Closed
Bug 938796
Opened 11 years ago
Closed 3 years ago
navigator.plugins.refresh(true) in plugin destruction triggers mozilla::ipc::RPCChannel::DebugAbort "mismatched CxxStackFrame ctor/dtors"
Categories
(Core Graveyard :: Plug-ins, defect)
Core Graveyard
Plug-ins
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: johns, Assigned: johns)
References
Details
Attachments
(1 file)
|
258 bytes,
text/html
|
Details |
Split out from bug 864112, this specific testcase is triggering this failure when calling navigator.plugins.refresh(true) inside plugin destruction. This call refreshes the page, as well as our list of plugins. However, at: http://dxr.mozilla.org/mozilla-central/source/dom/base/nsPluginArray.cpp#125 We should only be refreshing the page if plugins actually changed, so that may be broken as well...
|
Assignee | |
Comment 1•11 years ago
|
||
|
|
Assignee | |
Comment 2•11 years ago
|
||
So the issue here is that IsRunningPlugin returns false for code running inside NPP_Destroy, allowing RefreshPlugins to try to unload the plugin inside a plugin call: http://dxr.mozilla.org/mozilla-central/source/dom/plugins/base/nsPluginHost.cpp#353 Other instances of pluginTag->TryUnloadPlugin (which doesn't "try", but rather unconditionally does) in this file don't look to be carefully re-entrance checked either.
Assignee: nobody → jschoenick
Status: NEW → ASSIGNED
|
||
Comment 3•3 years ago
|
||
navigator.plugins is now always empty.
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•