Bug 55780

Summary: REGRESSION (r79863): platform/win/plugins/draws-gradient.html crashing in WindowedPluginTest::staticWndProc on Windows 7 Release (WebKit2 Tests)
Product: WebKit Reporter: Jessie Berlin <jberlin>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: andersca, aroben, jberlin
Priority: P2 Keywords: InRadar, LayoutTestFailure, PlatformOnly, Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: Windows 7   

Description Jessie Berlin 2011-03-04 09:01:12 PST 
http://build.webkit.org/results/Windows%207%20Release%20(WebKit2%20Tests)/r80350%20(3727)/results.html

I am not yet sure when this started (it has be crashing for at least a day now), but it should probably be added to the WebKit2 Windows Skipped list for now (until it can be investigated further).
Comment 1 Jessie Berlin 2011-03-04 09:57:16 PST 
Added to the skip list in http://trac.webkit.org/changeset/80363
Comment 2 Jessie Berlin 2011-03-04 09:59:40 PST 
<rdar://problem/9087600>
Comment 3 Adam Roben (:aroben) 2011-03-18 01:33:15 PDT 
This is happening to platform/win/plugins/window-geometry-initialized-before-set-window.html now. This makes me think the previous test, draws-gradient.html, is the actual culprit.

http://build.webkit.org/results/Windows%207%20Release%20(WebKit2%20Tests)/r81444%20(4259)/platform/win/plugins/window-geometry-initialized-before-set-window-crash-log.txt
Comment 4 Adam Roben (:aroben) 2011-03-18 01:35:34 PDT 
I can't reproduce the crash.
Comment 5 Adam Roben (:aroben) 2011-03-18 01:35:58 PDT 
I think this crash indicates that we aren't calling NPP_SetWindow with a null HWND before destroying the plugin.
Comment 6 Adam Roben (:aroben) 2011-03-18 02:10:51 PDT 
In fact, draws-gradient.html is the only test that uses the WindowedPluginTest class, so it has to be the problem!
Comment 7 Adam Roben (:aroben) 2011-03-18 02:13:43 PDT 
Switched to skipping draws-gradient.html

Committed r81455: <http://trac.webkit.org/changeset/81455>
Comment 8 Adam Roben (:aroben) 2011-04-05 12:01:56 PDT 
I think the crash is due to bug 47009.
Comment 9 Adam Roben (:aroben) 2011-04-05 13:16:04 PDT 
My guess is that r79863, which made WebKitTestRunner force all tests to paint, made the crash start happening. But I'm still pretty sure the crash is ultimately due to bug 47009.
Comment 10 Adam Roben (:aroben) 2011-04-06 09:35:09 PDT 
Rolling out r79863 doesn't make the crash go away, so I guess that part of my theory is incorrect.
Comment 11 Adam Roben (:aroben) 2011-04-06 09:51:10 PDT 
Did not crash:
http://build.webkit.org/old-results/Windows%207%20Release%20(WebKit2%20Tests)/r79859%20%283524%29/results.html

Did crash:
http://build.webkit.org/old-results/Windows%207%20Release%20(WebKit2%20Tests)/r80175%20%283652%29/results.html

All test runs in between those exited early due to crashes in FrameView::paintOverhangAreas.
Comment 12 Adam Roben (:aroben) 2011-04-06 09:58:52 PDT 
(In reply to comment #10)
> Rolling out r79863 doesn't make the crash go away, so I guess that part of my theory is incorrect.

Whoops, I forgot to remove the WKViewSetIsInWindow(true) call that r79863 added. Removing that does make the crash go away (because the plugin is never started).
Comment 13 Adam Roben (:aroben) 2011-04-06 11:33:50 PDT 
This test crashes in Firefox, too.
Comment 14 Adam Roben (:aroben) 2011-04-06 11:39:26 PDT 
To reproduce in Firefox:

1. Copy npTestNetscapePlugin.dll to C:\Program Files\Mozilla Firefox\plugins
2. Open draws-gradient.html in Firefox
3. Reload

Here's the Firefox backtrace, for posterity:


>	npTestNetscapePlugin.dll!WindowedPluginTest::staticWndProc(HWND__ * hwnd=0x00180798, unsigned int message=24, unsigned int wParam=0, long lParam=0)  Line 66 + 0x1a bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchClientMessage@20()  + 0x4d bytes	
 	user32.dll!___fnDWORD@4()  + 0x24 bytes	
 	ntdll.dll!_KiUserCallbackDispatcher@12()  + 0x13 bytes	
 	user32.dll!_NtUserDestroyWindow@4()  + 0xc bytes	
 	xul.dll!mozilla::plugins::PPluginInstanceChild::OnCallReceived(const IPC::Message & __msg={...}, IPC::Message * & __reply=0x00000000)  Line 1865 + 0x12 bytes	C++
 	xul.dll!mozilla::plugins::PPluginModuleChild::OnCallReceived(const IPC::Message & __msg={...}, IPC::Message * & __reply=0x00000000)  Line 574 + 0xb bytes	C++
 	xul.dll!mozilla::ipc::RPCChannel::DispatchIncall(const IPC::Message & call={...})  Line 513	C++
 	xul.dll!mozilla::ipc::RPCChannel::Incall(const IPC::Message & call={...}, unsigned int stackDepth=0)  Line 499	C++
 	xul.dll!mozilla::ipc::RPCChannel::OnMaybeDequeueOne()  Line 429 + 0xf bytes	C++
 	xul.dll!MessageLoop::RunTask(Task * task=0x00000000)  Line 344	C++
 	xul.dll!MessageLoop::DeferOrRunPendingTask(const MessageLoop::PendingTask & pending_task={...})  Line 354	C++
 	xul.dll!MessageLoop::DoWork()  Line 451 + 0x7 bytes	C++
 	xul.dll!base::MessagePumpForUI::DoRunLoop()  Line 213 + 0x7 bytes	C++
 	xul.dll!base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate * delegate=0x00000000, base::MessagePumpWin::Dispatcher * dispatcher=0x0012f9d8)  Line 54	C++
 	xul.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate=0x0012fe80)  Line 78 + 0xc bytes	C++
 	xul.dll!MessageLoop::RunInternal()  Line 219 + 0x9 bytes	C++
 	xul.dll!MessageLoop::RunHandler()  + 0x1d792f bytes	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!XRE_InitChildProcess(int aArgc=10, char * * aArgv=0x008153d0, GeckoProcessType aProcess=GeckoProcessType_Plugin)  Line 519	C++
 	plugin-container.exe!wmain(int argc=1, wchar_t * * argv=0x00801c00)  Line 128 + 0x33 bytes	C++
 	plugin-container.exe!__tmainCRTStartup()  Line 591 + 0x19 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes
Comment 15 Adam Roben (:aroben) 2011-04-06 11:51:11 PDT 

*** This bug has been marked as a duplicate of bug 47009 ***