Bug 9841 - flash player plug-in is crashing in WebView
Summary: flash player plug-in is crashing in WebView
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 412.x
Hardware: Macintosh PowerPC OS X 10.4
: P2 Major
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-10 23:03 PDT by Gurmit Teotia
Modified: 2007-02-26 12:43 PST (History)
7 users (show)

See Also:


Attachments
Source code in tar.bz2 format (988.13 KB, application/octet-stream)
2006-12-28 11:49 PST, David Kilzer (:ddkilzer)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gurmit Teotia 2006-07-10 23:03:14 PDT
Hi,
I'm playing flash "swf" file using WebView in my application. My application is crashing randomly, below is the stack trace from gdb:

Program received signal:  "EXC_BAD_ACCESS".
(gdb) bt
#0  0x040a1840 in Flash_EnforceLocalSecurity ()
#1  0x0431902c in ?? ()
#2  0x0409d2fc in Flash_EnforceLocalSecurity ()
#3  0x0409eb30 in Flash_EnforceLocalSecurity ()
#4  0x0409fcc0 in Flash_EnforceLocalSecurity ()
#5  0x040afc64 in Flash_EnforceLocalSecurity ()
#6  0x040afdb0 in Flash_EnforceLocalSecurity ()
#7  0x04108ea4 in Flash_EnforceLocalSecurity ()
#8  0x041082fc in Flash_EnforceLocalSecurity ()
#9  0x04108ce4 in Flash_EnforceLocalSecurity ()
#10 0x040329c0 in Flash_EnforceLocalSecurity ()
#11 0x040fa930 in Flash_EnforceLocalSecurity ()
#12 0x0402f8e0 in Flash_EnforceLocalSecurity ()
#13 0x040272c0 in Flash_EnforceLocalSecurity ()
#14 0x959dbc40 in -[WebBaseNetscapePluginView sendEvent:] ()
#15 0x959dda10 in -[WebBaseNetscapePluginView sendNullEvent] ()
#16 0x9287f07c in __NSFireTimer ()
#17 0x9075df90 in __CFRunLoopDoTimer ()
#18 0x9074a908 in __CFRunLoopRun ()
#19 0x90749ebc in CFRunLoopRunSpecific ()
#20 0x93121fc0 in RunCurrentEventLoopInMode ()
#21 0x93121654 in ReceiveNextEventCommon ()
#22 0x931214c0 in BlockUntilNextEventMatchingListInMode ()
#23 0x9362a384 in _DPSNextEvent ()
#24 0x9362a048 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#25 0x936265ac in -[NSApplication run] ()
#26 0x93716e04 in NSApplicationMain ()
#27 0x00013fa8 in main (argc=1, argv=0xbffffac4) at 

It's very difficult to give the steps to reproduce this bug. Our is a complex flash application, it is doing lots of thing at the time of crash, like it is creating movie clip, communicating with flash communication server.

I've discussed this issue on WebKit list as well, below is the link for same:

http://lists.apple.com/archives/webkitsdk-dev/2006/Jun/msg00043.html.

Please let me know how can I help you in solving this bug. I've put my application on FTP server as given in discussion on list. This bug has become the showstopper for us as we are in the release phase. We can make our system available on internet so that you can easily see the crash, it is very frequently happening in our application.

Regards,
Gurmit
Comment 1 Gurmit Teotia 2006-07-18 21:51:56 PDT
Hi,
Hardware in above bug was Macintosh PowerPC not PC as selected currently.
Sorry for mistake.

Regards,
Gurmit
Comment 2 Alexey Proskuryakov 2006-07-19 03:08:17 PDT
(In reply to comment #0)
> We can make our system available on internet so that you can easily see the crash, it is very
> frequently happening in our application.

Yes that would definitely help (I haven't seen any directions on how to get the app from FTP in the mailing list anyway).
Comment 3 Gurmit Teotia 2006-07-20 23:19:55 PDT
(In reply to comment #2)
> (In reply to comment #0)
> > We can make our system available on internet so that you can easily see the crash, it is very
> > frequently happening in our application.
> 
> Yes that would definitely help (I haven't seen any directions on how to get the
> app from FTP in the mailing list anyway).
> 

ftpserver : ftpserver.einfochips.com
user :thunder
pwd: cooleinfo

I tried to upload the file as attachement but was not able to do so. Bugzilla itself was giving me the error. To run this application you need to connect to our application server. We'll open an IP and let you know the same. 
Comment 4 Alexey Proskuryakov 2006-08-02 21:24:56 PDT
I have tried several times, but couldn't download:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||1027|)
500 Bad EPRT protocol.
421 Service not available, remote server has closed connection.
Comment 5 Gurmit Teotia 2006-08-02 22:32:40 PDT
(In reply to comment #4)
> I have tried several times, but couldn't download:
> 230 Login successful.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 229 Entering Extended Passive Mode (|||1027|)
> 500 Bad EPRT protocol.
> 421 Service not available, remote server has closed connection.


You're correct. Please download it using browser. It is creating problem while downloading from command prompt.
Comment 6 Keyur Shah 2006-10-27 05:44:30 PDT
Hi,

We have got steps to reproduce for this issue. For that as you have discussed with Gurmit, we have kept our Server Application running on live IP'203.88.139.148'. 

You can connect to our Server Application using the Client application you have downloaded from our FTP server.

Please let me know when it will be comfortable for you so that we can reproduce that issue and you can get some useful information regarding this crash.

Regards,
Keyur

(In reply to comment #5)
> (In reply to comment #4)
> > I have tried several times, but couldn't download:
> > 230 Login successful.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls
> > 229 Entering Extended Passive Mode (|||1027|)
> > 500 Bad EPRT protocol.
> > 421 Service not available, remote server has closed connection.
> You're correct. Please download it using browser. It is creating problem while
> downloading from command prompt.

Comment 7 Gurmit Teotia 2006-12-26 23:40:47 PST
We've found the workaround for this bug. It was crashing while calling [window setContentSize] and perfroming drawing operation in flash application. As clear from stack trace, crash was happening in the execution path of "null event" timer callback function so as a workaround we're just suppressing the timer while calling [window setContentSize]. Timer can be suppressed by changing the run loop mode, hence no need to change any thing in webkit. So as a solution:
Change RunLoop Mode ot other then default
Call [window setContentSize]
Return to default mode

I'll upload a sample application, in which one can easily see the crash. In that application we're loading the flash file repeatedly while changing window size. In our application we're not doing that but stack trace is same.

Thanks,
Gurmit
Comment 8 Gurmit Teotia 2006-12-27 00:17:34 PST
Unable to upload the attachment. Getting following error:

Internal Error
Bugzilla has suffered an internal error. Please save this page and send it to admin@webkit.org with details of what you were doing at the time this message appeared. 

URL: http://bugs.webkit.org/attachment.cgi

undef error - Undefined subroutine Fh::slice at data/template/template/en/custom/global/hidden-fields.html.tmpl line 58  
Comment 9 David Kilzer (:ddkilzer) 2006-12-27 07:27:28 PST
(In reply to comment #8)
> Unable to upload the attachment. Getting following error:
> 
> Internal Error
> Bugzilla has suffered an internal error. Please save this page and send it to
> admin@webkit.org with details of what you were doing at the time this message
> appeared. 
> 
> URL: http://bugs.webkit.org/attachment.cgi
> 
> undef error - Undefined subroutine Fh::slice at
> data/template/template/en/custom/global/hidden-fields.html.tmpl line 58

Apparently admin@webkit.org is being advertised on error pages.  Not sure what the above error means.

Comment 10 David Kilzer (:ddkilzer) 2006-12-27 07:28:31 PST
(In reply to comment #8)
> Unable to upload the attachment. Getting following error:

How big is the attachment?  It may be best to just upload the source, or upload the source and the application separately.

Comment 11 David Kilzer (:ddkilzer) 2006-12-27 07:29:20 PST
Geoff has been doing some plug-in work recently, so adding him to CC list.

Comment 12 Geoffrey Garen 2006-12-27 12:18:34 PST
> Change RunLoop Mode ot other then default
> Call [window setContentSize]
> Return to default mode

Gurmit, this work-around may not work anymore, since WebKit now fires timers in kCFRunLoopCommonModes, not just kCFRunLoopDefaultMode.

Could you file a bug @ bugreporter.apple.com and attach your testcase? That interface is more lenient with big files. Please mention this bug in your summary, to help with screening. Thanks.
Comment 13 David Kilzer (:ddkilzer) 2006-12-27 14:08:07 PST
(In reply to comment #12)
> Could you file a bug @ bugreporter.apple.com and attach your testcase? That
> interface is more lenient with big files. Please mention this bug in your
> summary, to help with screening. Thanks.

If you're not an ADC member, you may create a free "online" ADC account on https://connect.apple.com/ to file the bug.

Comment 14 Gurmit Teotia 2006-12-27 22:14:49 PST
Earlier attachment size was of 3 MB. Now I was trying  to upload zipped source files, which is of 1016KB size. I'm getting follwing error:

Software error:

DBD::mysql::st execute failed: Got a packet bigger than 'max_allowed_packet' bytes [for Statement "INSERT INTO attachments
      (thedata, bug_id, creation_ts, filename, description,
       mimetype, ispatch, isprivate, submitter_id) 
      VALUES (?, 9841, '2006-12-27 22:02:30', 'loadflash_src.zip',
              'Sample application to reproduce crash', 'application/zip', 0,
              0, 4118)" with ParamValues: 0='PK..
.....9W.5............
...loadflash/UX.ÖU.EÕU.Eõ.õ.PK........i.m5................loadflash/.DS_StoreUX.ÀX.EÞwXEõ.õ.í.ÍJÃ@..ÏÄ ©bÉÂ.Ëø.Eß ÔVèB.Üu£ö?2m¤­U.B.Í·ðiôÎÌ­¦m.uÓ¢÷.á.É=3w2a~.¨ê}ç....pê.PHÀe./. l.	&. .?»â¶.
ÃÌÝ.ê.¡O³..¿1RÜ6tÚné´.;½ªLzøf±î.Ewmô)y5=Oz.ÉѧÃq®'3ó..;.v?eÇü7ó©ì AYõ(.
E»Ü¦.ù Iå9.Ï>Å¥¸A.|.ÔŒæ
.4..Õ$x´mµ1X.×ËR;Û..;¡þ+..Æz³¥Ø2Îð..êw.©ýjÚ.kLÞAA¾¯ßô..¾}Þ+..ð{ÜŠŒ`w½i..°..õ!b?Y...'] at /Library/WebServer/hosts/bugs.webkit.org/attachment.cgi line 944
	main::insert() called at /Library/WebServer/hosts/bugs.webkit.org/attachment.cgi line 94
For help, please send mail to the webmaster (admin@webkit.org), giving this error message and the time and date of the error.

I was trying to login to http://bugreporter.apple.com and I was getting following error after login:


Re-enter
RadarWeb	Exception Description
Application:	 RadarWeb
Error:	 java.lang.NullPointerException
Reason:	
Stack trace:	
File	Line#	Method	Package
NA : Non applicable, JIT activated


Any other option.
Comment 15 Gurmit Teotia 2006-12-27 22:19:31 PST
To avoid any delay, I'm sending source file in email to all guys listed in CC list. 
Comment 16 David Kilzer (:ddkilzer) 2006-12-28 00:42:56 PST
(In reply to comment #14)
> Earlier attachment size was of 3 MB. Now I was trying  to upload zipped source
> files, which is of 1016KB size. I'm getting follwing error:

CCing Timothy on this bug due to the MySQL error.

> I was trying to login to http://bugreporter.apple.com and I was getting
> following error after login:
> 
> Re-enter
> RadarWeb        Exception Description
> Application:     RadarWeb
> Error:   java.lang.NullPointerException
> Reason: 
> Stack trace:    
> File    Line#   Method  Package
> NA : Non applicable, JIT activated

Unfortunately, Radarweb (bugreport.apple.com) is sometimes down.  I was just able to log in, but if you're still getting errors, please fill out this form:

http://developer.apple.com/bugreporter/noconnect.html

Comment 17 Gurmit Teotia 2006-12-28 03:55:45 PST
> Unfortunately, Radarweb (bugreport.apple.com) is sometimes down.  I was just
> able to log in, but if you're still getting errors, please fill out this form:
> http://developer.apple.com/bugreporter/noconnect.html

Still not. I've filled the form.
Comment 18 David Kilzer (:ddkilzer) 2006-12-28 11:49:49 PST
Created attachment 12084 [details]
Source code in tar.bz2 format

Converted .zip archive to .tar.bz2 to upload.
Comment 19 Mark Rowe (bdash) 2007-02-13 19:52:05 PST
Is this bug WebKit rather than the Flash Player plugin?   The backtrace suggests it's not.
Comment 20 Alexey Proskuryakov 2007-02-18 13:09:55 PST
The attached application would crash just because it spawns a secondary thread that calls WebKit methods - WebKit is not safe to call from threads other than the main one.

However, removing the secondary thread doesn't resolve the problem. I suspect that it may be caused by the application pre-loading the Flash plugin - I have no reason to believe that this is safe to do. If there is a WebKit problem here, it should be as easily reproducible without a Flash_DisableLocalSecurity() call anyway.
Comment 21 Alexey Proskuryakov 2007-02-26 12:31:42 PST
Downgrading to P2, since it's not clear that this is a WebKit bug, and since reproducing it requires such uncommon steps.

Geoff did some debugging, and verified that WebKit creates a proper plugin wrapper here. 

I have tried replacing the included SWF with another one, and the crash went away, even though a Flash_DisableLocalSecurity() call was still there. This casts a shadow of doubt on my hypothesis that it is not safe. On the other hand, this seems to point to the Flash plugin itself as a possible culprit.
Comment 22 Geoffrey Garen 2007-02-26 12:43:12 PST
AP and I confirmed that the application's call to Flash_DisableLocalSecurity is the key variable. Removing that call fixes the crash. (Not sure why. The crash ends up in dyld.)