RESOLVED WONTFIX 9841
flash player plug-in is crashing in WebView
https://bugs.webkit.org/show_bug.cgi?id=9841
Summary flash player plug-in is crashing in WebView
Gurmit Teotia
Reported 2006-07-10 23:03:14 PDT
Hi, I'm playing flash "swf" file using WebView in my application. My application is crashing randomly, below is the stack trace from gdb: Program received signal: "EXC_BAD_ACCESS". (gdb) bt #0 0x040a1840 in Flash_EnforceLocalSecurity () #1 0x0431902c in ?? () #2 0x0409d2fc in Flash_EnforceLocalSecurity () #3 0x0409eb30 in Flash_EnforceLocalSecurity () #4 0x0409fcc0 in Flash_EnforceLocalSecurity () #5 0x040afc64 in Flash_EnforceLocalSecurity () #6 0x040afdb0 in Flash_EnforceLocalSecurity () #7 0x04108ea4 in Flash_EnforceLocalSecurity () #8 0x041082fc in Flash_EnforceLocalSecurity () #9 0x04108ce4 in Flash_EnforceLocalSecurity () #10 0x040329c0 in Flash_EnforceLocalSecurity () #11 0x040fa930 in Flash_EnforceLocalSecurity () #12 0x0402f8e0 in Flash_EnforceLocalSecurity () #13 0x040272c0 in Flash_EnforceLocalSecurity () #14 0x959dbc40 in -[WebBaseNetscapePluginView sendEvent:] () #15 0x959dda10 in -[WebBaseNetscapePluginView sendNullEvent] () #16 0x9287f07c in __NSFireTimer () #17 0x9075df90 in __CFRunLoopDoTimer () #18 0x9074a908 in __CFRunLoopRun () #19 0x90749ebc in CFRunLoopRunSpecific () #20 0x93121fc0 in RunCurrentEventLoopInMode () #21 0x93121654 in ReceiveNextEventCommon () #22 0x931214c0 in BlockUntilNextEventMatchingListInMode () #23 0x9362a384 in _DPSNextEvent () #24 0x9362a048 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #25 0x936265ac in -[NSApplication run] () #26 0x93716e04 in NSApplicationMain () #27 0x00013fa8 in main (argc=1, argv=0xbffffac4) at It's very difficult to give the steps to reproduce this bug. Our is a complex flash application, it is doing lots of thing at the time of crash, like it is creating movie clip, communicating with flash communication server. I've discussed this issue on WebKit list as well, below is the link for same: http://lists.apple.com/archives/webkitsdk-dev/2006/Jun/msg00043.html. Please let me know how can I help you in solving this bug. I've put my application on FTP server as given in discussion on list. This bug has become the showstopper for us as we are in the release phase. We can make our system available on internet so that you can easily see the crash, it is very frequently happening in our application. Regards, Gurmit
Attachments
Source code in tar.bz2 format (988.13 KB, application/octet-stream)
2006-12-28 11:49 PST, David Kilzer (:ddkilzer)
no flags
Gurmit Teotia
Comment 1 2006-07-18 21:51:56 PDT
Hi, Hardware in above bug was Macintosh PowerPC not PC as selected currently. Sorry for mistake. Regards, Gurmit
Alexey Proskuryakov
Comment 2 2006-07-19 03:08:17 PDT
(In reply to comment #0) > We can make our system available on internet so that you can easily see the crash, it is very > frequently happening in our application. Yes that would definitely help (I haven't seen any directions on how to get the app from FTP in the mailing list anyway).
Gurmit Teotia
Comment 3 2006-07-20 23:19:55 PDT
(In reply to comment #2) > (In reply to comment #0) > > We can make our system available on internet so that you can easily see the crash, it is very > > frequently happening in our application. > > Yes that would definitely help (I haven't seen any directions on how to get the > app from FTP in the mailing list anyway). > ftpserver : ftpserver.einfochips.com user :thunder pwd: cooleinfo I tried to upload the file as attachement but was not able to do so. Bugzilla itself was giving me the error. To run this application you need to connect to our application server. We'll open an IP and let you know the same.
Alexey Proskuryakov
Comment 4 2006-08-02 21:24:56 PDT
I have tried several times, but couldn't download: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Entering Extended Passive Mode (|||1027|) 500 Bad EPRT protocol. 421 Service not available, remote server has closed connection.
Gurmit Teotia
Comment 5 2006-08-02 22:32:40 PDT
(In reply to comment #4) > I have tried several times, but couldn't download: > 230 Login successful. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls > 229 Entering Extended Passive Mode (|||1027|) > 500 Bad EPRT protocol. > 421 Service not available, remote server has closed connection. You're correct. Please download it using browser. It is creating problem while downloading from command prompt.
Keyur Shah
Comment 6 2006-10-27 05:44:30 PDT
Hi, We have got steps to reproduce for this issue. For that as you have discussed with Gurmit, we have kept our Server Application running on live IP'203.88.139.148'. You can connect to our Server Application using the Client application you have downloaded from our FTP server. Please let me know when it will be comfortable for you so that we can reproduce that issue and you can get some useful information regarding this crash. Regards, Keyur (In reply to comment #5) > (In reply to comment #4) > > I have tried several times, but couldn't download: > > 230 Login successful. > > Remote system type is UNIX. > > Using binary mode to transfer files. > > ftp> ls > > 229 Entering Extended Passive Mode (|||1027|) > > 500 Bad EPRT protocol. > > 421 Service not available, remote server has closed connection. > You're correct. Please download it using browser. It is creating problem while > downloading from command prompt.
Gurmit Teotia
Comment 7 2006-12-26 23:40:47 PST
We've found the workaround for this bug. It was crashing while calling [window setContentSize] and perfroming drawing operation in flash application. As clear from stack trace, crash was happening in the execution path of "null event" timer callback function so as a workaround we're just suppressing the timer while calling [window setContentSize]. Timer can be suppressed by changing the run loop mode, hence no need to change any thing in webkit. So as a solution: Change RunLoop Mode ot other then default Call [window setContentSize] Return to default mode I'll upload a sample application, in which one can easily see the crash. In that application we're loading the flash file repeatedly while changing window size. In our application we're not doing that but stack trace is same. Thanks, Gurmit
Gurmit Teotia
Comment 8 2006-12-27 00:17:34 PST
Unable to upload the attachment. Getting following error: Internal Error Bugzilla has suffered an internal error. Please save this page and send it to admin@webkit.org with details of what you were doing at the time this message appeared. URL: http://bugs.webkit.org/attachment.cgi undef error - Undefined subroutine Fh::slice at data/template/template/en/custom/global/hidden-fields.html.tmpl line 58
David Kilzer (:ddkilzer)
Comment 9 2006-12-27 07:27:28 PST
(In reply to comment #8) > Unable to upload the attachment. Getting following error: > > Internal Error > Bugzilla has suffered an internal error. Please save this page and send it to > admin@webkit.org with details of what you were doing at the time this message > appeared. > > URL: http://bugs.webkit.org/attachment.cgi > > undef error - Undefined subroutine Fh::slice at > data/template/template/en/custom/global/hidden-fields.html.tmpl line 58 Apparently admin@webkit.org is being advertised on error pages. Not sure what the above error means.
David Kilzer (:ddkilzer)
Comment 10 2006-12-27 07:28:31 PST
(In reply to comment #8) > Unable to upload the attachment. Getting following error: How big is the attachment? It may be best to just upload the source, or upload the source and the application separately.
David Kilzer (:ddkilzer)
Comment 11 2006-12-27 07:29:20 PST
Geoff has been doing some plug-in work recently, so adding him to CC list.
Geoffrey Garen
Comment 12 2006-12-27 12:18:34 PST
> Change RunLoop Mode ot other then default > Call [window setContentSize] > Return to default mode Gurmit, this work-around may not work anymore, since WebKit now fires timers in kCFRunLoopCommonModes, not just kCFRunLoopDefaultMode. Could you file a bug @ bugreporter.apple.com and attach your testcase? That interface is more lenient with big files. Please mention this bug in your summary, to help with screening. Thanks.
David Kilzer (:ddkilzer)
Comment 13 2006-12-27 14:08:07 PST
(In reply to comment #12) > Could you file a bug @ bugreporter.apple.com and attach your testcase? That > interface is more lenient with big files. Please mention this bug in your > summary, to help with screening. Thanks. If you're not an ADC member, you may create a free "online" ADC account on https://connect.apple.com/ to file the bug.
Gurmit Teotia
Comment 14 2006-12-27 22:14:49 PST
Earlier attachment size was of 3 MB. Now I was trying to upload zipped source files, which is of 1016KB size. I'm getting follwing error: Software error: DBD::mysql::st execute failed: Got a packet bigger than 'max_allowed_packet' bytes [for Statement "INSERT INTO attachments (thedata, bug_id, creation_ts, filename, description, mimetype, ispatch, isprivate, submitter_id) VALUES (?, 9841, '2006-12-27 22:02:30', 'loadflash_src.zip', 'Sample application to reproduce crash', 'application/zip', 0, 0, 4118)" with ParamValues: 0='PK.. .....9W.5............ ...loadflash/UX.ÖU.EÕU.Eõ.õ.PK........i.m5................loadflash/.DS_StoreUX.ÀX.EÞwXEõ.õ.í.ÍJÃ@..ÏÄ ©bÉÂ.Ëø.Eß ÔVèB.Üu£ö?2m¤­U.B.Í·ðiôÎÌ­¦m.uÓ¢÷.á.É=3w2a~.¨ê}ç....pê.PHÀe./. l. &. .?»â¶. ÃÌÝ.ê.¡O³..¿1RÜ6tÚné´.;½ªLzøf±î.Ewmô)y5=Oz.ÉѧÃq®'3ó..;.v?eÇü7ó©ì AYõ(. E»Ü¦.ù Iå9.Ï>Å¥¸A.|.ÔŒæ .4..Õ$x´mµ1X.×ËR;Û..;¡þ+..Æz³¥Ø2Îð..êw.©ýjÚ.kLÞAA¾¯ßô..¾}Þ+..ð{ÜŠŒ`w½i..°..õ!b?Y...'] at /Library/WebServer/hosts/bugs.webkit.org/attachment.cgi line 944 main::insert() called at /Library/WebServer/hosts/bugs.webkit.org/attachment.cgi line 94 For help, please send mail to the webmaster (admin@webkit.org), giving this error message and the time and date of the error. I was trying to login to http://bugreporter.apple.com and I was getting following error after login: Re-enter RadarWeb Exception Description Application: RadarWeb Error: java.lang.NullPointerException Reason: Stack trace: File Line# Method Package NA : Non applicable, JIT activated Any other option.
Gurmit Teotia
Comment 15 2006-12-27 22:19:31 PST
To avoid any delay, I'm sending source file in email to all guys listed in CC list.
David Kilzer (:ddkilzer)
Comment 16 2006-12-28 00:42:56 PST
(In reply to comment #14) > Earlier attachment size was of 3 MB. Now I was trying to upload zipped source > files, which is of 1016KB size. I'm getting follwing error: CCing Timothy on this bug due to the MySQL error. > I was trying to login to http://bugreporter.apple.com and I was getting > following error after login: > > Re-enter > RadarWeb Exception Description > Application: RadarWeb > Error: java.lang.NullPointerException > Reason: > Stack trace: > File Line# Method Package > NA : Non applicable, JIT activated Unfortunately, Radarweb (bugreport.apple.com) is sometimes down. I was just able to log in, but if you're still getting errors, please fill out this form: http://developer.apple.com/bugreporter/noconnect.html
Gurmit Teotia
Comment 17 2006-12-28 03:55:45 PST
> Unfortunately, Radarweb (bugreport.apple.com) is sometimes down. I was just > able to log in, but if you're still getting errors, please fill out this form: > http://developer.apple.com/bugreporter/noconnect.html Still not. I've filled the form.
David Kilzer (:ddkilzer)
Comment 18 2006-12-28 11:49:49 PST
Created attachment 12084 [details] Source code in tar.bz2 format Converted .zip archive to .tar.bz2 to upload.
Mark Rowe (bdash)
Comment 19 2007-02-13 19:52:05 PST
Is this bug WebKit rather than the Flash Player plugin? The backtrace suggests it's not.
Alexey Proskuryakov
Comment 20 2007-02-18 13:09:55 PST
The attached application would crash just because it spawns a secondary thread that calls WebKit methods - WebKit is not safe to call from threads other than the main one. However, removing the secondary thread doesn't resolve the problem. I suspect that it may be caused by the application pre-loading the Flash plugin - I have no reason to believe that this is safe to do. If there is a WebKit problem here, it should be as easily reproducible without a Flash_DisableLocalSecurity() call anyway.
Alexey Proskuryakov
Comment 21 2007-02-26 12:31:42 PST
Downgrading to P2, since it's not clear that this is a WebKit bug, and since reproducing it requires such uncommon steps. Geoff did some debugging, and verified that WebKit creates a proper plugin wrapper here. I have tried replacing the included SWF with another one, and the crash went away, even though a Flash_DisableLocalSecurity() call was still there. This casts a shadow of doubt on my hypothesis that it is not safe. On the other hand, this seems to point to the Flash plugin itself as a possible culprit.
Geoffrey Garen
Comment 22 2007-02-26 12:43:12 PST
AP and I confirmed that the application's call to Flash_DisableLocalSecurity is the key variable. Removing that call fixes the crash. (Not sure why. The crash ends up in dyld.)
Alexey Proskuryakov
Comment 23 2022-07-01 11:35:13 PDT
Mass closing plug-in bugs, as plug-in support has been removed from WebKit. Please comment and/or reopen if this still affects WebKit in some way.
Note You need to log in before you can comment on or make changes to this bug.