[chromium-bugs] Issue 21569 in chromium: Crash in NPP_NewStream due to reentrancy into Flash.

codesite-noreply Thu, 10 Sep 2009 23:43:57 -0700

Status: Assigned
Owner: [email protected]
CC: [email protected]
Labels: Type-Bug Pri-2 OS-All Area-Plugins Size-Medium Crash


New issue 21569 by [email protected]: Crash in NPP_NewStream due to  
reentrancy into Flash.
http://code.google.com/p/chromium/issues/detail?id=21569

Found by Chromebot. It does not happen so often.

Reports:

http://chromebot/buildsummary?id=buildbot_25837_ext
http://chromebot/buildsummary?id=buildbot_25626_ext


chrome_2610000!NPAPI::PluginInstance::NPP_NewStream+0xcc
[c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_instance.cc @ 230]
chrome_2610000!NPAPI::PluginStream::Open+0x30b [c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_stream.cc @ 66]
chrome_2610000!NPAPI::PluginStreamUrl::DidReceiveResponse+0x28
[c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_stream_url.cc @ 53]
chrome_2610000!WebPluginDelegateStub::OnDidReceiveResponse+0x34
[c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\webplugin_delegate_stub.cc @ 186]
chrome_2610000!IPC::MessageWithTuple<Tuple1<PluginMsg_DidReceiveResponsePar
ams> >::Dispatch<WebPluginDelegateStub,void (__thiscall
WebPluginDelegateStub::*)(PluginMsg_DidReceiveResponseParams const &)>+0x4e
[c:\b\slave\chromium-rel-xp\build\src\ipc\ipc_message_utils.h @ 999]
chrome_2610000!WebPluginDelegateStub::OnMessageReceived+0x8d
[c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\webplugin_delegate_stub.cc @ 87]
chrome_2610000!MessageRouter::RouteMessage+0x33 [c:\b\slave\chromium-rel-
xp\build\src\chrome\common\message_router.cc @ 41]
chrome_2610000!PluginChannelBase::OnMessageReceived+0x44
[c:\b\slave\chromium-rel-xp\build\src\chrome\plugin\plugin_channel_base.cc
@ 116]
chrome_2610000!PluginChannel::OnMessageReceived+0x90 [c:\b\slave\chromium-
rel-xp\build\src\chrome\plugin\plugin_channel.cc @ 86]
chrome_2610000!RunnableMethod<ProfileWriter,void (__thiscall
ProfileWriter::*)(GURL const &),Tuple1<GURL> >::Run+0x17
[c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 307]
chrome_2610000!MessageLoop::RunTask+0x7e [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 315]
chrome_2610000!MessageLoop::DoWork+0x1ea [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 437]
chrome_2610000!base::MessagePumpForUI::DoRunLoop+0x5a [c:\b\slave\chromium-
rel-xp\build\src\base\message_pump_win.cc @ 210]
chrome_2610000!base::MessagePumpWin::Run+0x40 [c:\b\slave\chromium-rel-
xp\build\src\base\message_pump_win.h @ 78]
chrome_2610000!MessageLoop::RunInternal+0xc0 [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 199]
chrome_2610000!MessageLoop::RunHandler+0x59 [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 175]
chrome_2610000!MessageLoop::Run+0x3d [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 156]
chrome_2610000!IPC::SyncChannel::WaitForReplyWithNestedMessageLoop+0x89
[c:\b\slave\chromium-rel-xp\build\src\ipc\ipc_sync_channel.cc @ 433]
chrome_2610000!IPC::SyncChannel::WaitForReply+0xca [c:\b\slave\chromium-
rel-xp\build\src\ipc\ipc_sync_channel.cc @ 420]
chrome_2610000!IPC::SyncChannel::SendWithTimeout+0x161
[c:\b\slave\chromium-rel-xp\build\src\ipc\ipc_sync_channel.cc @ 398]
chrome_2610000!IPC::SyncChannel::Send+0x10 [c:\b\slave\chromium-rel-
xp\build\src\ipc\ipc_sync_channel.cc @ 362]
chrome_2610000!PluginChannelBase::Send+0x63 [c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\plugin_channel_base.cc @ 99]
chrome_2610000!PluginChannel::Send+0x9a [c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\plugin_channel.cc @ 77]
chrome_2610000!NPObjectProxy::NPInvokePrivate+0x202 [c:\b\slave\chromium-
rel-xp\build\src\chrome\plugin\npobject_proxy.cc @ 205]
chrome_2610000!`anonymous namespace'::NPN_InvokePatch+0x22
[c:\b\slave\chromium-rel-xp\build\src\chrome\plugin\npobject_util.cc @ 41]
NPSWF32!unuse_netscape_plugin_Plugin+0x784f
NPSWF32!unuse_netscape_plugin_Plugin+0x7937
NPSWF32!DllUnregisterServer+0x1631
chrome_2610000!NPAPI::PluginInstance::NPP_NewStream+0xcc
[c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_instance.cc @ 230]
chrome_2610000!NPAPI::PluginStream::Open+0x30b [c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_stream.cc @ 66]
chrome_2610000!NPAPI::PluginStreamUrl::DidReceiveResponse+0x28
[c:\b\slave\chromium-rel-
xp\build\src\webkit\glue\plugins\plugin_stream_url.cc @ 53]
chrome_2610000!WebPluginDelegateStub::OnDidReceiveResponse+0x34
[c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\webplugin_delegate_stub.cc @ 186]
chrome_2610000!IPC::MessageWithTuple<Tuple1<PluginMsg_DidReceiveResponsePar
ams> >::Dispatch<WebPluginDelegateStub,void (__thiscall
WebPluginDelegateStub::*)(PluginMsg_DidReceiveResponseParams const &)>+0x4e
[c:\b\slave\chromium-rel-xp\build\src\ipc\ipc_message_utils.h @ 999]
chrome_2610000!WebPluginDelegateStub::OnMessageReceived+0x8d
[c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\webplugin_delegate_stub.cc @ 87]
chrome_2610000!MessageRouter::RouteMessage+0x33 [c:\b\slave\chromium-rel-
xp\build\src\chrome\common\message_router.cc @ 41]
chrome_2610000!PluginChannelBase::OnMessageReceived+0x44
[c:\b\slave\chromium-rel-xp\build\src\chrome\plugin\plugin_channel_base.cc
@ 116]
chrome_2610000!PluginChannel::OnMessageReceived+0x90 [c:\b\slave\chromium-
rel-xp\build\src\chrome\plugin\plugin_channel.cc @ 86]
chrome_2610000!RunnableMethod<ProfileWriter,void (__thiscall
ProfileWriter::*)(GURL const &),Tuple1<GURL> >::Run+0x17
[c:\b\slave\chromium-rel-xp\build\src\base\task.h @ 307]
chrome_2610000!MessageLoop::RunTask+0x7e [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 315]
chrome_2610000!MessageLoop::DoWork+0x1ea [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 437]
chrome_2610000!base::MessagePumpForUI::DoRunLoop+0x5a [c:\b\slave\chromium-
rel-xp\build\src\base\message_pump_win.cc @ 210]
chrome_2610000!base::MessagePumpWin::Run+0x40 [c:\b\slave\chromium-rel-
xp\build\src\base\message_pump_win.h @ 78]
chrome_2610000!MessageLoop::RunInternal+0xc0 [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 199]
chrome_2610000!MessageLoop::RunHandler+0x59 [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 175]
chrome_2610000!MessageLoop::Run+0x3d [c:\b\slave\chromium-rel-
xp\build\src\base\message_loop.cc @ 156]
chrome_2610000!PluginMain+0x5c1 [c:\b\slave\chromium-rel-
xp\build\src\chrome\plugin\plugin_main.cc @ 148]
chrome_2610000!ChromeMain+0x696 [c:\b\slave\chromium-rel-
xp\build\src\chrome\app\chrome_dll_main.cc @ 564]
chrome!wWinMain+0x2fd [c:\b\slave\chromium-rel-
xp\build\src\chrome\app\chrome_exe_main.cc @ 104]
chrome!__tmainCRTStartup+0x176
[f:\sp\vctools\crt_bld\self_x86\crt\src\crt0.c @ 324]

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

[chromium-bugs] Issue 21569 in chromium: Crash in NPP_NewStream due to reentrancy into Flash.

Reply via email to