flashplugin crashes in chromium with RGBA enabled

Bug #584959 reported by Omer Akram on 2010-05-24
70
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Chromium Browser
Unknown
Unknown
chromium-browser (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
gtk+2.0 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned

Bug Description

with the gtk version in maverick flashplugin in chromium-browser crashes whenever a page containing flash contents is opened.

Sebastien Bacher (seb128) wrote :

could be a flash issue too

Changed in gtk+2.0 (Ubuntu):
importance: Undecided → Low
Fabien Tassin (fta) wrote :

indeed, regression in gtk. most probably the same causing bug 584287.

$ chromium-browser --user-data-dir=/tmp/xxx --sync http://googlecode.blogspot.com/

Gdk-ERROR **: The program 'exe' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadMatch (invalid parameter attributes)'.
  (Details: serial 428 error_code 8 request_code 142 minor_code 3)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
aborting...
[10483:10483:87860331286:ERROR:chrome/browser/tab_contents/tab_contents.cc(1946)] Not implemented reached in virtual void TabContents::OnCrashedPlugin(const FilePath&) convert plugin path to plugin name
[10483:10483:87860344652:ERROR:chrome/browser/tab_contents/tab_contents.cc(1946)] Not implemented reached in virtual void TabContents::OnCrashedPlugin(const FilePath&) convert plugin path to plugin name
[10483:10483:87860353367:ERROR:chrome/browser/tab_contents/tab_contents.cc(1946)] Not implemented reached in virtual void TabContents::OnCrashedPlugin(const FilePath&) convert plugin path to plugin name

Cody Russell (bratsche) on 2010-05-24
Changed in gtk+2.0 (Ubuntu):
assignee: nobody → Cody Russell (bratsche)
status: New → In Progress
Fabien Tassin (fta) wrote :

@bratsche: just tried without debian/patches/064_client_side_decoration.patch in gtk and it fixes the issue.

Omer Akram (om26er) wrote :

this used to happen in Lucid's development cycle too. with the version of gtk from ubuntu desktop team ppa

tags: added: gtk-csd
Bertrand Croq (bcroq) wrote :

When chromium is run with XLIB_SKIP_ARGB_VISUALS=1 there is no crash.

On Sat, 2010-05-29 at 16:01 +0000, Bertrand Croq wrote:
> When chromium is run with XLIB_SKIP_ARGB_VISUALS=1 there is no crash.
I can confirm this.

Eddie Ringle (eddie.ringle) wrote :

Been wondering why Flash has been crashing left and right for me in Chromium (doesn't crash in Firefox). Finally Google returned this bug. I can happily say that running it with XLIB_SKIP_ARGB_VISUALS=1 as stated above solves the issue.

Eddie Ringle (eddie.ringle) wrote :

Actually, this looks to be a flash issue that has regressed:
https://launchpad.net/ubuntu/+source/flashplugin-nonfree/+bug/14911

Fabien Tassin (fta) wrote :

Committed a workaround in chromium (set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper) in the .head branch.
It will be visible in the next valid daily build tomorrow and elsewhere next time i update the other branches.

Changed in chromium-browser (Ubuntu):
importance: Undecided → Medium
status: New → Fix Committed

Hi folks,

We (Chromium) would appreciate it if you report Chromium bugs to us. Fixing it within Ubuntu doesn't help our many other users (e.g. Fedora). It's really easy -- first hit on Google if you search for [chromium bug tracker] and uses the same login as gmail.

I converted this bug into one upstream:
http://code.google.com/p/chromium/issues/detail?id=45998

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released

Hi,

considering http://www.adobe.com/support/security/advisories/apsa10-01.html

I would suggest that work be lessened on this 'bug' and increased on getting
the rc version out quickly and available for people sooner, rather than
later. For those on 64bit, there does not, alas, to be a quick answer.

http://ubuntuforums.org/showpost.php?p=9428825&postcount=16

<http://ubuntuforums.org/showpost.php?p=9428825&postcount=16>Regards,

Phill.

On Thu, Jun 10, 2010 at 6:43 PM, Omer Akram <email address hidden> wrote:

> ** Also affects: chromium-browser via
> http://code.google.com/p/chromium/issues/detail?id=45998
> Importance: Unknown
> Status: Unknown
>
> --
> flashplugin crashes in chromium with RGBA enabled
> https://bugs.launchpad.net/bugs/584959
> You received this bug notification because you are a member of Lubuntu
> Packages Team, which is subscribed to chromium-browser in ubuntu.
>
> Status in Chromium Browser: Unknown
> Status in “chromium-browser” package in Ubuntu: Fix Released
> Status in “gtk+2.0” package in Ubuntu: In Progress
>
> Bug description:
> with the gtk version in maverick flashplugin in chromium-browser crashes
> whenever a page containing flash contents is opened.
>
>
>

Fabien Tassin (fta) wrote :

The XLIB_SKIP_ARGB_VISUALS workaround introduced a regression (ugly black background when you drag a tab).
See http://code.google.com/p/chromium/issues/detail?id=46439

Jamie Strandboge (jdstrand) wrote :

chromium-broswer has been accepted into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in chromium-browser (Ubuntu Lucid):
status: New → Fix Committed
importance: Undecided → Medium
Changed in gtk+2.0 (Ubuntu Lucid):
importance: Undecided → Low
tags: added: verification-needed
Omer Akram (om26er) wrote :

Lucid is not using the patched gtk with csd and argb so there is no point in patching lucid's chromium as it brings in a regression with it.

Sebastien Bacher (seb128) wrote :

lucid doesn't have rgba in gtk

Changed in gtk+2.0 (Ubuntu Lucid):
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :

Marking as verification-done then, so this doesn't block the SRU. Thanks for the feedback.

tags: added: verification-done
removed: verification-needed
Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Invalid → Fix Released
Cody Russell (bratsche) on 2010-10-15
Changed in gtk+2.0 (Ubuntu):
assignee: Cody Russell (bratsche) → nobody
Changed in gtk+2.0 (Ubuntu Maverick):
assignee: Cody Russell (bratsche) → nobody
status: In Progress → Invalid
Changed in gtk+2.0 (Ubuntu):
status: In Progress → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.