Closed Bug 91988 Opened 23 years ago Closed 23 years ago

OSX: Crash clicking on Quicktime movie link several times in a row

Categories

(Core Graveyard :: Plug-ins, defect, P1)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
PowerPC
macOS
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: lchiang, Assigned: peterlubczynski-bugs)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(2 files)

stdlog file
25.51 KB, text/plain
Details
patch to correctly load resources for bundled plugins, v.1
6.02 KB, patch
Details | Diff | Splinter Review 
Crash clicking on Quicktime movie several times in a row
reported by Marty Fisher

Reproduced:
Mac OS 9.1 2001-07-23 build
Mac OS X carbon 2001-7-19 build

1.  Go to URL above
2.  Click on the movie
3.  Movie starts playing.  As this is happening, click on the movie from the URL 
a few more times.

Crash will eventually happen.
Attached file stdlog file 

    
    

    
  
I had to click on the movie 30 times to actually see the crash. Go a few 
"Illegal Plugin Operation' dialogs while doig this. Dismissed some..and the n 
finally crashed. windows 0723 branch.


stack: 

MSVCRT.dll + 0xd14b (0x7800d14b) 
MSVCRT.dll + 0xcc1c (0x7800cc1c) 
JS_free [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 1429] 
js_FinalizeObject [d:\builds\seamonkey\mozilla\js\src\jsobj.c, line 1774] 
js_GC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 1221] 
js_ForceGC [d:\builds\seamonkey\mozilla\js\src\jsgc.c, line 944] 
js_DestroyContext [d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 228] 
JS_DestroyContext [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 884] 
nsJSContext::~nsJSContext 
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 390] 
nsJSContext::`scalar deleting destructor' 
nsJSContext::Release 
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 397] 
nsCOMPtr_base::~nsCOMPtr_base 
[d:\builds\seamonkey\mozilla\xpcom\base\nsCOMPtr.cpp, line 50] 
nsJSContext::CallEventHandler 
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 957] 
nsJSEventListener::HandleEvent 
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 140] 
nsEventListenerManager::HandleEventSubType 
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 
1162] 
nsEventListenerManager::HandleEvent 
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp, line 
2134] 
nsXULElement::HandleDOMEvent 
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line 
3635] 
PresShell::HandleDOMEventWithTarget 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5617] 
nsButtonBoxFrame::MouseClicked 
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp, line 181] 
nsButtonBoxFrame::HandleEvent 
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp, line 119] 
PresShell::HandleEventInternal 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5586] 
PresShell::HandleEvent 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5496] 
nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 377] 
nsViewManager::DispatchEvent 
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp, line 2056] 
HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 68] 
nsWindow::DispatchEvent 
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 724] 
nsWindow::DispatchWindowEvent 
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 741] 
nsWindow::DispatchKeyEvent 
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 2390] 
nsWindow::OnKeyUp [d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, 
line 2470] 
nsWindow::ProcessMessage 
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3113] 
nsWindow::WindowProc 
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 989] 
USER32.dll + 0x1820 (0x77e71820) 
0xc0390001 

    
    

    
  
In the report from Marty (using carbon builds on OS X), it takes about 2-3
clicks to generate the crash.

thanks for the stack trace, shrirang

    
    

    
  
if it crashes on win32, OS->All

OS: Mac System 9.x → All
Hardware: Macintosh → All

    
  
Keywords: crash

    
    

    
  
Ok, I first misread this bug as clicking _in_ the movie would crash.  It doesn't 
(at least not in the 40+ click I tried).  Clicking on the link to display the 
movie (I used the "0.0 MB QuickTime 3 Movie" link) while the movie is playing 
takes down my OS X build from today on the first try every time.


    
    

    
  
sorry, I've corrected the summary.

I think the bug is easier to see on OS X (one or two clicks will crash).  It
takes about 10 times on OS 9.1 and even longer on Win32 to see the crash.
Summary: Crash clicking on Quicktime movie several times in a row → Crash clicking on Quicktime movie link several times in a row

    
    

    
  
Possibly useful: It appears to be related to trying to play an already playing 
movie rather than multiple instances of the QT plugin playing multiple movies.  I 
did manage to crash on a movie trailer on the QT site so it's not specific to the 
Final Fantasy movie.  And yes, it's much easier to crash under Mac OS X.  
Unfortunately I'm not getting any useful data when that happens as crash reporter 
isn't kicking in to give me a stack trace :-(


    
    

    
  
Ok, got Crash Reporter working an here's what it kicked out:

Date/Time: 2001-07-23 20:52:40 -0700

PID:       249
Command:   Netscape 6Debug

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_INVALID_ADDRESS (0x0001) at 0x01746140

Thread 0:
 #0   0x054c3b28 in 0x54c3b28 ()
 #1   0x75b89020 in _MediaSTGetSampleDescriptionCnt ()
 #2   0x7027c99c in _CallComponentDispatch ()
 #3   0x7027c96c in _CallComponentOpen ()
 #4   0x7027bbec in _OpenAComponent ()
 #5   0x7027b9f4 in _OpenComponent ()
 #6   0x75b756f4 in _OpenCodecComponent ()
 #7   0x75b7509c in _DecompressSequenceBeginPrivate ()
 #8   0x75b8fc7c in _DecompressSequenceBeginS ()
 #9   0x01b6b0c4 in _getNewSequence ()
 #10  0x01b70424 in _decompressVideoFrame ()
 #11  0x01b6a20c in _scrubToMediaTime ()
 #12  0x01b686e8 in _VideoMoviesTask ()
 #13  0x702963c0 in _CallComponentFunctionCommon ()
 #14  0x70296648 in _CallComponentFunctionWithStorageProcInfo ()
 #15  0x01b66938 in _VideoComponentDispatch ()
 #16  0x7027ca88 in _CallComponent ()
 #17  0x7027c99c in _CallComponentDispatch ()
 #18  0x75b8ed68 in _MediaMoviesTask ()
 #19  0x75b8e408 in _TaskMovie_priv ()
 #20  0x01bd1284 in _doUpdateMovie ()
 #21  0x01bda4f4 in _internalDoAction ()
 #22  0x01bd0904 in _doUpdateEvent ()
 #23  0x01bda404 in _internalDoAction ()
 #24  0x01bcfc00 in __MCIdle ()
 #25  0x70296248 in _CallComponentFunctionCommon ()
 #26  0x70296648 in _CallComponentFunctionWithStorageProcInfo ()
 #27  0x01bcedfc in __MCComponentDispatch ()
 #28  0x7027ca88 in _CallComponent ()
 #29  0x7027c99c in _CallComponentDispatch ()
 #30  0x75b94dd4 in _MCIdle ()
 #31  0x054aec68 in 0x54aec68 ()
 #32  0x054b079c in 0x54b079c ()
 #33  0x054ab304 in 0x54ab304 ()
 #34  0x03109060 in
OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream ()
 #35  0x03118214 in
OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 ()
 #36  0x024f40b8 in
OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1 ()
 #37  0x024d1568 in HandleEvent__22nsOnDataAvailableEventFv ()
 #38  0x024e2764 in HandlePLEvent__23nsARequestObserverEventFP7PLEvent ()
 #39  0x00214900 in PL_HandleEvent ()
 #40  0x002146ac in PL_ProcessPendingEvents ()
 #41  0x001a04d0 in ProcessPendingEvents__16nsEventQueueImplFv ()
 #42  0x001a05a0 in ProcessPendingEvents__16nsEventQueueImplFv ()
 #43  0x0262d320 in ProcessPLEventQueue__26nsMacNSPREventQueueHandlerFv ()
 #44  0x0262cd10 in RepeatAction__26nsMacNSPREventQueueHandlerFRC11EventRecord ()
 #45  0x02666368 in DoRepeaters__8RepeaterFRC11EventRecord ()
 #46  0x026469d4 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #47  0x02646080 in DoMessagePump__16nsMacMessagePumpFv ()
 #48  0x02645708 in Run__10nsAppShellFv ()
 #49  0x0235a2ec in Run__17nsAppShellServiceFv ()
 #50  0x0009b25c in main1__FiPPcP11nsISupports ()
 #51  0x0009e2b8 in main ()

Entries #1 to #30 are in the QT plugin code or QT code itself
Entries #0 and #31 to #33 are unknown
Entries #34 to #51 are in Mozilla

    
    

    
  
>"Possibly useful: It appears to be related to trying to play an already playing"

The patch from bug 91921 went in early this morning which really effects this
bug because ns4xPluginStreamListener was modified. It may have fixed this as well.

    
    

    
  
sounds like an uninitialized variable. osx loves those!


    
    

    
  
I will try this later today on OS X again in today's build (where the problem
was easier to see).

    
    

    
  
Still crashes on Mac OS X with the 7/24 build


    
    

    
  
Ok, this is most definitely a recent regression.  I went back to the build I did 
for the MacWorld demo and we do not crash.  That build dates from July 12th.

Severity: major → critical

    
    

    
  
This crash is just qt movies either. If I reload a flash animation in the
browser 2-4 times, I can crash the application. Tested on the July 25th branch
build.

    
    

    
  
we should try to fix this for the next milestone.

    
    

    
  
How can one debug shared libraries on OS X? I can't seem to load symbols in the
CW7 I have. From what I hear on Macdev, I'm not alone. The stack I'm getting
points to something in widget but I am unable to see where due to no symbols
loading. I'm not getting the crash reporter to fire even though it's turned on
and I can't even set breakpoints. This makes fixing bugs on OS X somewhat of a
challenge. How does gdb work?

I can reproduce this crash pretty easily by reloading this simplified testcase:
http://panther.mcom.com/testcases/plugins/quicktime5.html



Assignee: av → peterlubczynski
Priority: -- → P1
Summary: Crash clicking on Quicktime movie link several times in a row → OSX: Crash clicking on Quicktime movie link several times in a row
Target Milestone: --- → mozilla0.9.4

    
    

    
  
*** Bug 92734 has been marked as a duplicate of this bug. ***

    
    

    
  
Can anyone get this to crash under Mac OS 9.1 with the steps provided. I have
tried with the July 26th branch build and can't reproduce. Using the carbon
build under Mac OS X, I can easily crash when following these same steps.

    
    

    
  
Chris, pls read my commmentfrom "2001-07-23 16:22" . Forgot to mention that I 
used  mac 9.0 to repro the crash. It's very difficult but did happen on my 9.0.

    
    

    
  
Peter,

Using the movie you provided, I get the following stack trace after multiple
reloads of the page: (Trunk carbon build 8-1)

Date/Time: 2001-08-01 10:21:27 -0700

PID:       484
Command:   Netscape 6

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
 #0   0x01fbee38 in SetCursor ()
 #1   0x01fbee34 in SetCursor ()
 #2   0x02767cd0 in OnStateChange__10nsDocShellFP14nsIWebProgressP10nsIRequestiUi ()
 #3   0x01fa6c30 in
FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsIRe ()
 #4   0x01fa599c in doStartDocumentLoad__15nsDocLoaderImplFv ()
 #5   0x01fa54a0 in OnStartRequest__15nsDocLoaderImplFP10nsIRequestP11nsISupports ()
 #6   0x01e30e10 in AddRequest__11nsLoadGroupFP10nsIRequestP11nsISupports ()
 #7   0x01e91ac4 in AsyncOpen__13nsHttpChannelFP17nsIStreamListenerP11nsISupports ()
 #8   0x01fa02c4 in Open__18nsDocumentOpenInfoFP10nsIChanneliP11nsISupports ()
 #9   0x01fa26fc in OpenURIVia__11nsURILoaderFP10nsIChanneliP11nsISupportsUi ()
 #10  0x01fa24e0 in OpenURI__11nsURILoaderFP10nsIChanneliP11nsISupports ()
 #11  0x0276f8e0 in DoChannelLoad__10nsDocShellFP10nsIChanneliP12nsIURILoader ()
 #12  0x0276e308 in
DoURILoad__10nsDocShellFP6nsIURIP6nsIURIP11nsISupportsiP14nsII ()
 #13  0x0276c6ac in
InternalLoad__10nsDocShellFP6nsIURIP6nsIURIP11nsISupportsiiPCw ()
 #14  0x02773cf4 in LoadHistoryEntry__10nsDocShellFP10nsISHEntryUi ()
 #15  0x0274fef0 in LoadURI__10nsDocShellFP6nsIURIP19nsIDocShellLoadInfoUi ()
 #16  0x031fcb60 in LoadEntry__10nsSHistoryFil ()
 #17  0x031fc220 in Reload__10nsSHistoryFUi ()
 #18  0x00184a74 in _XPTC_InvokeByIndex ()
 #19  0x0018496c in XPTC_InvokeByIndex ()
 #20  0x01cda9e0 in 0x1cda9e0 ()
 #21  0x01ce0978 in XPC_WN_CallMethod__FP9JSContextP8JSObjectUiPlPl ()
 #22  0x01c2bfac in js_Invoke ()
 #23  0x01c33f64 in 0x1c33f64 ()
 #24  0x01c2c004 in js_Invoke ()
 #25  0x01c2c240 in js_InternalInvoke ()
 #26  0x01c0f3d4 in JS_CallFunctionValue ()
 #27  0x02ab9774 in CallEventHandler__11nsJSContextFPvPvUiPvPii ()
 #28  0x02ad42e0 in HandleEvent__17nsJSEventListenerFP11nsIDOMEvent ()
 #29  0x021a2570 in
HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru ()
 #30  0x021a49dc in
HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve ()
 #31  0x023be788 in
HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n ()
 #32  0x028563fc in
HandleDOMEventWithTarget__9PresShellFP10nsIContentP7nsEventP13 ()
 #33  0x0297bf4c in
MouseClicked__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEven ()
 #34  0x0297bc00 in
HandleEvent__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEvent ()
 #35  0x02856290 in
HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent ()
 #36  0x0285602c in
HandleEventWithTarget__9PresShellFP7nsEventP8nsIFrameP10nsICon ()
 #37  0x021ae038 in
CheckForAndDispatchClick__19nsEventStateManagerFP14nsIPresCont ()
 #38  0x021ac034 in 0x21ac034 ()
 #39  0x028562d4 in
HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent ()
 #40  0x02855f40 in
HandleEvent__9PresShellFP7nsIViewP10nsGUIEventP13nsEventStatus ()
 #41  0x02faab44 in HandleEvent__6nsViewFP10nsGUIEventUiP13nsEventStatusiRi ()
 #42  0x02fbbb40 in 0x2fbbb40 ()
 #43  0x02fa9f3c in HandleEvent__FP10nsGUIEvent ()
 #44  0x01fc0fc0 in 0x1fc0fc0 ()
 #45  0x01fc1094 in DispatchWindowEvent__8nsWindowFR10nsGUIEvent ()
 #46  0x01fc11d8 in DispatchMouseEvent__8nsWindowFR12nsMouseEvent ()
 #47  0x01fd0fbc in HandleMouseUpEvent__17nsMacEventHandlerFR11EventRecord ()
 #48  0x01fcf510 in HandleOSEvent__17nsMacEventHandlerFR11EventRecord ()
 #49  0x01fce70c in HandleOSEvent__11nsMacWindowFR11EventRecord ()
 #50  0x01fd34dc in
DispatchOSEvent__16nsMacMessageSinkFR11EventRecordP15OpaqueWin ()
 #51  0x01fd7ce0 in
DispatchOSEventToRaptor__16nsMacMessagePumpFR11EventRecordP15O ()
 #52  0x01fd7840 in DoMouseUp__16nsMacMessagePumpFR11EventRecord ()
 #53  0x01fd6e30 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #54  0x01fd6850 in DoMessagePump__16nsMacMessagePumpFv ()
 #55  0x01fd60e0 in Run__10nsAppShellFv ()
 #56  0x01d8c1f4 in Run__17nsAppShellServiceFv ()
 #57  0x00093dfc in main1__FiPPcP11nsISupports ()
 #58  0x00094b6c in main ()

Thread 1:
 #0   0x7000424c in _syscall ()
 #1   0x706584b8 in _ProcessReadyEvent ()
 #2   0x706582b0 in _CarbonSelectThreadFunc ()
 #3   0x70014f04 in __pthread_body ()

Thread 2:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x7065557c in _CarbonOperationThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 3:
 #0   0x70059b48 in _semaphore_timedwait_signal_trap ()
 #1   0x7003f7f8 in _semaphore_timedwait_signal ()
 #2   0x70015f68 in __pthread_cond_wait ()
 #3   0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
 #4   0x7029b590 in _TSWaitOnConditionTimedRelative ()
 #5   0x7029cdac in _TSWaitOnSemaphoreCommon ()
 #6   0x702e5f98 in _TSWaitOnSemaphoreRelative ()
 #7   0x702e7208 in _TimerThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 4:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x7029b550 in _TSWaitOnCondition ()
 #5   0x7029cd94 in _TSWaitOnSemaphoreCommon ()
 #6   0x7029cce4 in _TSWaitOnSemaphore ()
 #7   0x7029cba8 in _AsyncFileThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 5:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x70653ab4 in _CarbonInetOperThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

PPC Thread State:
  srr0: 0x01fbee38 srr1: 0x0000f030                vrsave: 0x00000000
   xer: 0x2000000c   lr: 0x01fbee34  ctr: 0x70267d50   mq: 0x00000000
    r0: 0x01fbee34   r1: 0xbfffbed8   r2: 0x02066000   r3: 0x00000000
    r4: 0x00000001   r5: 0x00000001   r6: 0x00000000   r7: 0xffffffff
    r8: 0x0002ad6e   r9: 0x83d80f48  r10: 0x00000000  r11: 0x83d81230
   r12: 0x73d81370  r13: 0x01d778b0  r14: 0x00c62064  r15: 0x00000000
   r16: 0x00000000  r17: 0x00c76b1c  r18: 0x002b9bb4  r19: 0x00000000
   r20: 0x002b49d4  r21: 0xbfffc04c  r22: 0x00c76960  r23: 0x00c769f0
   r24: 0xbfffc064  r25: 0xbfffc040  r26: 0xbfffc060  r27: 0x0383c140
   r28: 0x03845ad4  r29: 0x046cbcf0  r30: 0x0000001b  r31: 0x00000095

**********

    
    

    
  
I'm able to reproduce a crash when reloading PNG files. QT plug-in is activated
and overrides our ability to render PNG's. 

Go to http://www.croczilla.com/svg/polygons1.png. Press the reload button.


Date/Time: 2001-08-04 12:36:22 -0700

PID:       243
Command:   Mozilla

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
 #0   0x00000000 in 0x0 ()
 #1   0x040917b0 in _EatStdMIDIComponentDispatch ()
 #2   0x7027c99c in _CallComponentDispatch ()
 #3   0x7027c96c in _CallComponentOpen ()
 #4   0x7027bbec in _OpenAComponent ()
 #5   0x7027b9f4 in _OpenComponent ()
 #6   0x7027ca94 in _CallComponent ()
 #7   0x7027c99c in _CallComponentDispatch ()
 #8   0x75bd0430 in _MovieImportGetMIMETypeList ()
 #9   0x75c038f0 in _doGetMovieImporterMIMEType ()
 #10  0x75c11688 in _qtGetComponentPublicResourceList ()
 #11  0x75bbbce4 in _GetMovieImporterForDataRef_priv ()
 #12  0x03697c88 in 0x3697c88 ()
 #13  0x03697e80 in 0x3697e80 ()
 #14  0x0369985c in 0x369985c ()
 #15  0x03698864 in 0x3698864 ()
 #16  0x0369c724 in 0x369c724 ()
 #17  0x03697304 in 0x3697304 ()
 #18  0x02233d5c in
OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream ()
 #19  0x0223dfb4 in
OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 ()
 #20  0x02252d94 in
OnDataAvailable__14PluginListenerFP10nsIRequestP11nsISupportsP ()
 #21  0x0183a744 in
OnDataAvailable__18nsDocumentOpenInfoFP10nsIRequestP11nsISuppo ()
 #22  0x0172ef14 in
OnDataAvailable__13nsHttpChannelFP10nsIRequestP11nsISupportsP1 ()
 #23  0x01715d48 in HandleEvent__22nsOnDataAvailableEventFv ()
 #24  0x01721f54 in HandlePLEvent__23nsARequestObserverEventFP7PLEvent ()
 #25  0x001b7c9c in PL_HandleEvent ()
 #26  0x001b7b18 in PL_ProcessPendingEvents ()
 #27  0x00160498 in ProcessPendingEvents__16nsEventQueueImplFv ()
 #28  0x01871c68 in ProcessPLEventQueue__26nsMacNSPREventQueueHandlerFv ()
 #29  0x01871a2c in RepeatAction__26nsMacNSPREventQueueHandlerFRC11EventRecord ()
 #30  0x0189a914 in DoRepeaters__8RepeaterFRC11EventRecord ()
 #31  0x01885f38 in DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #32  0x01885858 in DoMessagePump__16nsMacMessagePumpFv ()
 #33  0x018850e8 in Run__10nsAppShellFv ()
 #34  0x016131f4 in Run__17nsAppShellServiceFv ()
 #35  0x00094dfc in main1__FiPPcP11nsISupports ()
 #36  0x00095b6c in main ()

Thread 1:
 #0   0x7000424c in _syscall ()
 #1   0x706584b8 in _ProcessReadyEvent ()
 #2   0x706582b0 in _CarbonSelectThreadFunc ()
 #3   0x70014f04 in __pthread_body ()

Thread 2:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x7065557c in _CarbonOperationThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 3:
 #0   0x70059b48 in _semaphore_timedwait_signal_trap ()
 #1   0x7003f7f8 in _semaphore_timedwait_signal ()
 #2   0x70015f68 in __pthread_cond_wait ()
 #3   0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
 #4   0x7029b590 in _TSWaitOnConditionTimedRelative ()
 #5   0x7029cdac in _TSWaitOnSemaphoreCommon ()
 #6   0x702e5f98 in _TSWaitOnSemaphoreRelative ()
 #7   0x702e7208 in _TimerThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 4:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x7029b550 in _TSWaitOnCondition ()
 #5   0x7029cd94 in _TSWaitOnSemaphoreCommon ()
 #6   0x7029cce4 in _TSWaitOnSemaphore ()
 #7   0x7029cba8 in _AsyncFileThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 5:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x70653ab4 in _CarbonInetOperThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 6:
 #0   0x700007b8 in _mach_msg_overwrite_trap ()
 #1   0x700056e4 in _mach_msg_overwrite ()
 #2   0x700277b0 in _thread_suspend ()
 #3   0x70027744 in __pthread_become_available ()
 #4   0x70027468 in _pthread_exit ()
 #5   0x70014f08 in __pthread_body ()

PPC Thread State:
  srr0: 0x00000000 srr1: 0x4000f030                vrsave: 0x00000000
   xer: 0x00000008   lr: 0x7027ca88  ctr: 0x00000000   mq: 0x00000000
    r0: 0x00000000   r1: 0xbfffe340   r2: 0x00000000   r3: 0xbfffe408
    r4: 0x00000000   r5: 0xbfffe45c   r6: 0xbfffe460   r7: 0x00000000
    r8: 0x00000098   r9: 0x0395dce0  r10: 0x00000098  r11: 0x0349c300
   r12: 0x0395f4d8  r13: 0x00000000  r14: 0x65617420  r15: 0x00000000
   r16: 0x00000000  r17: 0x00000000  r18: 0x00000000  r19: 0xbfffe800
   r20: 0x00000000  r21: 0x000000a6  r22: 0xbfffe838  r23: 0xbfffe6c8
   r24: 0x75c038d4  r25: 0x6d696d65  r26: 0x00000001  r27: 0xbfffe4d8
   r28: 0xbfffe408  r29: 0x00980006  r30: 0x00000006  r31: 0x7027c9c0

**********

    
    

    
  
Okay, so trying to make heads or tails of this bug, from all recent reports, it
seem to be OS X only. If I am wrong, please convince me otherwise.

There seems to be 2 kinds of stacks in this bug so maybe there are more than one
bug:
1) The stack posted by Petersen on 8-1 for the crash caused by reloading a
simple testcase. The stack doesn't seem to point to any plugin code, but here's
the top of the stack:
 #0   0x01fbee38 in SetCursor ()
 #1   0x01fbee34 in SetCursor ()
 #2   0x02767cd0 in OnStateChange__10nsDocShellFP14nsIWebProgressP10nsIRequestiUi ()
 #3   0x01fa6c30 in
FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsIRe ()

....digging in LXR, I found some interesting code in nsWindow.cpp:
http://lxr.mozilla.org/seamonkey/source/widget/src/mac/nsWindow.cpp#628
...perhaps someone with more knowledge of Mac widget code could take a look to
see if there are any obvious CARBON compatibility issues.


2) The second stack posted by Petersen on 8-4 with a PNG testcase may be a
little more difficult to fix as it seems to indicate the crash is deep inside
Quicktime. cc:ing Eric Carlson for any insight from Apple Engineering on this issue:
 #0   0x00000000 in 0x0 ()
 #1   0x040917b0 in _EatStdMIDIComponentDispatch ()
 #2   0x7027c99c in _CallComponentDispatch ()
 #3   0x7027c96c in _CallComponentOpen ()
 #4   0x7027bbec in _OpenAComponent ()
 #5   0x7027b9f4 in _OpenComponent ()
 #6   0x7027ca94 in _CallComponent ()
 #7   0x7027c99c in _CallComponentDispatch ()
 #8   0x75bd0430 in _MovieImportGetMIMETypeList ()
 #9   0x75c038f0 in _doGetMovieImporterMIMEType ()
 #10  0x75c11688 in _qtGetComponentPublicResourceList ()
 #11  0x75bbbce4 in _GetMovieImporterForDataRef_priv ()
 #12  0x03697c88 in 0x3697c88 ()
 #13  0x03697e80 in 0x3697e80 ()
 #14  0x0369985c in 0x369985c ()
 #15  0x03698864 in 0x3698864 ()
 #16  0x0369c724 in 0x369c724 ()
 #17  0x03697304 in 0x3697304 ()
 #18  0x02233d5c in
OnDataAvailable__24ns4xPluginStreamListenerFP19nsIPluginStream ()
 #19  0x0223dfb4 in
OnDataAvailable__26nsPluginStreamListenerPeerFP10nsIRequestP11 ()
 #20  0x02252d94 in
OnDataAvailable__14PluginListenerFP10nsIRequestP11nsISupportsP ()


Status: NEW → ASSIGNED
OS: All → MacOS X
Hardware: All → Macintosh

    
    

    
  
well, took me a while on my mac 9.0 to reproduce..but I finally did crash 
once...

    
    

    
  
With the help of Petersen, the problem has been narrowed down to a check-in 
between 7/13 and 7/16:

http://bonsai.mozilla.org/cvsquery.cgi?
treeid=default&module=all&branch=MOZILLA_0_9_2_BRANCH&branchtype=match&dir=&file
=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=07
%2F13%2F2001&maxdate=07%2F16%2F2001&cvsroot=%2Fcvsroot

There are a lot of check-ins on this list, but the one which stands out is 
Brian Nesse's fix for the nsITimer leak in bug 85231. It fits because it 
effected both full-page and embedded plugins, it's Mac only, and it effects 
plugin shutdown (vs. plugin loading as other check-ins do). I'll try backing 
out the fix in my tree to see if the problem is still there. However, if fixing 
the leak does turn out to be the problem, the REAL fix may be a little more 
difficult as this is a problem which has been there for a long time and only 
now is showing up because of plugging the leak.

    
    

    
  
I may have found the source of the problem. I think it's the notorious
PR_UnloadLibrary in nsPluginTag::TryUnloadPlugin in nsPluginHostImpl.cpp.
Without it, we don't crash! This has been the source of much controversy in bug
79196. Even though Brian's last comment in the bug is that in 4.x we did unload
it after NPP_Shutdown, when I commented that out, we don't crash with Carbon
Quicktime anymore. I'm starting to agree with Chris Blizzard that maybe it
should be (re)moved.


    
    

    
  
The problem was that with CFBundle plugins on OSX, we weren't correctly loading
the resource data of the plugin! This casues a plethora of serious issues with
OS X Quicktime and Mozilla which will now be fixed. 

I'm now seeking reviews for my patch.

Note about tabs in patch: nsPluginsDirMac.cpp is FULL of tabs so I'll "untabify"
it before checking in.
Keywords: patch
Whiteboard: [seeking reviews]

    
    

    
  
So that was the problem then? Cool!

In the 4xPlugin changes it looks like you should be able to pass the nsFileSpec |
file| directly to the nsPluginFile constructor without having to go through |
spec|... just adding pointless copy constructors.


    
    

    
  
Hate to be the bearer of bad tidings but this doesn't fix the QuickTime crash
for me (trunk build froma  clean pull today w/patch applied).  I have a slightly
different test case though:

1) Go to http://www.apple.com/trailers/disney/monsters_inc/
2) Click on "WATCH THE NEW TRAILER"
3) Pick a movie size from the window that pops up
4) Click in the window that pops up to start the movie playing
5) Move the movie window out of the way so you can click on "WATCH THE NEW
TRAILER" again
6) Pick the same size movie as you did in step #3
7) Note the movie from step #4 stops playing and you get the "click to play"
message displayed again
8) Click in the movie window to start playing
9) Observe that you crash

    
    

    
  
Earlier today I was able to see the crash with the patch. However, it seemed to
have left after re-applying the patch to a freshly updated plugin project. I
thought it was caused by either garbage in my tree or for some reason the reboot
cleared something out (although I don't know how that's possible). It hasn't
crashed for me since.

Hm....I wonder if the resource is still being used by something....is there a
way to tell before calling PR_UnloadLibrary?

In any case, I could not reproduce the crash anymore using those steps. I
repeated the steps several times, even having 2 movies playing at once. I'll
keep trying and also give my debug build to Petersen tomorrow to hammer on.
Perhaps it is another bug.
Whiteboard: [seeking reviews]

    
    

    
  
Not that failing to open resources for bundle plugins isn't a problem but I agree 
it's not necessarily the cause of the QT crash (especaiily since the QT bundle 
plugin at one point worked w/o crashing when we weren't opening its resources).  
I was discussing this with beard a few days ago and he was wondering if somehow 
we're not telling the QT plugin it's going away before we kill it.


    
    

    
  
Tried Steve's procedures (multiple times) with Peter L's debug trunk OS X build
which didn't result in a crash. Visited this report's original url and completed
the steps mentioned. Again, I didn't experience a crash. Tried reloading various
QT movies at http://www.apple.com/quicktime/products/gallery/ and exited the
page via the back /forward toolbar button. Didn't recieve a crash throughtout
the testing it I did.

    
    

    
  
I think other crashes may be related to other problems or bugs. The orriginal
testcase here does not crash anymore. For now, I was wondering if I can check in
what I have as it's the right thing to do anyway. Brian or Steve can I get your r=?

I will change:
! nsPluginFile pluginFile(file);


Whiteboard: [seeking reviews]

    
    

    
  
With the change I requested. r=bnesse.


    
    

    
  
sr=sfraser


    
    

    
  
Patch checked in, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Whiteboard: [seeking reviews]

    
    

    
  
Peter, 

Using the Sept 09 build, I still can crash Mozilla.

* Reloading the QT Monsters trailer (based on dagley's steps) in this report

* Reloading PNG sample provided in this report

The original url for this bug doesn't seem to function so I can't double-check
it. Not sure if we should reopen this report or not ....

    
    

    
  
Bug 98729 has been opened with a much better testcase to easily reproduce.
Attachment #48869 [details] [diff] in that bug is a possible patch to fix what seems to be random
crashing with Quicktime.



    
    

    
  
98729 is marked for moz 0.9.5...whereas this one was for 0.9.4. any suggestions 
on the resolution of this bug ?

    
    

    
  
verif (0924).
Status: RESOLVED → VERIFIED

    
    

    
  
*** Bug 102796 has been marked as a duplicate of this bug. ***

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: