Closed
Bug 748701
Opened 13 years ago
Closed 13 years ago
crash in nsObjectLoadingContent::IsPluginEnabledForType
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox14+ verified, blocking-fennec1.0 +)
VERIFIED
FIXED
mozilla15
People
(Reporter: scoobidiver, Assigned: jaws)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [native-crash][qa+:paul.silaghi])
Crash Data
Attachments
(2 files)
(deleted),
text/html
|
Details | |
(deleted),
patch
|
jaas
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
It first appeared in 14.0a1/20120422 and affects currently two users in Nightly.
The regression range might be:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=22bfdebf5cae&tochange=990f6542747b
Signature nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&) More Reports Search
UUID 3aab2a3a-8eed-4919-842a-311712120424
Date Processed 2012-04-24 22:14:48
Uptime 2267
Last Crash 19.7 hours before submission
Install Age 7.9 hours since version was first installed.
Install Time 2012-04-24 14:22:14
Product Firefox
Version 14.0a1
Build ID 20120424030709
Release Channel nightly
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 42 stepping 7
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x0
App Notes
AdapterVendorID: 0x8086, AdapterDeviceID: 0x0116, AdapterSubsysID: 15001558, AdapterDriverVersion: 8.15.10.2653
Has dual GPUs. GPU #2: AdapterVendorID2: 0x10de, AdapterDeviceID2: 0x0dce, AdapterSubsysID2: 15001558, AdapterDriverVersion2: 8.17.12.9573D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
EMCheckCompatibility True
Total Virtual Memory 4294836224
Available Virtual Memory 3477127168
System Memory Use Percentage 30
Available Page File 13615034368
Available Physical Memory 5928677376
Frame Module Signature Source
0 xul.dll nsObjectLoadingContent::IsPluginEnabledForType content/base/src/nsObjectLoadingContent.cpp:523
1 xul.dll nsObjectLoadingContent::LoadObject content/base/src/nsObjectLoadingContent.cpp:1448
2 xul.dll nsObjectLoadingContent::LoadObject content/base/src/nsObjectLoadingContent.cpp:1254
3 xul.dll nsHTMLSharedObjectElement::StartObjectLoad content/html/content/src/nsHTMLSharedObjectElement.cpp:486
4 xul.dll nsHTMLSharedObjectElement::StartObjectLoad content/html/content/src/nsHTMLSharedObjectElement.cpp:144
5 xul.dll nsRunnableMethodImpl<void obj-firefox/dist/include/nsThreadUtils.h:345
6 xul.dll nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4730
7 xul.dll nsDocument::EndUpdate content/base/src/nsDocument.cpp:4040
8 xul.dll nsHTMLDocument::EndUpdate content/html/document/src/nsHTMLDocument.cpp:2275
9 xul.dll nsHtml5TreeOpExecutor::FlushDocumentWrite parser/html/nsHtml5TreeOpExecutor.cpp:654
10 xul.dll nsHtml5StringParser::Tokenize parser/html/nsHtml5StringParser.cpp:161
11 xul.dll nsContentUtils::ParseFragmentHTML content/base/src/nsContentUtils.cpp:3988
12 xul.dll XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:359
13 xul.dll XPCConvert::NativeData2JS js/xpconnect/src/xpcprivate.h:3291
14 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2408
15 mozjs.dll js::PropertyCache::fill js/src/jspropertycache.cpp:110
16 mozjs.dll js::GetPropertyHelper js/src/jsobj.cpp:5124
17 mozjs.dll js::GetPropertyOperation js/src/jsinterpinlines.h:266
18 mozjs.dll js::Interpret js/src/jsinterp.cpp:2757
19 mozjs.dll js::ContextStack::pushInvokeFrame js/src/vm/Stack.cpp:778
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsObjectLoadingContent%3A%3AIsPluginEnabledForType%28nsCString+const%26%29
Reporter | ||
Comment 1•13 years ago
|
||
More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsObjectLoadingContent%3A%3AIsPluginEnabledForType
Crash Signature: [@ nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&)] → [@ nsObjectLoadingContent::IsPluginEnabledForType(nsCString const&)]
[@ nsObjectLoadingContent::IsPluginEnabledForType]
OS: Windows 7 → All
Hardware: x86 → All
Whiteboard: [native-crash]
Comment 2•13 years ago
|
||
Tap on the button to get the crash (it opens a new window, closes it, then changes the embed src of the closed window).
Assignee | ||
Comment 3•13 years ago
|
||
Thanks for the test case Martijn. This patch checks for null on the document's window object before dereferencing it for the top window.
Updated•13 years ago
|
blocking-fennec1.0: ? → +
Attachment #619082 -
Flags: review?(joshmoz) → review+
Assignee | ||
Updated•13 years ago
|
Whiteboard: [native-crash] → [native-crash][waiting on bug 750661]
Assignee | ||
Comment 4•13 years ago
|
||
Blocks: 711618
status-firefox14:
--- → affected
tracking-firefox14:
--- → ?
Target Milestone: --- → mozilla15
Assignee | ||
Updated•13 years ago
|
Whiteboard: [native-crash][waiting on bug 750661] → [native-crash]
Updated•13 years ago
|
Assignee | ||
Comment 5•13 years ago
|
||
Comment on attachment 619082 [details] [diff] [review]
Patch for bug
[Approval Request Comment]
Regression caused by (bug #): bug 711618
User impact if declined: hard to hit but easily reproducible crashes
Testing completed (on m-c, etc.): locally, just landed on mozilla-inbound
Risk to taking this patch (and alternatives if risky): none expected
String changes made by this patch: none
Attachment #619082 -
Flags: approval-mozilla-aurora?
Comment 6•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 619082 [details] [diff] [review]
Patch for bug
Review of attachment 619082 [details] [diff] [review]:
-----------------------------------------------------------------
::: content/base/src/nsObjectLoadingContent.cpp
@@ +528,1 @@
> NS_ENSURE_SUCCESS(rv, rv);
Shouldn't this line (NS_ENSURE_SUCCESS) be removed now?
Assignee | ||
Comment 8•13 years ago
|
||
it shouldn't be removed, it should actually have rv assigned to in the line above. thanks for catching this.
Comment 9•13 years ago
|
||
Comment on attachment 619082 [details] [diff] [review]
Patch for bug
[Triage Comment]
Less crashes, noble cause.
Attachment #619082 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 10•13 years ago
|
||
Assignee | ||
Comment 11•13 years ago
|
||
Fixed the typo found in comment #7 on inbound (already made the change to the Aurora patch):
https://hg.mozilla.org/integration/mozilla-inbound/rev/3be54da1aba4
Comment 12•13 years ago
|
||
Comment 13•13 years ago
|
||
Cannot reproduce the crash loading the test case on Nightly 2012-04-22, Nightly 2012-04-23, Nightly 2012-05-01. Any thoughts ?
Comment 14•13 years ago
|
||
Did you have set up Plugins to "Tap to Play" in your settings?
Comment 15•12 years ago
|
||
Sorry, I missed that. Able to see the crash on nightly 2012-04-23 with click_to_play pref set on true.
Verified fixed on FF 14b8 on Win 7, Ubuntu 12.04 and Mac OS X 10.6.
Status: RESOLVED → VERIFIED
Whiteboard: [native-crash] → [native-crash][qa+:paul.silaghi]
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•