Bug#811106: Crash in this case is likely to be caused by ExternalInterface

Nutchanon Wetchasit Nutchanon.Wetchasit at gmail.com
Mon Jan 25 13:09:43 UTC 2016 

Control: tags -1 + upstream

Hello,

There're multiple issues with Gnash's ExternalInterface implementation.
(ExternalInterface is a module responsible for JavaScript-Flash
procedure call) Few of them were fixed in very recent Gnash's revision.

I have attempted to hook current development version of Gnash to Youtube, and
found the same problem; the video preview image is briefly shown, then
XUL plugin container crashed.

Communication log between libgnashplugin (ran under XUL plugin-container)
and gtk-gnash (which ran as a separate process) before the crash, shown that
this is very likely triggered by an attempt to pass an Object variable from
Flash to JavaScript as a return value from procedure call.

Procedure call sent from libgnashplugin to gtk-gnash:

<invoke name="getApiInterface" returntype="xml"><arguments></arguments></invoke>

Return value sent from gtk-gnash to libgnashplugin:

<object><property
id="36"><string>playVideoById</string></property><property
id="35"><string>getAvailableModules</string></property><property
id="34"><string>disableModule</string></property><property
id="33"><string>enableModule</string></property><property
id="32"><string>destroy</string></property><property
id="31"><string>setAccessToken</string></property><property
id="30"><string>getApiInterface</string></property><property
id="29"><string>setListId</string></property><property
id="28"><string>getAvailableQualityLevels</string></property><property
id="27"><string>setPlaybackQuality</string></property><property
id="26"><string>getPlaybackQuality</string></property><property
id="25"><string>getVideoEmbedCode</string></property><property
id="24"><string>getVideoUrl</string></property><property
id="23"><string>getVolume</string></property><property
id="22"><string>setVolume</string></property><property
id="21"><string>isMuted</string></property><property
id="20"><string>unMute</string></property><property
id="19"><string>mute</string></property><property
id="18"><string>addEventListener</string></property><property
id="17"><string>setSize</string></property><property
id="16"><string>getPlayerState</string></property><property
id="15"><string>getDuration</string></property><property
id="14"><string>seekTo</string></property><property
id="13"><string>getVideoStartBytes</string></property><property
id="12"><string>getVideoBytesTotal</string></property><property
id="11"><string>getVideoBytesLoaded</string></property><property
id="10"><string>getVideoLoadedFraction</string></property><property
id="9"><string>getCurrentTime</string></property><property
id="8"><string>clearVideo</string></property><property
id="7"><string>stopVideo</string></property><property
id="6"><string>pauseVideo</string></property><property
id="5"><string>playVideo</string></property><property
id="4"><string>cueVideoByUrl</string></property><property
id="3"><string>loadVideoByUrl</string></property><property
id="2"><string>loadNonYouTubeVideo</string></property><property
id="1"><string>cueVideoById</string></property><property
id="0"><string>loadVideoById</string></property></object>


Object-typed return value is known to cause libgnashplugin to crash after
few seconds (gtk-gnash itself is not crashed). See upstream bug 32411
for details:

<https://savannah.gnu.org/bugs/?32411>

The reason that this is surfaced only in recent version of Gnash is
older Gnash have a bug that prevented gtk-gnash side from responding to
JavaScript call entirely (bug 37223 <https://savannah.gnu.org/bugs/?37223>).
The bug is recently fixed, so this crash issue surfaced.

Regards,
Nutchanon Wetchasit

Gnash: 0.8.11dev (git 62cfdfe 16-Jan-2016) NPAPI
Iceweasel: 10.0.12esr-1 (debian)
System: Debian GNU/Linux 7.0 Wheezy i386

P.S. Full communication logs are also attached as a reference. YouTube URL
visited when I captured these log was
<https://www.youtube.com/watch?v=6fBd2A7xOHI>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yt.6fBd2A7xOHI.gnash0.8.11dev-62cfdfe.fromplugin.log
Type: text/x-log
Size: 340 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-flash-devel/attachments/20160125/c2efd4a3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yt.6fBd2A7xOHI.gnash0.8.11dev-62cfdfe.toplugin.log
Type: text/x-log
Size: 6255 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-flash-devel/attachments/20160125/c2efd4a3/attachment-0001.bin>

More information about the pkg-flash-devel mailing list