My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 115: CEF crashes on certain flash related javascript
2 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Nov 2010


Sign in to add a comment
 
Reported by ad...@enesce.com, Aug 30, 2010
What steps will reproduce the problem?
I have copied the original page which is causing the issue. The page loads fine in normal browsers, but not CEF.
1. Using any CEF test browser, go to http://enesce.com/lockerz/testpage/play.htm
2. Once the page has loaded, application will crash with an access violation
3. It appears to be coming from the swfobject code in "a_003.js" @ above URL.

What is the expected output? What do you see instead?
Expecting the page to be displayed, but getting an access violation or complete application crash.
I tested using the cefclient.exe that comes with CEF, and using my own implementation, both have the problem.

What version of the product are you using? On what operating system?
Latest CEF binaries, Vista x64.

Please provide any additional information below.


access violation at 0x666F3C85: read of address 0x000009B0
:666f3c85 ; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

666F3C80 A1D031B866       mov eax,[$66b831d0]
666F3C85 83B8B009000003   cmp dword ptr [eax+$000009b0],$03
666F3C8C 7522             jnz $666f3cb0
666F3C8E 80B9A508000000   cmp byte ptr [ecx+$000008a5],$00
666F3C95 7519             jnz $666f3cb0
666F3C97 8B80AC090000     mov eax,[eax+$000009ac]
666F3C9D 50               push eax
666F3C9E E88DD22600       call $66960f30
666F3CA3 83C404           add esp,$04
666F3CA6 85C0             test eax,eax
666F3CA8 7506             jnz $666f3cb0
666F3CAA B801000000       mov eax,$00000001
666F3CAF C3               ret 
666F3CB0 33C0             xor eax,eax
666F3CB2 C3               ret 

Aug 30, 2010
Project Member #1 magreenb...@gmail.com
This is a crash in Flash player. Try upgrading to the latest Flash player and see if that resolves the issue.
Aug 30, 2010
#2 ad...@enesce.com
I am using the latest Flash version: 10,1,82,76.
As I mentioned, it works fine everywhere except in CEF; which leads me to believe it is a CEF bug, right?
Aug 30, 2010
Project Member #3 magreenb...@gmail.com
Does the crash occur with the Chromium test_shell application?

1) Build test_shell with the Chromium HEAD revision and see if the problem is fixed
there.  If so, then it will likely be fixed with the next CEF update.

2) If it's still broken in Chromium HEAD then search the Chromium bug lists to see if anyone has reported the problem.  If you don't find an existing bug then create a Chromium bug for it.  If you find or create a Chromium bug for this issue please add a link here so that we can track the resolution.


Aug 31, 2010
#5 ad...@enesce.com
It is crashing in the latest test_shell too.

https://code.google.com/p/chromium/issues/detail?id=53932
Oct 14, 2010
#6 ad...@enesce.com
Well, months later and they still haven't helped.
Oct 14, 2010
#7 ptom...@gmail.com
yes,many url will make cef crashed
when can resolve this bug?
Oct 16, 2010
#9 ad...@enesce.com
I did some debugging myself and I found the following code actually fixes swfobject pages from crashing, you need to manually inject this javascript into the page and execute it before the DOM loads...
    var o = document.createElement("object");
    o.type = "application/x-shockwave-flash";
    document.getElementsByTagName("body")[0].appendChild(o);
Nov 16, 2010
Project Member #10 magreenb...@gmail.com
The crash is fixed in Chromium revision 66269.
Status: Accepted
Nov 16, 2010
Project Member #11 magreenb...@gmail.com
The crash is fixed in CEF revision 138.

Status: Fixed
Sign in to add a comment

Powered by Google Project Hosting