Firefox opens new popup window when leaving any page with swfdec content

Bug #250769 reported by litemotiv on 2008-07-22
32
Affects Status Importance Assigned to Milestone
Mozilla Firefox
Fix Released
High
XULRunner
Fix Released
Critical
firefox-3.0 (Ubuntu)
Undecided
Unassigned
Nominated for Intrepid by nullack
swfdec0.6 (Ubuntu)
Undecided
Unassigned
Nominated for Intrepid by nullack
xulrunner-1.9 (Gentoo Linux)
Invalid
Undecided
Unassigned
xulrunner-1.9 (Ubuntu)
Undecided
Unassigned
Nominated for Intrepid by nullack

Bug Description

Ubuntu Intrepid Development
firefox-3.0 3.0.1+build1+nobinonly-0ubuntu1
libswfdec-0.7-0 0.7.2-1

When leaving any page containing swfdec rendered content, Firefox opens a new popup window containing the flash object. In some cases, trying to close this popup results in a Firefox crash/shutdown.

Screenshot: http://ubuntuforums.org/attachment.php?attachmentid=78194&d=1216421312

Created attachment 322523
gdb bt full with a debug build of firefox 3.0 RC1

*** Bug 435838 has been marked as a duplicate of this bug. ***

Made a full debug build of firefox 3 RC2 with today git swfdec:
 - http://www.leparisien.fr seems not to crash anymore.
 - http://www.universfreebox.com/article5360.html hangs the whole firefox process.

I'm keen to try out swfdec, but I haven't found a revision of
git://swfdec.freedesktop.org/git/swfdec/swfdec in the last few days that compiles.

Can someone recommend a revision/tag that I should use, please?

BTW, the current issue is:
cc1: warnings being treated as errors
swfdec_init.c: In function 'swfdec_init':
swfdec_init.c:68: warning: implicit declaration of function 'strtoul'
swfdec_init.c:68: warning: nested extern declaration of 'strtoul'

Uh yeah, you're in a kind of peculiar situation here as you need to run a development version, and those set -Werror (and no, I'm not going into a discussion of why this is the best thing people should do). In theory, git master should work (and definitely compile) fine, as there's enough developers running it every day. If there's issues, poke me on IRC and I'll fix them immediately.

That said, if you still want the easy path, export CFLAGS=-Wno-error when building swfdec and swfdec-mozilla. That gets rid of the "warnings being treated as errors" thing.

Thanks to Benjamin, I now have swfdec-mozilla compiled (and producing some
nice effects when Mozilla doesn't crash).

The crash is happening because sometimes ws_info is not set up (in
nsObjectFrame::CallSetWindow()) and so it contains zeros when used in
nsPluginInstanceOwner::Paint().

The crash happens for plugins that are instantiated through
nsObjectFrame::Instantiate(nsIChannel* aChannel, nsIStreamListener** aStreamListener)
rather than
nsObjectFrame::Instantiate(const char* aMimeType, nsIURI* aURI)
as only the later does CallSetWindow() (and I don't know why that is).

With attachment 324576, gfxXlibNativeRenderer::Draw almost never uses its dpy
argument and so the crash reduces to

###!!! ASSERTION: Visual changed: colormap may not match: 'ws_info->visual == visual', file /home/karl/moz/mozilla/layout/generic/nsObjectFrame.cpp, line 4207

but still no useful info is available in ws_info for the plugin.

I can reproduce the assertion when scrolling to the first windowless plugin on
http://www.universfreebox.com/article5360.html, or on http://movies.yahoo.com/.

Created attachment 324752
move ws_info set up from nsObjectFrame::CallSetWindow() to nsPluginInstanceOwner::CreateWidget()

This is one way to solve the problem.
Perhaps another is to set up in nsObjectFrame::FixupWindow, or perhaps both
nsObjectFrame::Instantiate methods (or neither) should do CallSetWindow();

The build here has this patch and attachment 324576, for those who would like something that works:

https://build.mozilla.org/tryserver-builds/2008-06-11_23:<email address hidden>/

(I'll see if I can work out why the Instantiate methods differ.)

Is this a common way to view flash on linux? Or are people just using the official macromedia one?

(In reply to comment #9)

The bug is being hit because newer versions of swfdec have windowless support.

https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/239182

The macromedia plugin will hit the same bug when it has wmode support.

(I don't know how many users use use swfdec or gnash or the macromedia plugin [with nspluginwrapper for 64-bit].)

(In reply to comment #8)
A better build with attachment 324914 (which fixes the plugin height) and attachment 324752:

https://build.mozilla.org/tryserver-builds/2008-06-12_19:<email address hidden>/

Similar problem seen in Adobe Flash Player. Most notable with http://movies.yahoo.com/ . Tracked by Adobe internal issue 228012.

This will happen with any windowless plugin when the mime type is determined from using the URL in the data attribute rather than from the
type attribute, which now happens for object elements (bug 95549).
I guess there would be the same problem if the type attribute were not included in an embed element.

Created attachment 327742
move ws_info set up from nsObjectFrame::CallSetWindow()

nsPluginInstanceOwner::CreateWidget() is a good place to set up the display because that is where the plugin "becomes" windowless, and the display should not change.

The right place to set up the Colormap is in nsPluginInstanceOwner::Renderer::NativeDraw() where the Visual is known.

To avoid the need to hunt for the Visual on the Display to find the
Screen for selecting a Colormap, this changes the Display* argument of gfxXlibNativeRenderer::NativeDraw to a Screen*.

This also makes the treatment of CAIRO_XLIB_DRAWING_SUPPORTS_NONDEFAULT_VISUAL in _create_temp_xlib_surface consistent with that in _draw_with_xlib_direct.
i.e. when not set the visual must be the default visual of the screen used,
but need not be the default visual of the fallback dpy specified.

Reported by Adobe Flash Player users:
http://nvidia.com/
http://www.bbc.co.uk/
I reproduced these crashes by loading the pages and then maximizing the browser frame. The crash appears to come from libxul.so.

I'm seeing an almost identical crash with latest Adobe Flash Player on my own personal blog, which is fixed by Karl's test build. I can reproduce 100% on latest nightly by scrolling down the page.
http://crash-stats.mozilla.com/report/index/ec6a48d1-4a4b-11dd-b681-001cc45a2ce4 and http://crash-stats.mozilla.com/report/index/d95b1702-4a4c-11dd-a703-001cc45a2ce4 are two of my crashes from a nightly.

I think my bug #442115 is a duplicate of this with some additional information as to what is causing this.

*** Bug 442115 has been marked as a duplicate of this bug. ***

FindColormapForVisual and the other colormap-getting machinery should move into gfxNativeRenderer as discussed. Otherwise looks great. (X suuuuucks!)

Created attachment 328287
move ws_info set up from nsObjectFrame::CallSetWindow() v4.1

(In reply to comment #19)
> FindColormapForVisual and the other colormap-getting machinery should move into
> gfxNativeRenderer as discussed.

Done.

Requesting blocking 1.9.0.2 because both swfdec and Adobe now have
windowless-capable Flash plugins available (though Adobe's at least is still in
beta), and moonlight also has a windowless plugin.

The number of affected sites is hard to estimate as there is a race condition between reflow and plugin instantiation, but definitely high enough that we can expect plenty of users to hit this when they upgrade their plugin versions.

Confirmed the latest patch fixes this issue with the moonlight plugin and our testcases.

@karlt, The patch doesn't appear to apply cleanly with any version of patch tho, dunno whats going on with that.

Created attachment 328388
move ws_info set up from nsObjectFrame::CallSetWindow() v4.1.1

Correct patch line counts. (Same code.)

(In reply to comment #22)
> The patch doesn't appear to apply cleanly with any version of patch
> tho, dunno whats going on with that.

Thanks for testing, Geoff. Sorry about the patch. Emacs diff-mode sometimes (but I don't know exactly when) doesn't update line counts and I forgot to check that.

Download full text (4.1 KiB)

Created attachment 328437
include gdk/gdkscreen.h in system-headers

for:

/tools/gcc/bin/g++ -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wcast-align -Wno-long-long -pedantic -gstabs+ -fno-strict-aliasing -fshort-wchar -pthread -pipe -DNDEBUG -DTRIMMED -Os -freorder-blocks -fno-reorder-functions -finline-limit=50 -fPIC -shared -Wl,-z,defs -Wl,-h,libxul.so -o libxul.so nsStaticXULComponents.o nsUnicharUtils.o nsCompressedCharMap.o nsBidiUtils.o nsRDFResource.o -lpthread -Wl,-rpath-link,../../dist/bin -Wl,--whole-archive ../../embedding/browser/gtk/src/libgtkembedmoz.a ../../toolkit/xre/libxulapp_s.a ../../staticlib/components/libxpconnect.a ../../staticlib/components/libnecko.a ../../staticlib/components/libuconv.a ../../staticlib/components/libi18n.a ../../staticlib/components/libchardet.a ../../staticlib/components/libjar50.a ../../staticlib/components/libpref.a ../../staticlib/components/libcaps.a ../../staticlib/components/libhtmlpars.a ../../staticlib/components/libimglib2.a ../../staticlib/components/libgklayout.a ../../staticlib/components/libdocshell.a ../../staticlib/components/libembedcomponents.a ../../staticlib/components/libwebbrwsr.a ../../staticlib/components/libnsappshell.a ../../staticlib/components/libtxmgr.a ../../staticlib/components/libchrome.a ../../staticlib/components/libcommandlines.a ../../staticlib/components/libtoolkitcomps.a ../../staticlib/components/libpipboot.a ../../staticlib/components/libpipnss.a ../../staticlib/components/libgkplugin.a ../../staticlib/components/libmozfind.a ../../staticlib/components/libappcomps.a ../../staticlib/components/libunixproxy.a ../../staticlib/components/libxpinstall.a ../../staticlib/components/libjsd.a ../../staticlib/components/libautoconfig.a ../../staticlib/components/libauth.a ../../staticlib/components/libcookie.a ../../staticlib/components/libpermissions.a ../../staticlib/components/libuniversalchardet.a ../../staticlib/components/libcomposer.a ../../staticlib/components/librdf.a ../../staticlib/components/libwindowds.a ../../staticlib/components/libintlapp.a ../../staticlib/components/libfileview.a ../../staticlib/components/libstoragecomps.a ../../staticlib/components/libplaces.a ../../staticlib/components/libtkautocomplete.a ../../staticlib/components/libsatchel.a ../../staticlib/components/libpippki.a ../../staticlib/components/libucvmath.a ../../staticlib/components/libwidget_gtk2.a ../../staticlib/components/libsystem-pref.a ../../staticlib/components/libgkgfxthebes.a ../../staticlib/components/libaccessibility.a ../../staticlib/components/libremoteservice.a ../../staticlib/components/libspellchecker.a ../../staticlib/components/libzipwriter.a ../../staticlib/libxpcom_core.a ../../staticlib/libucvutil_s.a ../../staticlib/libgkgfx.a ../../staticlib/libgfxshared_s.a ../../staticlib/libmozreg_s.a ../../staticlib/libmorkreader_s.a ../../staticlib/libgtkxtbin.a ../../staticlib/libgfxpsshar.a ../../staticlib/libthebes.a -Wl,--no-whole-archive -L../../dist/lib -lsqlite3 -L../../dist/bin -L../../dist/lib -L../../dist/bin -L../../dist/lib -L../../jpeg -lmozjpeg -L../../mo...

Read more...

Another consistent crasher: http://skoda-auto.cz/

Please use the build here:

http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2008-07-08-02-mozilla-central/

It includes the fix for this bug
(and resolves the crash on http://skoda-auto.cz/).

Awesome. Works great with all of the problem URLs. Thanks.

*** Bug 445043 has been marked as a duplicate of this bug. ***

*** Bug 445202 has been marked as a duplicate of this bug. ***

Can we get a test for this before landing in 1.9.0?

(In reply to comment #31)
Automated testing depends on having a windowless plugin in our source tree
(bug 386144).

I've manually tested this patch with Swfdec on the problem sites reported
here, Geoff Norton has tested the Moonlight plugin (comment #22) on their
testcases (including attachment attachment 326988), and Mike Melanson has
tested the Adobe plugin (comment #28).

Comment on attachment 328388
move ws_info set up from nsObjectFrame::CallSetWindow() v4.1.1

Approved for 1.9.0.2. Please land in CVS. a=ss

Comment on attachment 328437
include gdk/gdkscreen.h in system-headers

Approved for 1.9.0.2. Please land in CVS. a=ss

No blocking, but wanted (and the patches are already approved).

litemotiv (nospam-capstone) wrote :

Ubuntu Intrepid Development
firefox-3.0 3.0.1+build1+nobinonly-0ubuntu1
libswfdec-0.7-0 0.7.2-1

When leaving any page containing swfdec rendered content, Firefox opens a new popup window containing the flash object. In some cases, trying to close this popup results in a Firefox crash/shutdown.

Screenshot: http://ubuntuforums.org/attachment.php?attachmentid=78194&d=1216421312

Comment on attachment 328388
move ws_info set up from nsObjectFrame::CallSetWindow() v4.1.1

checked into cvs with attachment 328437:

http://bonsai.mozilla.org/cvsquery.cgi?module=PhoenixTinderbox&branch=HEAD&cvsroot=%2Fcvsroot&date=explicit&mindate=1216938963&maxdate=1216939084&who=karlt%2B%25karlt.net

nullack (nullack) wrote :

Confirmed - problem has existed on Intrepid Alphas for sometime now. The "phantom" window is a nuisance and if closed, unwantingly effects firefox.

Changed in firefox-3.0:
status: New → Confirmed

This bug also affects epiphany-gecko accordingly.

Saying as this affects ephy as well, this is in xulrunner.

Changed in xulrunner-1.9:
status: New → Incomplete
Changed in firefox-3.0:
status: Confirmed → Invalid
Changed in xulrunner-1.9:
status: Incomplete → Confirmed
Saša Bodiroža (jazzva) wrote :

Hello,

Are you using nspluginwrapper? It seems to me that this was happening with nspluginwrapper 1.0.0. Version 1.1.0 should fix this bug, and it's available in Intrepid. If you are using nspluginwrapper, please upgrade it, and report if it works. Thank you.

You don't need nspluginwrapper for swfdec. Atleast I don't have it installed.

Richard Eames (naddiseo) wrote :

I'm using nspluginwrapper 1.1.0, Flash works but when the tab is closed a phantom window is created then closes. Tested on youtube.

litemotiv (nospam-capstone) wrote :

I'm not using nspluginwrapper here either, just swfdec.

I see the same behavior with both swfdec and Adobe Flash Player. Running a tar-install of Firefox with the Ubuntu installed plugins does not behave like this.

Confirmed in Intrepid running the latest updates. Fixed it by running:

  sudo apt-get remove --purge nspluginwrapper
  sudo apt-get install flashplugin-nonfree

Changed in firefox:
status: Unknown → Confirmed

On Sat, Aug 30, 2008 at 06:18:18PM -0000, Stefan Friesel wrote:
> You don't need nspluginwrapper for swfdec. Atleast I don't have it
> installed.
>

this is a swfdec bug imo.

 affects ubuntu/swfdec0.6
 status new
 affects ubuntu/firefox-3.0
 status invalid
 affects ubuntu/xulrunner-1.9
 status confirmed

 - Alexander

Alexander Sack (asac) wrote :

On Mon, Sep 01, 2008 at 06:48:39AM -0000, Allan Willems Joergensen wrote:
> I see the same behavior with both swfdec and Adobe Flash Player. Running
> a tar-install of Firefox with the Ubuntu installed plugins does not
> behave like this.
>

to fix the adobe problem you should install the latest nspluginwrapper
from intrepid and --reinstall flashplugin-nonfree then.

 - Alexander

litemotiv (nospam-capstone) wrote :

"this is a swfdec bug imo"

That's a no for me Alexander, i have been using different versions of swfdec on Archlinux and never encounterered this problem there.

nullack (nullack) wrote :

I have not been able to replicate this bug in sometime. Im moving it to fix released. Please re-open if anyone is able to replicate the problem on a current Intrepid build (not old revisions.)

Changed in xulrunner-1.9:
status: Confirmed → Fix Released
Changed in swfdec0.6:
status: New → Fix Released
Changed in xulrunner-1.9:
status: Confirmed → Invalid

This was indeed fixed in XULRunner 1.9.0.3.

Changed in xulrunner:
status: Unknown → Fix Released
Changed in firefox:
status: Confirmed → Fix Released
Changed in firefox:
importance: Unknown → High
Changed in xulrunner:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.