Closed Bug 941908 Opened 6 years ago Closed 6 years ago

crash in nsIDocument::IsActive()

Categories

(Core :: Plug-ins, defect, critical)

26 Branch
x86
Windows NT
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla28
Tracking Status
firefox26 + verified
firefox27 + verified
firefox28 --- verified
b2g-v1.2 --- fixed

People

(Reporter: jbecerra, Assigned: benjamin)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-c43c2b0b-32e2-410d-8c8d-59b312131120.
=============================================================

This is currently in the top 10 for 26 beta, and it looks like it started happening last week. It doesn't figure at the top in the explosive reports, but it's been steady since 11/14/2013. There are only three comments, a couple of them mentioning crashing while on Facebook.

Most of these happen on Win 7 or Win XP.
Null mDocument at http://hg.mozilla.org/releases/mozilla-beta/annotate/ab495a0b16a0/content/base/src/nsObjectLoadingContent.cpp#l255

This should have triggered the assertions in the constructor (in debug builds), but without knowing more we should just null-check: bug 934774 is the proximate cause: http://hg.mozilla.org/releases/mozilla-beta/rev/c804c901cc2b
Assignee: nobody → benjamin
Blocks: 934774
Attachment #8336833 - Flags: review?(jschoenick)
Comment on attachment 8336833 [details] [diff] [review]
bug941908 - wallpaper null check

Review of attachment 8336833 [details] [diff] [review]:
-----------------------------------------------------------------

Looking at this, I'm pretty sure PluginInstantiated/PluginOutdated can fire for plugins removed from the document - we do re-entrant things between spawning the plugin and queuing the event like SetFrame/CallSetWindow (and maybe notifycontentobjectwrapper).

Also, nothing cancels these events when they are superseded -- I hope the frontend doesn't rely on the plugin still being alive when it gets PluginInstantiated, for instance.
Attachment #8336833 - Flags: review?(jschoenick) → review+
Comment on attachment 8336833 [details] [diff] [review]
bug941908 - wallpaper null check

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 934774
User impact if declined: crashes
Testing completed (on m-c, etc.): none 
Risk to taking this patch (and alternatives if risky): basically 0-risk, this is just a null check
String or IDL/UUID changes made by this patch: none
Attachment #8336833 - Flags: approval-mozilla-beta?
Attachment #8336833 - Flags: approval-mozilla-aurora?
Comment on attachment 8336833 [details] [diff] [review]
bug941908 - wallpaper null check

Since it's just a null check I'll approve this while still on inbound to ensure we get it into today's Beta and collect data over the coming week in time for final beta.
Attachment #8336833 - Flags: approval-mozilla-beta?
Attachment #8336833 - Flags: approval-mozilla-beta+
Attachment #8336833 - Flags: approval-mozilla-aurora?
Attachment #8336833 - Flags: approval-mozilla-aurora+
The above was a merge of Ben's push to beta (not marked in the bug):
https://hg.mozilla.org/releases/mozilla-beta/rev/2719e6765675

Looks like this still need to land on Aurora, though.
Flags: needinfo?(benjamin)
Keywords: verifyme
https://hg.mozilla.org/mozilla-central/rev/d6938c92b2e3
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Flags: needinfo?(benjamin)
Aurora?
Flags: needinfo?(benjamin)
We couldn't reproduce the initial issue on Win XP and Win 7 32-bit, but no new Socorro reports were filled after the fix was introduced on Firefox 26 beta 8, latest Aurora and latest Nightly.
Marking as verified and removing the 'verifyme' keyword.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.