main () Entries #1 to #30 are in the QT plugin code or QT code itself Entries #0 and #31 to #33 are unknown Entries #34 to #51 are in Mozilla
>"Possibly useful: It appears to be related to trying to play an already playing" The patch from bug 91921 went in early this morning which really effects this bug because ns4xPluginStreamListener was modified. It may have fixed this as well.
sounds like an uninitialized variable. osx loves those!
I will try this later today on OS X again in today's build (where the problem was easier to see).
Still crashes on Mac OS X with the 7/24 build
Ok, this is most definitely a recent regression. I went back to the build I did for the MacWorld demo and we do not crash. That build dates from July 12th.
Severity: major → critical
This crash is just qt movies either. If I reload a flash animation in the browser 2-4 times, I can crash the application. Tested on the July 25th branch build.
we should try to fix this for the next milestone.
How can one debug shared libraries on OS X? I can't seem to load symbols in the CW7 I have. From what I hear on Macdev, I'm not alone. The stack I'm getting points to something in widget but I am unable to see where due to no symbols loading. I'm not getting the crash reporter to fire even though it's turned on and I can't even set breakpoints. This makes fixing bugs on OS X somewhat of a challenge. How does gdb work? I can reproduce this crash pretty easily by reloading this simplified testcase: http://panther.mcom.com/testcases/plugins/quicktime5.html
Assignee: av → peterlubczynski
Priority: -- → P1
Summary: Crash clicking on Quicktime movie link several times in a row → OSX: Crash clicking on Quicktime movie link several times in a row
Target Milestone: --- → mozilla0.9.4
*** Bug 92734 has been marked as a duplicate of this bug. ***
Can anyone get this to crash under Mac OS 9.1 with the steps provided. I have tried with the July 26th branch build and can't reproduce. Using the carbon build under Mac OS X, I can easily crash when following these same steps.
Chris, pls read my commmentfrom "2001-07-23 16:22" . Forgot to mention that I used mac 9.0 to repro the crash. It's very difficult but did happen on my 9.0.
Peter, Using the movie you provided, I get the following stack trace after multiple reloads of the page: (Trunk carbon build 8-1) Date/Time: 2001-08-01 10:21:27 -0700 PID: 484 Command: Netscape 6 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0: #0 0x01fbee38 in SetCursor () #1 0x01fbee34 in SetCursor () #2 0x02767cd0 in OnStateChange__10nsDocShellFP14nsIWebProgressP10nsIRequestiUi () #3 0x01fa6c30 in FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsIRe () #4 0x01fa599c in doStartDocumentLoad__15nsDocLoaderImplFv () #5 0x01fa54a0 in OnStartRequest__15nsDocLoaderImplFP10nsIRequestP11nsISupports () #6 0x01e30e10 in AddRequest__11nsLoadGroupFP10nsIRequestP11nsISupports () #7 0x01e91ac4 in AsyncOpen__13nsHttpChannelFP17nsIStreamListenerP11nsISupports () #8 0x01fa02c4 in Open__18nsDocumentOpenInfoFP10nsIChanneliP11nsISupports () #9 0x01fa26fc in OpenURIVia__11nsURILoaderFP10nsIChanneliP11nsISupportsUi () #10 0x01fa24e0 in OpenURI__11nsURILoaderFP10nsIChanneliP11nsISupports () #11 0x0276f8e0 in DoChannelLoad__10nsDocShellFP10nsIChanneliP12nsIURILoader () #12 0x0276e308 in DoURILoad__10nsDocShellFP6nsIURIP6nsIURIP11nsISupportsiP14nsII () #13 0x0276c6ac in InternalLoad__10nsDocShellFP6nsIURIP6nsIURIP11nsISupportsiiPCw () #14 0x02773cf4 in LoadHistoryEntry__10nsDocShellFP10nsISHEntryUi () #15 0x0274fef0 in LoadURI__10nsDocShellFP6nsIURIP19nsIDocShellLoadInfoUi () #16 0x031fcb60 in LoadEntry__10nsSHistoryFil () #17 0x031fc220 in Reload__10nsSHistoryFUi () #18 0x00184a74 in _XPTC_InvokeByIndex () #19 0x0018496c in XPTC_InvokeByIndex () #20 0x01cda9e0 in 0x1cda9e0 () #21 0x01ce0978 in XPC_WN_CallMethod__FP9JSContextP8JSObjectUiPlPl () #22 0x01c2bfac in js_Invoke () #23 0x01c33f64 in 0x1c33f64 () #24 0x01c2c004 in js_Invoke () #25 0x01c2c240 in js_InternalInvoke () #26 0x01c0f3d4 in JS_CallFunctionValue () #27 0x02ab9774 in CallEventHandler__11nsJSContextFPvPvUiPvPii () #28 0x02ad42e0 in HandleEvent__17nsJSEventListenerFP11nsIDOMEvent () #29 0x021a2570 in HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru () #30 0x021a49dc in HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve () #31 0x023be788 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n () #32 0x028563fc in HandleDOMEventWithTarget__9PresShellFP10nsIContentP7nsEventP13 () #33 0x0297bf4c in MouseClicked__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEven () #34 0x0297bc00 in HandleEvent__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEvent () #35 0x02856290 in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent () #36 0x0285602c in HandleEventWithTarget__9PresShellFP7nsEventP8nsIFrameP10nsICon () #37 0x021ae038 in CheckForAndDispatchClick__19nsEventStateManagerFP14nsIPresCont () #38 0x021ac034 in 0x21ac034 () #39 0x028562d4 in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent () #40 0x02855f40 in HandleEvent__9PresShellFP7nsIViewP10nsGUIEventP13nsEventStatus () #41 0x02faab44 in HandleEvent__6nsViewFP10nsGUIEventUiP13nsEventStatusiRi () #42 0x02fbbb40 in 0x2fbbb40 () #43 0x02fa9f3c in HandleEvent__FP10nsGUIEvent () #44 0x01fc0fc0 in 0x1fc0fc0 () #45 0x01fc1094 in DispatchWindowEvent__8nsWindowFR10nsGUIEvent () #46 0x01fc11d8 in DispatchMouseEvent__8nsWindowFR12nsMouseEvent () #47 0x01fd0fbc in HandleMouseUpEvent__17nsMacEventHandlerFR11EventRecord () #48 0x01fcf510 in HandleOSEvent__17nsMacEventHandlerFR11EventRecord () #49 0x01fce70c in HandleOSEvent__11nsMacWindowFR11EventRecord () #50 0x01fd34dc in DispatchOSEvent__16nsMacMessageSinkFR11EventRecordP15OpaqueWin () #51 0x01fd7ce0 in DispatchOSEventToRaptor__16nsMacMessagePumpFR11EventRecordP15O () #52 0x01fd7840 in DoMouseUp__16nsMacMessagePumpFR11EventRecord () #53 0x01fd6e30 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord () #54 0x01fd6850 in DoMessagePump__16nsMacMessagePumpFv () #55 0x01fd60e0 in Run__10nsAppShellFv () #56 0x01d8c1f4 in Run__17nsAppShellServiceFv () #57 0x00093dfc in main1__FiPPcP11nsISupports () #58 0x00094b6c in main () Thread 1: #0 0x7000424c in _syscall () #1 0x706584b8 in _ProcessReadyEvent () #2 0x706582b0 in _CarbonSelectThreadFunc () #3 0x70014f04 in __pthread_body () Thread 2: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x70653be0 in _BSD_pthread_cond_wait () #5 0x70653bc0 in _CarbonConditionWait () #6 0x7065557c in _CarbonOperationThreadFunc () #7 0x70014f04 in __pthread_body () Thread 3: #0 0x70059b48 in _semaphore_timedwait_signal_trap () #1 0x7003f7f8 in _semaphore_timedwait_signal () #2 0x70015f68 in __pthread_cond_wait () #3 0x7003f7c4 in _pthread_cond_timedwait_relative_np () #4 0x7029b590 in _TSWaitOnConditionTimedRelative () #5 0x7029cdac in _TSWaitOnSemaphoreCommon () #6 0x702e5f98 in _TSWaitOnSemaphoreRelative () #7 0x702e7208 in _TimerThread () #8 0x70014f04 in __pthread_body () Thread 4: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x7029b550 in _TSWaitOnCondition () #5 0x7029cd94 in _TSWaitOnSemaphoreCommon () #6 0x7029cce4 in _TSWaitOnSemaphore () #7 0x7029cba8 in _AsyncFileThread () #8 0x70014f04 in __pthread_body () Thread 5: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x70653be0 in _BSD_pthread_cond_wait () #5 0x70653bc0 in _CarbonConditionWait () #6 0x70653ab4 in _CarbonInetOperThreadFunc () #7 0x70014f04 in __pthread_body () PPC Thread State: srr0: 0x01fbee38 srr1: 0x0000f030 vrsave: 0x00000000 xer: 0x2000000c lr: 0x01fbee34 ctr: 0x70267d50 mq: 0x00000000 r0: 0x01fbee34 r1: 0xbfffbed8 r2: 0x02066000 r3: 0x00000000 r4: 0x00000001 r5: 0x00000001 r6: 0x00000000 r7: 0xffffffff r8: 0x0002ad6e r9: 0x83d80f48 r10: 0x00000000 r11: 0x83d81230 r12: 0x73d81370 r13: 0x01d778b0 r14: 0x00c62064 r15: 0x00000000 r16: 0x00000000 r17: 0x00c76b1c r18: 0x002b9bb4 r19: 0x00000000 r20: 0x002b49d4 r21: 0xbfffc04c r22: 0x00c76960 r23: 0x00c769f0 r24: 0xbfffc064 r25: 0xbfffc040 r26: 0xbfffc060 r27: 0x0383c140 r28: 0x03845ad4 r29: 0x046cbcf0 r30: 0x0000001b r31: 0x00000095 **********
I'm able to reproduce a crash when reloading PNG files. QT plug-in is activated and overrides our ability to render PNG's. Go to http://www.croczilla.com/svg/polygons1.png. Press the reload button. Date/Time: 2001-08-04 12:36:22 -0700 PID: 243 Command: Mozilla Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0: #0 0x00000000 in 0x0 () #1 0x040917b0 in _EatStdMIDIComponentDispatch () #2 0x7027c99c in _CallComponentDispatch () #3 0x7027c96c in _CallComponentOpen () #4 0x7027bbec in _OpenAComponent () #5 0x7027b9f4 in _OpenComponent () #6 0x7027ca94 in _CallComponent () #7 0x7027c99c in _CallComponentDispatch () #8 0x75bd0430 in _MovieImportGetMIMETypeList () #9 0x75c038f0 in _doGetMovieImporterMIMEType () #10 0x75c11688 in _qtGetComponentPublicResourceList () #11 0x75bbbce4 in _GetMovieImporterForDataRef_priv () #12 0x03697c88 in 0x3697c88 () #13 0x03697e80 in 0x3697e80 () #14 0x0369985c in 0x369985c () #15 0x03698864 in 0x3698864 () #16 0x0369c724 in 0x369c724 () #17 0x03697304 in 0x3697304 () #18 0x02233d5c in OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream () #19 0x0223dfb4 in OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 () #20 0x02252d94 in OnDataAvailable__14PluginListenerFP10nsIRequestP11nsISupportsP () #21 0x0183a744 in OnDataAvailable__18nsDocumentOpenInfoFP10nsIRequestP11nsISuppo () #22 0x0172ef14 in OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1 () #23 0x01715d48 in HandleEvent__22nsOnDataAvailableEventFv () #24 0x01721f54 in HandlePLEvent__23nsARequestObserverEventFP7PLEvent () #25 0x001b7c9c in PL_HandleEvent () #26 0x001b7b18 in PL_ProcessPendingEvents () #27 0x00160498 in ProcessPendingEvents__16nsEventQueueImplFv () #28 0x01871c68 in ProcessPLEventQueue__26nsMacNSPREventQueueHandlerFv () #29 0x01871a2c in RepeatAction__26nsMacNSPREventQueueHandlerFRC11EventRecord () #30 0x0189a914 in DoRepeaters__8RepeaterFRC11EventRecord () #31 0x01885f38 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord () #32 0x01885858 in DoMessagePump__16nsMacMessagePumpFv () #33 0x018850e8 in Run__10nsAppShellFv () #34 0x016131f4 in Run__17nsAppShellServiceFv () #35 0x00094dfc in main1__FiPPcP11nsISupports () #36 0x00095b6c in main () Thread 1: #0 0x7000424c in _syscall () #1 0x706584b8 in _ProcessReadyEvent () #2 0x706582b0 in _CarbonSelectThreadFunc () #3 0x70014f04 in __pthread_body () Thread 2: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x70653be0 in _BSD_pthread_cond_wait () #5 0x70653bc0 in _CarbonConditionWait () #6 0x7065557c in _CarbonOperationThreadFunc () #7 0x70014f04 in __pthread_body () Thread 3: #0 0x70059b48 in _semaphore_timedwait_signal_trap () #1 0x7003f7f8 in _semaphore_timedwait_signal () #2 0x70015f68 in __pthread_cond_wait () #3 0x7003f7c4 in _pthread_cond_timedwait_relative_np () #4 0x7029b590 in _TSWaitOnConditionTimedRelative () #5 0x7029cdac in _TSWaitOnSemaphoreCommon () #6 0x702e5f98 in _TSWaitOnSemaphoreRelative () #7 0x702e7208 in _TimerThread () #8 0x70014f04 in __pthread_body () Thread 4: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x7029b550 in _TSWaitOnCondition () #5 0x7029cd94 in _TSWaitOnSemaphoreCommon () #6 0x7029cce4 in _TSWaitOnSemaphore () #7 0x7029cba8 in _AsyncFileThread () #8 0x70014f04 in __pthread_body () Thread 5: #0 0x70059b68 in _semaphore_wait_signal_trap () #1 0x70016110 in _semaphore_wait_signal () #2 0x70015f78 in __pthread_cond_wait () #3 0x70015d18 in _pthread_cond_wait () #4 0x70653be0 in _BSD_pthread_cond_wait () #5 0x70653bc0 in _CarbonConditionWait () #6 0x70653ab4 in _CarbonInetOperThreadFunc () #7 0x70014f04 in __pthread_body () Thread 6: #0 0x700007b8 in _mach_msg_overwrite_trap () #1 0x700056e4 in _mach_msg_overwrite () #2 0x700277b0 in _thread_suspend () #3 0x70027744 in __pthread_become_available () #4 0x70027468 in _pthread_exit () #5 0x70014f08 in __pthread_body () PPC Thread State: srr0: 0x00000000 srr1: 0x4000f030 vrsave: 0x00000000 xer: 0x00000008 lr: 0x7027ca88 ctr: 0x00000000 mq: 0x00000000 r0: 0x00000000 r1: 0xbfffe340 r2: 0x00000000 r3: 0xbfffe408 r4: 0x00000000 r5: 0xbfffe45c r6: 0xbfffe460 r7: 0x00000000 r8: 0x00000098 r9: 0x0395dce0 r10: 0x00000098 r11: 0x0349c300 r12: 0x0395f4d8 r13: 0x00000000 r14: 0x65617420 r15: 0x00000000 r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0xbfffe800 r20: 0x00000000 r21: 0x000000a6 r22: 0xbfffe838 r23: 0xbfffe6c8 r24: 0x75c038d4 r25: 0x6d696d65 r26: 0x00000001 r27: 0xbfffe4d8 r28: 0xbfffe408 r29: 0x00980006 r30: 0x00000006 r31: 0x7027c9c0 **********
Okay, so trying to make heads or tails of this bug, from all recent reports, it seem to be OS X only. If I am wrong, please convince me otherwise. There seems to be 2 kinds of stacks in this bug so maybe there are more than one bug: 1) The stack posted by Petersen on 8-1 for the crash caused by reloading a simple testcase. The stack doesn't seem to point to any plugin code, but here's the top of the stack: #0 0x01fbee38 in SetCursor () #1 0x01fbee34 in SetCursor () #2 0x02767cd0 in OnStateChange__10nsDocShellFP14nsIWebProgressP10nsIRequestiUi () #3 0x01fa6c30 in FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsIRe () ....digging in LXR, I found some interesting code in nsWindow.cpp: http://lxr.mozilla.org/seamonkey/source/widget/src/mac/nsWindow.cpp#628 ...perhaps someone with more knowledge of Mac widget code could take a look to see if there are any obvious CARBON compatibility issues. 2) The second stack posted by Petersen on 8-4 with a PNG testcase may be a little more difficult to fix as it seems to indicate the crash is deep inside Quicktime. cc:ing Eric Carlson for any insight from Apple Engineering on this issue: #0 0x00000000 in 0x0 () #1 0x040917b0 in _EatStdMIDIComponentDispatch () #2 0x7027c99c in _CallComponentDispatch () #3 0x7027c96c in _CallComponentOpen () #4 0x7027bbec in _OpenAComponent () #5 0x7027b9f4 in _OpenComponent () #6 0x7027ca94 in _CallComponent () #7 0x7027c99c in _CallComponentDispatch () #8 0x75bd0430 in _MovieImportGetMIMETypeList () #9 0x75c038f0 in _doGetMovieImporterMIMEType () #10 0x75c11688 in _qtGetComponentPublicResourceList () #11 0x75bbbce4 in _GetMovieImporterForDataRef_priv () #12 0x03697c88 in 0x3697c88 () #13 0x03697e80 in 0x3697e80 () #14 0x0369985c in 0x369985c () #15 0x03698864 in 0x3698864 () #16 0x0369c724 in 0x369c724 () #17 0x03697304 in 0x3697304 () #18 0x02233d5c in OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream () #19 0x0223dfb4 in OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 () #20 0x02252d94 in OnDataAvailable__14PluginListenerFP10nsIRequestP11nsISupportsP ()
Status: NEW → ASSIGNED
OS: All → MacOS X
Hardware: All → Macintosh
well, took me a while on my mac 9.0 to reproduce..but I finally did crash once...
With the help of Petersen, the problem has been narrowed down to a check-in between 7/13 and 7/16: http://bonsai.mozilla.org/cvsquery.cgi? treeid=default&module=all&branch=MOZILLA_0_9_2_BRANCH&branchtype=match&dir=&file =&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=07 %2F13%2F2001&maxdate=07%2F16%2F2001&cvsroot=%2Fcvsroot There are a lot of check-ins on this list, but the one which stands out is Brian Nesse's fix for the nsITimer leak in bug 85231. It fits because it effected both full-page and embedded plugins, it's Mac only, and it effects plugin shutdown (vs. plugin loading as other check-ins do). I'll try backing out the fix in my tree to see if the problem is still there. However, if fixing the leak does turn out to be the problem, the REAL fix may be a little more difficult as this is a problem which has been there for a long time and only now is showing up because of plugging the leak.
I may have found the source of the problem. I think it's the notorious PR_UnloadLibrary in nsPluginTag::TryUnloadPlugin in nsPluginHostImpl.cpp. Without it, we don't crash! This has been the source of much controversy in bug 79196. Even though Brian's last comment in the bug is that in 4.x we did unload it after NPP_Shutdown, when I commented that out, we don't crash with Carbon Quicktime anymore. I'm starting to agree with Chris Blizzard that maybe it should be (re)moved.
The problem was that with CFBundle plugins on OSX, we weren't correctly loading the resource data of the plugin! This casues a plethora of serious issues with OS X Quicktime and Mozilla which will now be fixed. I'm now seeking reviews for my patch. Note about tabs in patch: nsPluginsDirMac.cpp is FULL of tabs so I'll "untabify" it before checking in.
Keywords: patch
Whiteboard: [seeking reviews]
So that was the problem then? Cool! In the 4xPlugin changes it looks like you should be able to pass the nsFileSpec | file| directly to the nsPluginFile constructor without having to go through | spec|... just adding pointless copy constructors.
Hate to be the bearer of bad tidings but this doesn't fix the QuickTime crash for me (trunk build froma clean pull today w/patch applied). I have a slightly different test case though: 1) Go to http://www.apple.com/trailers/disney/monsters_inc/ 2) Click on "WATCH THE NEW TRAILER" 3) Pick a movie size from the window that pops up 4) Click in the window that pops up to start the movie playing 5) Move the movie window out of the way so you can click on "WATCH THE NEW TRAILER" again 6) Pick the same size movie as you did in step #3 7) Note the movie from step #4 stops playing and you get the "click to play" message displayed again 8) Click in the movie window to start playing 9) Observe that you crash
Earlier today I was able to see the crash with the patch. However, it seemed to have left after re-applying the patch to a freshly updated plugin project. I thought it was caused by either garbage in my tree or for some reason the reboot cleared something out (although I don't know how that's possible). It hasn't crashed for me since. Hm....I wonder if the resource is still being used by something....is there a way to tell before calling PR_UnloadLibrary? In any case, I could not reproduce the crash anymore using those steps. I repeated the steps several times, even having 2 movies playing at once. I'll keep trying and also give my debug build to Petersen tomorrow to hammer on. Perhaps it is another bug.
Whiteboard: [seeking reviews]
Not that failing to open resources for bundle plugins isn't a problem but I agree it's not necessarily the cause of the QT crash (especaiily since the QT bundle plugin at one point worked w/o crashing when we weren't opening its resources). I was discussing this with beard a few days ago and he was wondering if somehow we're not telling the QT plugin it's going away before we kill it.
Tried Steve's procedures (multiple times) with Peter L's debug trunk OS X build which didn't result in a crash. Visited this report's original url and completed the steps mentioned. Again, I didn't experience a crash. Tried reloading various QT movies at http://www.apple.com/quicktime/products/gallery/ and exited the page via the back /forward toolbar button. Didn't recieve a crash throughtout the testing it I did.
I think other crashes may be related to other problems or bugs. The orriginal testcase here does not crash anymore. For now, I was wondering if I can check in what I have as it's the right thing to do anyway. Brian or Steve can I get your r=? I will change: ! nsPluginFile pluginFile(file);
Whiteboard: [seeking reviews]
With the change I requested. r=bnesse.
sr=sfraser
Patch checked in, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Whiteboard: [seeking reviews]
Peter, Using the Sept 09 build, I still can crash Mozilla. * Reloading the QT Monsters trailer (based on dagley's steps) in this report * Reloading PNG sample provided in this report The original url for this bug doesn't seem to function so I can't double-check it. Not sure if we should reopen this report or not ....
Bug 98729 has been opened with a much better testcase to easily reproduce. Attachment #48869 [details] [diff] in that bug is a possible patch to fix what seems to be random crashing with Quicktime.
98729 is marked for moz 0.9.5...whereas this one was for 0.9.4. any suggestions on the resolution of this bug ?
verif (0924).
Status: RESOLVED → VERIFIED
*** Bug 102796 has been marked as a duplicate of this bug. ***
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: