#146 mplayer calls gtk/browser from its own thread

closed-fixed
Kevin DeKorte
Plugin (92)
5
2008-06-27
2008-03-25
timeless
No

https://bugzilla.mozilla.org/show_bug.cgi?id=423404

http://crash-stats.mozilla.com/report/index/b2bd65d7-f055-11dc-9c52-001a4bd43e5c

Signature JS_RestoreFrameChain
UUID b2bd65d7-f055-11dc-9c52-001a4bd43e5c
Time 2008-03-12 09:59:31-07:00
Uptime 0
Product Firefox
Version 3.0b5pre
Build ID 2008031204
OS Linux
OS Version 0.0.0 Linux 2.6.24.3 #3 Fri Feb 29 02:41:00 EST 2008 i686
GNU/Linux
CPU x86
CPU Info AuthenticAMD family 1 model 10 stepping 0
Crash Reason SIGSEGV
Crash Address 0xb72f2568
Comments Add a comment (comments are publicly visible)
Crashing Thread
Frame Signature Source
0 JS_RestoreFrameChain mozilla/js/src/jsapi.c:5163
1 XPCJSContextStack::Pop(JSContext**)
mozilla/js/src/xpconnect/src/xpcthreadcontext.cpp:113
2 nsXPCThreadJSContextStackImpl::Pop(JSContext**)
mozilla/js/src/xpconnect/src/xpcthreadcontext.cpp:390
3 nsCxPusher::Pop()
mozilla/content/base/src/nsContentUtils.cpp:2639
4 nsCxPusher::~nsCxPusher()
mozilla/content/base/src/nsContentUtils.cpp:2527
5 nsEventListenerManager::HandleEventSubType(nsListenerStruct*,
nsIDOMEventListener*, nsIDOMEvent*, nsISupports*, unsigned int)
mozilla/content/events/src/nsEventListenerManager.cpp:1085
6 nsEventListenerManager::HandleEvent(nsPresContext*, nsEvent*,
nsIDOMEvent**, nsISupports*, unsigned int, nsEventStatus*)
mozilla/content/events/src/nsEventListenerManager.cpp:1186
7 nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, unsigned
int) mozilla/content/events/src/nsEventDispatcher.cpp:206
8
nsEventTargetChainItem::HandleEventTargetChain(nsEventChainPostVisitor&,
unsigned int, nsDispatchingCallback*)
mozilla/content/events/src/nsEventDispatcher.cpp:287
9 nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*,
nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*)
mozilla/content/events/src/nsEventDispatcher.cpp:479
10 PresShell::HandleEventInternal(nsEvent*, nsIView*, nsEventStatus*)
mozilla/layout/base/nsPresShell.cpp:5895
11 PresShell::HandlePositionedEvent(nsIView*, nsIFrame*, nsGUIEvent*,
nsEventStatus*) mozilla/layout/base/nsPresShell.cpp:5783
12 PresShell::HandleEvent(nsIView*, nsGUIEvent*, nsEventStatus*)
mozilla/layout/base/nsPresShell.cpp:5643
13 nsViewManager::HandleEvent(nsView*, nsPoint, nsGUIEvent*, int)
mozilla/view/src/nsViewManager.cpp:1380
14 nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*)
mozilla/view/src/nsViewManager.cpp:1335
15 HandleEvent(nsGUIEvent*) mozilla/view/src/nsView.cpp:168
16 nsCommonWidget::DispatchEvent(nsGUIEvent*, nsEventStatus&)
mozilla/widget/src/gtk2/nsCommonWidget.cpp:153
17 nsWindow::OnButtonReleaseEvent(_GtkWidget*, _GdkEventButton*)
mozilla/widget/src/gtk2/nsWindow.cpp:2145
18 button_release_event_cb(_GtkWidget*, _GdkEventButton*)
mozilla/widget/src/gtk2/nsWindow.cpp:4603
19 libgtk-x11-2.0.so.0.1200.5@0x194067
20 libgobject-2.0.so.0.1400.6@0x8f82
21 libgobject-2.0.so.0.1400.6@0x1948c
22 libgobject-2.0.so.0.1400.6@0x1a75e
23 libgobject-2.0.so.0.1400.6@0x1ab58
24 libgtk-x11-2.0.so.0.1200.5@0x31fcb3
25 libgtk-x11-2.0.so.0.1200.5@0x31f7b7
26 libgtk-x11-2.0.so.0.1200.5@0x1923fe
27 libgtk-x11-2.0.so.0.1200.5@0x190d3d
28 libgdk-x11-2.0.so.0.1200.5@0x525f5
29 libglib-2.0.so.0.1400.6@0x2d1ab
30 libglib-2.0.so.0.1400.6@0x305ee
31 libglib-2.0.so.0.1400.6@0x30b54
32 libgtk-x11-2.0.so.0.1200.5@0x19067d
33 mplayerplug-in-qt.so@0x2ca34
34 libpthread-2.7.so@0x550a

Comment #1 [reply] timeless 2008-03-17 03:21:27 PDT
please see the other bugs with this signature for an explanation, but in short,
mplayer is buggy and should not trigger gtk/x11 events for its host from any thread that is not thread from which the plugin was instantiated (aka the browser main thread).

https://bugzilla.mozilla.org/show_bug.cgi?id=417245#c7

Note that frame 34 indicates that this is a thread (the main thread's entrypoint looks very different) (you can also tell because the original report lists thread 0 elsewhere).

Discussion

  • Kevin DeKorte
    Kevin DeKorte
    2008-06-12

    • status: open --> pending-fixed
     
  • Kevin DeKorte
    Kevin DeKorte
    2008-06-12

    Logged In: YES
    user_id=685413
    Originator: NO

    May change to CVS that should correct this.

     
    • status: pending-fixed --> closed-fixed
     
  • Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • timeless
    timeless
    2008-06-27

    Logged In: YES
    user_id=3495
    Originator: YES

    could you please provide a reference to the change so that I could review it?