456432 – (Windowless Crash) Flash 10 w/ Firefox 3

Bug 456432 - (Windowless Crash) Flash 10 w/ Firefox 3

Summary: (Windowless Crash) Flash 10 w/ Firefox 3

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nspluginwrapper
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Martin Stransky
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-07-23 15:25 UTC by Warren Togami
Modified:	2018-04-11 14:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-08-04 10:14:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
xulrunner-1.9.0.1-windowless-plugins-crash-moz435764.patch (21.04 KB, text/x-patch) 2008-07-30 20:44 UTC, Warren Togami	no flags	Details
patch to nspluginwrapper (763 bytes, patch) 2008-08-01 18:58 UTC, Martin Stransky	no flags	Details \| Diff
View All

Description Warren Togami 2008-07-23 15:25:09 UTC

nspluginwrapper-1.1.0-4.fc9.x86_64
nspluginwrapper-1.1.0-4.fc9.i386
firefox-3.0.1-1.fc9.x86_64

Upon upgrading to these versions, http://www.weather.com began crashing.
npviewer.bin[7177]: segfault at f6f0c030 ip 144640 sp ffd29d1c error 4 in
libpthread-2.8.so[13d000+15000]

npviewer.bin dies and it somehow takes the entire browser with it.

The plugin involved is Shockwave Flash 10.0.0 d525.

The previous F-9 versions of firefox and nspluginwrapper are unaffected by this
crash.

Comment 1 Warren Togami 2008-07-30 14:44:10 UTC

firefox-3.0.1-1.fc9.x86_64
nspluginwrapper-1.1.0-4.fc9.x86_64
nspluginwrapper-1.1.0-4.fc9.i386
Shockwave Flash 10.0.2 d13 (Flash 10 Release Candidate from July 29th 2008)
Visit http://weather.com

(gdb) bt
#0  cairo_draw_with_xlib (cr=<value optimized out>, callback=<value optimized
out>, closure=<value optimized out>, dpy=<value optimized out>, width=<value
optimized out>, height=<value optimized out>, 
    is_opaque=Could not find the frame base for "cairo_draw_with_xlib".
) at cairo-xlib-utils.c:329
#1  0x0000003675a623d4 in gfxXlibNativeRenderer::Draw (this=<value optimized
out>, dpy=<value optimized out>, ctx=<value optimized out>, width=<value
optimized out>, height=<value optimized out>, 
    flags=<value optimized out>, output=<value optimized out>) at
gfxXlibNativeRenderer.cpp:101
#2  0x00000036753eee6c in nsPluginInstanceOwner::Paint (this=<value optimized
out>, aRenderingContext=<value optimized out>, aDirtyRect=<value optimized out>)
at nsObjectFrame.cpp:4076
#3  0x00000036753eeeb8 in nsObjectFrame::PaintPlugin (this=<value optimized
out>, aRenderingContext=<value optimized out>, aDirtyRect=<value optimized out>)
at nsObjectFrame.cpp:1400
#4  0x00000036753eef41 in PaintPlugin (aFrame=<value optimized out>, aCtx=<value
optimized out>, aDirtyRect=<value optimized out>, aPt=<value optimized out>) at
nsObjectFrame.cpp:1096
#5  0x00000036753de1a6 in nsDisplayGeneric::Paint (this=<value optimized out>,
aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value
optimized out>) at ../base/nsDisplayList.h:862
#6  0x0000003675392d68 in nsDisplayList::Paint (this=<value optimized out>,
aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value
optimized out>) at nsDisplayList.cpp:296
#7  0x0000003675392df6 in nsDisplayClip::Paint (this=<value optimized out>,
aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value
optimized out>) at nsDisplayList.cpp:693
#8  0x0000003675392d68 in nsDisplayList::Paint (this=<value optimized out>,
aBuilder=<value optimized out>, aCtx=<value optimized out>, aDirtyRect=<value
optimized out>) at nsDisplayList.cpp:296
#9  0x00000036753a366d in nsLayoutUtils::PaintFrame (aRenderingContext=<value
optimized out>, aFrame=<value optimized out>, aDirtyRegion=<value optimized
out>, aBackground=<value optimized out>)
    at nsLayoutUtils.cpp:988
#10 0x00000036753aa410 in PresShell::Paint (this=<value optimized out>,
aView=<value optimized out>, aRenderingContext=<value optimized out>,
aDirtyRegion=<value optimized out>) at nsPresShell.cpp:5413
#11 0x0000003675609a7a in nsViewManager::RenderViews (this=<value optimized
out>, aView=<value optimized out>, aRC=<value optimized out>, aRegion=<value
optimized out>) at nsViewManager.cpp:614
#12 0x000000367560a0d4 in nsViewManager::Refresh (this=<value optimized out>,
aView=<value optimized out>, aContext=<value optimized out>, aRegion=<value
optimized out>, aUpdateFlags=<value optimized out>)
    at nsViewManager.cpp:502
#13 0x000000367560aade in nsViewManager::DispatchEvent (this=<value optimized
out>, aEvent=<value optimized out>, aStatus=<value optimized out>) at
nsViewManager.cpp:1134
#14 0x00000036756056c5 in HandleEvent (aEvent=<value optimized out>) at
nsView.cpp:168
#15 0x000000367595bc3d in nsCommonWidget::DispatchEvent (this=<value optimized
out>, aEvent=<value optimized out>, aStatus=<value optimized out>) at
nsCommonWidget.cpp:158
#16 0x00000036759571bd in nsWindow::OnExposeEvent (this=<value optimized out>,
aWidget=<value optimized out>, aEvent=<value optimized out>) at nsWindow.cpp:1763
#17 0x0000003675957890 in expose_event_cb (widget=<value optimized out>,
event=<value optimized out>) at nsWindow.cpp:4529
#18 0x000000366eb87292 in _gtk_marshal_BOOLEAN__BOXED (closure=Could not find
the frame base for "_gtk_marshal_BOOLEAN__BOXED".
) at gtkmarshalers.c:84
#19 0x000000366ca0b6dd in IA__g_closure_invoke (closure=<value optimized out>,
return_value=<value optimized out>, n_param_values=<value optimized out>,
param_values=<value optimized out>, 
    invocation_hint=<value optimized out>) at gclosure.c:490
#20 0x000000366ca1f6c1 in signal_emit_unlocked_R (node=<value optimized out>,
detail=<value optimized out>, instance=<value optimized out>,
emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:2440
#21 0x000000366ca20a1f in IA__g_signal_emit_valist (instance=<value optimized
out>, signal_id=<value optimized out>, detail=<value optimized out>,
var_args=<value optimized out>) at gsignal.c:2209
#22 0x000000366ca210e3 in IA__g_signal_emit (instance=<value optimized out>,
signal_id=<value optimized out>, detail=<value optimized out>) at gsignal.c:2243
#23 0x000000366ecf4309 in gtk_widget_event_internal (widget=Could not find the
frame base for "gtk_widget_event_internal".
) at gtkwidget.c:4678
#24 0x000000366ecf3f79 in IA__gtk_widget_send_expose (widget=Could not find the
frame base for "IA__gtk_widget_send_expose".
) at gtkwidget.c:4510
#25 0x000000366eb8440e in IA__gtk_main_do_event (event=Could not find the frame
base for "IA__gtk_main_do_event".
) at gtkmain.c:1518
#26 0x000000366da3d183 in gdk_window_process_updates_internal (window=Could not
find the frame base for "gdk_window_process_updates_internal".
) at gdkwindow.c:2378
#27 0x000000366da3d2cb in IA__gdk_window_process_all_updates () at gdkwindow.c:2444
#28 0x000000366da3cf57 in gdk_window_update_idle (data=Could not find the frame
base for "gdk_window_update_idle".
) at gdkwindow.c:2288
#29 0x000000366da1a656 in gdk_threads_dispatch (data=Could not find the frame
base for "gdk_threads_dispatch".
) at gdk.c:470
#30 0x000000366c2374db in IA__g_main_context_dispatch (context=<value optimized
out>) at gmain.c:2012
#31 0x000000366c23acbd in g_main_context_iterate (context=<value optimized out>,
block=<value optimized out>, dispatch=<value optimized out>, self=<value
optimized out>) at gmain.c:2645
#32 0x000000366c23ae7b in IA__g_main_context_iteration (context=<value optimized
out>, may_block=<value optimized out>) at gmain.c:2708
#33 0x000000367596fdb1 in nsBaseAppShell::DoProcessNextNativeEvent (this=<value
optimized out>, mayWait=<value optimized out>) at nsBaseAppShell.cpp:151
#34 0x000000367596feff in nsBaseAppShell::OnProcessNextEvent (this=<value
optimized out>, thr=<value optimized out>, mayWait=<value optimized out>,
recursionDepth=<value optimized out>)
    at nsBaseAppShell.cpp:296
#35 0x0000003675a27aeb in nsThread::ProcessNextEvent (this=<value optimized
out>, mayWait=<value optimized out>, result=<value optimized out>) at
nsThread.cpp:497
#36 0x00000036759f9396 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=<value optimized out>) at nsThreadUtils.cpp:227
#37 0x000000367597001d in nsBaseAppShell::Run (this=<value optimized out>) at
nsBaseAppShell.cpp:170
#38 0x000000367582dba9 in nsAppStartup::Run (this=<value optimized out>) at
nsAppStartup.cpp:181
#39 0x0000003675222ed3 in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3170
#40 0x0000000000401665 in main (argc=2, argv=0x7fffd1746bf8) at nsXULStub.cpp:364

Comment 2 Warren Togami 2008-07-30 16:35:21 UTC

This seems to be an issue with flash plugin itself.

firefox-3.0.1-1.el5
Shockwave Flash 10.0.2 d13

RHEL5 firefox without nspluginwrapper crashes at the same place.

(gdb) bt
#0  cairo_draw_with_xlib (cr=0xace4fb8, callback=0x2f85fa0 <NativeRendering>,
closure=0xbfb02fe4, dpy=0x0, width=1, height=1, 
    is_opaque=CAIRO_XLIB_DRAWING_TRANSPARENT, capabilities=27, result=0x0) at
cairo-xlib-utils.c:329
#1  0x02f860d2 in gfxXlibNativeRenderer::Draw (this=0xbfb03034, dpy=0x0,
ctx=0xae315b8, width=1, height=1, flags=1, output=0x0)
    at gfxXlibNativeRenderer.cpp:101
#2  0x02645beb in nsPluginInstanceOwner::Paint (this=0xaa075a8,
aRenderingContext=@0xa688c50, aDirtyRect=@0xbfb030e0) at nsObjectFrame.cpp:4076
#3  0x02645c99 in nsObjectFrame::PaintPlugin (this=0xb894830,
aRenderingContext=@0xa688c50, aDirtyRect=@0xbfb030e0) at nsObjectFrame.cpp:1400
#4  0x02648504 in PaintPlugin (aFrame=0xb894830, aCtx=0xa688c50,
aDirtyRect=@0xbfb03190, aPt={x = -1078972120, y = 58740}) at nsObjectFrame.cpp:1096
#5  0x02632f10 in nsDisplayGeneric::Paint (this=0xb840818, aBuilder=0xbfb03270,
aCtx=0xa688c50, aDirtyRect=@0xbfb03190) at ../base/nsDisplayList.h:862
#6  0x025d400e in nsDisplayList::Paint (this=0xb8364cc, aBuilder=0xbfb03270,
aCtx=0xa688c50, aDirtyRect=@0xbfb03190) at nsDisplayList.cpp:296
#7  0x025d4059 in nsDisplayWrapList::Paint (this=0xb8364c0, aBuilder=0xbfb03270,
aCtx=0xa688c50, aDirtyRect=@0xbfb03190) at nsDisplayList.cpp:693
#8  0x025d40d9 in nsDisplayClip::Paint (this=0xb8364c0, aBuilder=0xbfb03270,
aCtx=0xa688c50, aDirtyRect=@0xbfb0353c) at nsDisplayList.cpp:887
#9  0x025d400e in nsDisplayList::Paint (this=0xbfb03268, aBuilder=0xbfb03270,
aCtx=0xa688c50, aDirtyRect=@0xbfb0353c) at nsDisplayList.cpp:296
#10 0x025e967c in nsLayoutUtils::PaintFrame (aRenderingContext=0xa688c50,
aFrame=0xab765d4, aDirtyRegion=@0xbfb0351c, aBackground=4294967295)
    at nsLayoutUtils.cpp:988
#11 0x025f2091 in PresShell::Paint (this=0xab6f750, aView=0xab6e240,
aRenderingContext=0xa688c50, aDirtyRegion=@0xbfb0351c) at nsPresShell.cpp:5413
#12 0x0294b093 in nsViewManager::RenderViews (this=0xab6e1e0, aView=0xac8a308,
aRC=@0xa688c50, aRegion=@0xbfb035d8) at nsViewManager.cpp:614
#13 0x0294b44f in nsViewManager::Refresh (this=0xab6e1e0, aView=0xac8a308,
aContext=0xa688c50, aRegion=0xb89ea50, aUpdateFlags=1) at nsViewManager.cpp:502
#14 0x0294cafe in nsViewManager::DispatchEvent (this=0xab6e1e0,
aEvent=0xbfb0380c, aStatus=0xbfb03780) at nsViewManager.cpp:1134
#15 0x02945ee6 in HandleEvent (aEvent=0xbfb0380c) at nsView.cpp:168
#16 0x02e08387 in nsCommonWidget::DispatchEvent (this=0xac8a588,
aEvent=0xbfb0380c, aStatus=@0xbfb03900) at nsCommonWidget.cpp:158
#17 0x02e039d1 in nsWindow::OnExposeEvent (this=0xac8a588, aWidget=0x9fb5060,
aEvent=0xbfb03e84) at nsWindow.cpp:1763
#18 0x02e04376 in expose_event_cb (widget=0x9fb5060, event=0xbfb03e84) at
nsWindow.cpp:4529
#19 0x00fbb060 in gtk_marshal_BOOLEAN__VOID () from /usr/lib/libgtk-x11-2.0.so.0
#20 0x0017df0b in IA__g_closure_invoke (closure=0xa239a48,
return_value=0xbfb03ab0, n_param_values=2, param_values=0xbfb03b8c,
invocation_hint=0xbfb03a9c)
    at gclosure.c:490
#21 0x0018ee83 in signal_emit_unlocked_R (node=0x9f8a1b8, detail=0,
instance=0x9fb5060, emission_return=0xbfb03d4c, instance_and_params=0xbfb03b8c)
    at gsignal.c:2438
#22 0x00190147 in IA__g_signal_emit_valist (instance=0x9fb5060, signal_id=50,
detail=0, var_args=0xbfb03dd0 "�=��\204>��`P�\t�9\r\001`P�\t�\224�\t")
    at gsignal.c:2207
#23 0x00190539 in IA__g_signal_emit (instance=0x9fb5060, signal_id=50, detail=0)
at gsignal.c:2241
#24 0x010cf5d8 in gtk_widget_get_default_style () from /usr/lib/libgtk-x11-2.0.so.0
#25 0x00fb57e5 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#26 0x07a3d7ff in gdk_window_is_viewable () from /usr/lib/libgdk-x11-2.0.so.0
#27 0x07a3da47 in gdk_window_process_all_updates () from
/usr/lib/libgdk-x11-2.0.so.0
#28 0x07a3dac5 in gdk_window_process_all_updates () from
/usr/lib/libgdk-x11-2.0.so.0
#29 0x002225e1 in g_idle_dispatch (source=0xb89afc8, callback=0, user_data=0x0)
at gmain.c:3926
#30 0x00224342 in IA__g_main_context_dispatch (context=0x9e4c140) at gmain.c:2045
#31 0x0022731f in g_main_context_iterate (context=0x9e4c140, block=1,
dispatch=1, self=0x9e2de58) at gmain.c:2677
#32 0x00227885 in IA__g_main_context_iteration (context=0x9e4c140, may_block=1)
at gmain.c:2736
#33 0x02e06665 in nsAppShell::ProcessNextNativeEvent (this=0x9f07658, mayWait=1)
at nsAppShell.cpp:144
#34 0x02e228dc in nsBaseAppShell::DoProcessNextNativeEvent (this=0x9f07658,
mayWait=1) at nsBaseAppShell.cpp:151
#35 0x02e22d17 in nsBaseAppShell::OnProcessNextEvent (this=0x9f07658,
thr=0x9e63468, mayWait=1, recursionDepth=0) at nsBaseAppShell.cpp:296
#36 0x02f33bb0 in nsThread::ProcessNextEvent (this=0x9e63468, mayWait=1,
result=0xbfb040e4) at nsThread.cpp:497
#37 0x02ef2343 in NS_ProcessNextEvent_P (thread=0x3581700, mayWait=1) at
nsThreadUtils.cpp:227
#38 0x02e22a67 in nsBaseAppShell::Run (this=0x9f07658) at nsBaseAppShell.cpp:170
#39 0x02c28ebf in nsAppStartup::Run (this=0x9fbd260) at nsAppStartup.cpp:181
#40 0x023f5231 in XRE_main (argc=1, argv=0xbfb078b4, aAppData=0x9e2d980) at
nsAppRunner.cpp:3170
#41 0x080490a2 in __gxx_personality_v0 ()
#42 0x003e5dec in __libc_start_main () from /lib/libc.so.6
#43 0x08048c51 in __gxx_personality_v0 ()

Comment 3 Warren Togami 2008-07-30 20:42:35 UTC

Reassigning back to Fedora because it turns out this is a bug in xulrunner.

https://bugzilla.mozilla.org/show_bug.cgi?id=435764
Upstream fixed in xulrunner-1.9.0.2.

Comment 4 Warren Togami 2008-07-30 20:44:08 UTC

Created attachment 313038 [details]
xulrunner-1.9.0.1-windowless-plugins-crash-moz435764.patch

https://bugzilla.mozilla.org/show_bug.cgi?id=435764#c36
I am currently testing this patch, hand backported from the upstream twice and
checked with diff for correctness.

Comment 5 Warren Togami 2008-07-30 21:02:32 UTC

+        DRAW_SUPPORTS_ALTERNATE_SCREEN = 0x20,
     };

../../../dist/include/thebes/gfxXlibNativeRenderer.h:88: error: comma at end of
enumerator list

<foo> it's explicitly allowed in C99, it wasn't allowed in C89
<foo> so, it depends heavily on the options you pass to the compiler
<roland> i think that was always a -pedantic only check

Simply remove the comma from this patch.

Comment 6 Warren Togami 2008-07-31 02:19:42 UTC

Fedora 9 x86_64
firefox-3.0.1-1.fc9.x86_64
xulrunner-1.9.0.1-2.fc9.windowless.x86_64 (with the above patch)

While visiting http://weather.com works without crashing with the above patch,
firefox still crashes if I do the following.

1) Load any page.
2) Go to http://weather.com.
3) Click Back.
4) Click Forward.

(gdb) bt
#0  XVisualIDFromVisual (visual=0x0) at Misc.c:61
#1  0x00007f279abd9dde in do_send_NPWindowData (message=0x7fffb210cfa0,
p_value=<value optimized out>) at ../src/npw-rpc.c:384
#2  0x00007f279abd9f14 in do_send_NPWindow (message=0x7fffb210cfa0,
p_value=0x7f279ab3b0f8) at ../src/npw-rpc.c:513
#3  0x00007f279abdc6e1 in rpc_message_send_args (message=0x7fffb210cfa0,
args=0x7fffb210cf60) at ../src/rpc.c:1132
#4  0x00007f279abde5fa in rpc_method_invoke (connection=0x7f279ab3b1d0,
method=<value optimized out>) at ../src/rpc.c:1676
#5  0x00007f279abd7b98 in g_NPP_SetWindow (instance=0x7f279ab3f130,
window=0x7f279ab3b0f8) at ../src/npw-wrapper.c:1460
#6  0x000000000109f214 in ns4xPluginInstance::SetWindow (this=0x7f279ab3f100,
window=0x7f279ab3b0f8) at ns4xPluginInstance.cpp:1173
#7  0x00000000010b6bda in nsPluginNativeWindowGtk2::CallSetWindow
(this=0x7f279ab3b0f0, aPluginInstance=@0x7fffb210f180) at
nsPluginNativeWindowGtk2.cpp:166
#8  0x0000000000bfb6db in nsObjectFrame::CallSetWindow (this=0x7f279b21a288) at
nsObjectFrame.cpp:947
#9  0x0000000000bfb7d2 in nsObjectFrame::Instantiate (this=0x7f279b21a288,
aMimeType=0x7f279ae6d898 "application/x-shockwave-flash", aURI=0x7f279ae6b4f0)
at nsObjectFrame.cpp:1678
#10 0x0000000000d0c5c2 in nsObjectLoadingContent::Instantiate
(this=0x7f27a0c778c0, aFrame=0x7f279b21a2c8, aMIMEType=<value optimized out>,
aURI=0x7f279ae6b4f0) at nsObjectLoadingContent.cpp:1699
#11 0x0000000000d0e198 in nsObjectLoadingContent::EnsureInstantiation
(this=0x7f27a0c778c0, aInstance=0x7fffb210f300) at nsObjectLoadingContent.cpp:750
#12 0x0000000000bb186f in StartPluginInstance (aShell=<value optimized out>,
aContent=<value optimized out>) at nsPresShell.cpp:6093
#13 0x0000000000bb17c2 in PresShell::EnumeratePlugins (this=0x7f27a0c33340,
aDocument=<value optimized out>, aPluginTag=<value optimized out>,
aCallback=0xbb1826 <StartPluginInstance>)
    at nsPresShell.cpp:6611
#14 0x0000000000bb1f65 in PresShell::Thaw (this=0x7f27a0c33340) at
nsPresShell.cpp:6111
#15 0x0000000000fc0a69 in nsDocShell::RestoreFromHistory (this=0x7f27a3206f10)
at nsDocShell.cpp:6021
#16 0x0000000000fc0d42 in nsDocShell::RestorePresentationEvent::Run (this=<value
optimized out>) at nsDocShell.cpp:5464
#17 0x0000000001230d6a in nsThread::ProcessNextEvent (this=0x1eef730, mayWait=1,
result=0x7fffb210f66c) at nsThread.cpp:510
#18 0x00000000012025c2 in NS_ProcessNextEvent_P (thread=0x0, mayWait=1) at
nsThreadUtils.cpp:227
#19 0x0000000001179249 in nsBaseAppShell::Run (this=0x1fb4a90) at
nsBaseAppShell.cpp:170
#20 0x0000000001036dd1 in nsAppStartup::Run (this=0x20d69c0) at nsAppStartup.cpp:181
#21 0x0000000000a2c0e3 in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3170
#22 0x0000000000401665 in main (argc=1, argv=0x7fffb21130b8) at nsXULStub.cpp:364

Comment 7 Warren Togami 2008-07-31 02:21:59 UTC

http://koji.fedoraproject.org/scratch/wtogami/task_748852/
Here is a scratch build of xulrunner with the upstream patch.

So I'm guessing this remaining crash is from nspluginwrapper?

Comment 8 Matěj Cepl 2008-07-31 22:26:16 UTC

Unfortunately, yes, I have reproduced this with firefox on Fedora 9.

Comment 9 Matěj Cepl 2008-07-31 22:26:41 UTC

That is standard firefox and xulrunner on Fedora 9

Comment 10 Martin Stransky 2008-08-01 14:24:47 UTC

Yes, it's an nspluginwrapper issue.

(gdb) f
#1  0x00007f53215f047c in do_send_NPSetWindowCallbackStruct
(message=0x7fff4d17b2f0, p_value=0x7f53213f1648)
    at ../src/npw-rpc.c:384

(gdb) l
384             if ((error = rpc_message_send_uint32(message,
XVisualIDFromVisual(ws_info->visual))) < 0)
385               return error;

(gdb) p ws_info->visual
$4 = (Visual *) 0x0

#0  0x00007f5342570320 in XVisualIDFromVisual () from /usr/lib64/libX11.so.6
#1  0x00007f53215f047c in do_send_NPSetWindowCallbackStruct
(message=0x7fff4d17b2f0, p_value=0x7f53213f1648)
    at ../src/npw-rpc.c:384
#2  0x00007f53215f0784 in do_send_NPWindowData (message=0x7fff4d17b2f0,
p_value=0x7f53213f1608) at ../src/npw-rpc.c:461
#3  0x00007f53215f097d in do_send_NPWindow (message=0x7fff4d17b2f0,
p_value=0x7f53213f1608) at ../src/npw-rpc.c:513
#4  0x00007f53215f4a78 in rpc_message_send_args (message=0x7fff4d17b2f0,
args=0x7fff4d17b2d0) at ../src/rpc.c:1132
#5  0x00007f53215f60fc in rpc_method_invoke (connection=0x7f532255b4c0,
method=25) at ../src/rpc.c:1676
#6  0x00007f53215ec8e9 in invoke_NPP_SetWindow (plugin=0x7f532195cee0,
window=0x7f53213f1608) at ../src/npw-wrapper.c:1460
#7  0x00007f53215ec9d6 in g_NPP_SetWindow (instance=0x7f5322c239e8,
window=0x7f53213f1608) at ../src/npw-wrapper.c:1490
#8  0x00007f532fc5026d in ns4xPluginInstance::SetWindow (this=0x7f5322c239b0,
window=0x7f53213f1608)
    at ns4xPluginInstance.cpp:1173
#9  0x00007f532fc85be8 in nsPluginNativeWindowGtk2::CallSetWindow
(this=0x7f53213f1600, aPluginInstance=@0x7fff4d17d570)
    at nsPluginNativeWindowGtk2.cpp:163
#10 0x00007f5328b77f01 in nsObjectFrame::CallSetWindow (this=0x7f53218b8b10)
at nsObjectFrame.cpp:947
#11 0x00007f5328b7813c in nsObjectFrame::Instantiate (this=0x7f53218b8b10,
    aMimeType=0x7f53219254d8 "application/x-shockwave-flash",
aURI=0x7f53213287c0) at nsObjectFrame.cpp:1678

I need to update nspluginwrapper according the fix for mozilla Bug 435764...

Comment 11 Martin Stransky 2008-08-01 18:58:54 UTC

Created attachment 313222 [details]
patch to nspluginwrapper

Comment 12 Warren Togami 2008-08-02 03:05:23 UTC

Good work!  I can confirm that your patch against nspluginwrapper-1.1.0 seems to
prevent the second crash here.  I went back and tested it with patched
nspluginwrapper but unpatched xulrunner and it has the first crash (just like
firefox.i386 without nspluginwrapper).  So we need to patch both xulrunner and
nspluginwrapper for this to work.

Could we please push this as a F9 update?

http://koji.fedoraproject.org/scratch/wtogami/task_748852/
Patched xulrunner for F9
http://koji.fedoraproject.org/scratch/wtogami/task_753845/
Patched nspluginwrapper for F9

Here are scratch binaries for others to test.

Comment 13 Fedora Update System 2008-08-04 07:55:18 UTC

nspluginwrapper-1.1.0-5.fc9 has been submitted as an update for Fedora 9

Comment 14 Fedora Update System 2008-08-07 23:56:58 UTC

nspluginwrapper-1.1.0-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Julian Sikorski 2008-08-09 11:50:22 UTC

How about xulrunner update? Shall a separate bug be filed?

Comment 16 Warren Togami 2008-08-11 05:15:12 UTC

A xulrunner update is needed.  We're discussing this with the maintainer.

http://people.redhat.com/wtogami/temp/windowless/
Meanwhile please test these patch binaries for Fedora 9, Fedora 10, RHEL4 and RHEL5.

Comment 17 Fedora Update System 2008-09-30 08:05:20 UTC

nspluginwrapper-1.1.0-7.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nspluginwrapper-1.1.0-7.fc9

Comment 18 Fedora Update System 2008-10-01 06:38:29 UTC

nspluginwrapper-1.1.0-7.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2008-10-16 12:11:00 UTC

nspluginwrapper-1.1.2-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nspluginwrapper-1.1.2-1.fc9

Comment 20 Fedora Update System 2008-10-20 22:12:51 UTC

nspluginwrapper-1.1.2-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.