Bug 55780

Summary: REGRESSION (r79863): platform/win/plugins/draws-gradient.html crashing in WindowedPluginTest::staticWndProc on Windows 7 Release (WebKit2 Tests)
Product: WebKit Reporter: Jessie Berlin <jberlin>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: andersca, aroben, jberlin
Priority: P2 Keywords: InRadar, LayoutTestFailure, PlatformOnly, Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: Windows 7   

Jessie Berlin
Reported 2011-03-04 09:01:12 PST
http://build.webkit.org/results/Windows%207%20Release%20(WebKit2%20Tests)/r80350%20(3727)/results.html I am not yet sure when this started (it has be crashing for at least a day now), but it should probably be added to the WebKit2 Windows Skipped list for now (until it can be investigated further).
Attachments
Add attachment proposed patch, testcase, etc.
Jessie Berlin
Comment 1 2011-03-04 09:57:16 PST
Added to the skip list in http://trac.webkit.org/changeset/80363
Jessie Berlin
Comment 2 2011-03-04 09:59:40 PST
<rdar://problem/9087600>
Adam Roben (:aroben)
Comment 3 2011-03-18 01:33:15 PDT
This is happening to platform/win/plugins/window-geometry-initialized-before-set-window.html now. This makes me think the previous test, draws-gradient.html, is the actual culprit. http://build.webkit.org/results/Windows%207%20Release%20(WebKit2%20Tests)/r81444%20(4259)/platform/win/plugins/window-geometry-initialized-before-set-window-crash-log.txt
Adam Roben (:aroben)
Comment 4 2011-03-18 01:35:34 PDT
I can't reproduce the crash.
Adam Roben (:aroben)
Comment 5 2011-03-18 01:35:58 PDT
I think this crash indicates that we aren't calling NPP_SetWindow with a null HWND before destroying the plugin.
Adam Roben (:aroben)
Comment 6 2011-03-18 02:10:51 PDT
In fact, draws-gradient.html is the only test that uses the WindowedPluginTest class, so it has to be the problem!
Adam Roben (:aroben)
Comment 7 2011-03-18 02:13:43 PDT
Switched to skipping draws-gradient.html Committed r81455: <http://trac.webkit.org/changeset/81455>
Adam Roben (:aroben)
Comment 8 2011-04-05 12:01:56 PDT
I think the crash is due to bug 47009.
Adam Roben (:aroben)
Comment 9 2011-04-05 13:16:04 PDT
My guess is that r79863, which made WebKitTestRunner force all tests to paint, made the crash start happening. But I'm still pretty sure the crash is ultimately due to bug 47009.
Adam Roben (:aroben)
Comment 10 2011-04-06 09:35:09 PDT
Rolling out r79863 doesn't make the crash go away, so I guess that part of my theory is incorrect.
Adam Roben (:aroben)
Comment 11 2011-04-06 09:51:10 PDT
Did not crash: http://build.webkit.org/old-results/Windows%207%20Release%20(WebKit2%20Tests)/r79859%20%283524%29/results.html Did crash: http://build.webkit.org/old-results/Windows%207%20Release%20(WebKit2%20Tests)/r80175%20%283652%29/results.html All test runs in between those exited early due to crashes in FrameView::paintOverhangAreas.
Adam Roben (:aroben)
Comment 12 2011-04-06 09:58:52 PDT
(In reply to comment #10) > Rolling out r79863 doesn't make the crash go away, so I guess that part of my theory is incorrect. Whoops, I forgot to remove the WKViewSetIsInWindow(true) call that r79863 added. Removing that does make the crash go away (because the plugin is never started).
Adam Roben (:aroben)
Comment 13 2011-04-06 11:33:50 PDT
This test crashes in Firefox, too.
Adam Roben (:aroben)
Comment 14 2011-04-06 11:39:26 PDT
To reproduce in Firefox: 1. Copy npTestNetscapePlugin.dll to C:\Program Files\Mozilla Firefox\plugins 2. Open draws-gradient.html in Firefox 3. Reload Here's the Firefox backtrace, for posterity: > npTestNetscapePlugin.dll!WindowedPluginTest::staticWndProc(HWND__ * hwnd=0x00180798, unsigned int message=24, unsigned int wParam=0, long lParam=0) Line 66 + 0x1a bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchClientMessage@20() + 0x4d bytes user32.dll!___fnDWORD@4() + 0x24 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserDestroyWindow@4() + 0xc bytes xul.dll!mozilla::plugins::PPluginInstanceChild::OnCallReceived(const IPC::Message & __msg={...}, IPC::Message * & __reply=0x00000000) Line 1865 + 0x12 bytes C++ xul.dll!mozilla::plugins::PPluginModuleChild::OnCallReceived(const IPC::Message & __msg={...}, IPC::Message * & __reply=0x00000000) Line 574 + 0xb bytes C++ xul.dll!mozilla::ipc::RPCChannel::DispatchIncall(const IPC::Message & call={...}) Line 513 C++ xul.dll!mozilla::ipc::RPCChannel::Incall(const IPC::Message & call={...}, unsigned int stackDepth=0) Line 499 C++ xul.dll!mozilla::ipc::RPCChannel::OnMaybeDequeueOne() Line 429 + 0xf bytes C++ xul.dll!MessageLoop::RunTask(Task * task=0x00000000) Line 344 C++ xul.dll!MessageLoop::DeferOrRunPendingTask(const MessageLoop::PendingTask & pending_task={...}) Line 354 C++ xul.dll!MessageLoop::DoWork() Line 451 + 0x7 bytes C++ xul.dll!base::MessagePumpForUI::DoRunLoop() Line 213 + 0x7 bytes C++ xul.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate * delegate=0x00000000, base::MessagePumpWin::Dispatcher * dispatcher=0x0012f9d8) Line 54 C++ xul.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate=0x0012fe80) Line 78 + 0xc bytes C++ xul.dll!MessageLoop::RunInternal() Line 219 + 0x9 bytes C++ xul.dll!MessageLoop::RunHandler() + 0x1d792f bytes C++ xul.dll!MessageLoop::Run() Line 177 C++ xul.dll!XRE_InitChildProcess(int aArgc=10, char * * aArgv=0x008153d0, GeckoProcessType aProcess=GeckoProcessType_Plugin) Line 519 C++ plugin-container.exe!wmain(int argc=1, wchar_t * * argv=0x00801c00) Line 128 + 0x33 bytes C++ plugin-container.exe!__tmainCRTStartup() Line 591 + 0x19 bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes
Adam Roben (:aroben)
Comment 15 2011-04-06 11:51:11 PDT
*** This bug has been marked as a duplicate of bug 47009 ***
Note You need to log in before you can comment on or make changes to this bug.