Flash Player plugin in OI Hipster

I have installed Firefox 37 and added Flash Player plugin.The plugin plays music good, but trying to play video it crashes. Let’s try to know what’s going on with plugin at the moment of crash. First, find out process ID.

1552  /usr/lib/firefox37/lib/firefox-37.0/firefox.exe
1577  /usr/lib/firefox37/lib/firefox-37.0/plugin-container /usr/lib/firef

Then run truss for the process and look at the last strings.

truss -p 1577

/3:     lwp_park(0x00000000, 0)                         = 0
/1:     lwp_unpark(3)                                   = 0
/3:     open(«/dev/cpu/self/cpuid», O_RDONLY)           = 18
/10:    clock_gettime(4, 0xF25FEC08)                    = 0
/3:     ioctl(18, ((‘c'<<24)|(‘i'<<16)|(‘d'<<8 ) | 0), 0xF45EEE08) = 0
/3:     close(18)                                       = 0
/3:         Incurred fault #6, FLTBOUNDS  %pc = 0xF5195DC2
/3:           siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
/3:         Received signal #11, SIGSEGV [default]
/3:           siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014

The process crashed after it had found out information about the processor. Now look at the core file.

mdb core
mdb: core file data for mapping at ef4a0000 not saved: Bad address
mdb: core file data for mapping at ef6e0000 not saved: Bad address
mdb: core file data for mapping at f19c0000 not saved: Bad address
mdb: core file data for mapping at f1de0000 not saved: Bad address
mdb: core file data for mapping at f23a0000 not saved: Bad address
mdb: core file data for mapping at f2780000 not saved: Bad address
Loading modules: [ libc.so.1 libuutil.so.1 libnvpair.so.1 ld.so.1 ]
> $C
f45eede8 0xf5195dc2(f261c000, 280, b4, 280, 280, f1a85010)
f45eee48 0xf51745e9(8046550, 280, b4, f45eeeb0, 280, 280)
f45eeed8 0xf4e02645(f4272700, 8046550, 0, b4)
f45eef08 0xf4b7d181(f4209070, fef5a000, f45eef88, f49aa20e)
f45eef88 0xf49aa236(f4209078, 0, 0, 0)
f45eefa8 0xf49aa290(f4209078, 62, f7dc12a0, fef5a000)
f45eefc8 0xf49a9f50(f4209078, 0, 0, 0)
f45eefe8 libc.so.1`_thrp_setup+0x88(f7dc1240)
f45eeff8 libc.so.1`_lwp_start(f7dc1240, 0, 0, 0, 0, 0)

ioctl gets address 0xF45EEE08 and one of the stack backtrace functions gets 0xF45EEEB0(0xF45EEE08+4). Perhaps, the error was during analysis of data from ioctl.
The structure is decribed in usr/src/uts/common/sys/cpuid_drv.h
The problem is that at 13 dec 2012 the structure from this file was changed, but the plugin was not.

Current version:
struct cpuid_get_hwcap {
char *cgh_archname;
uint_t cgh_hwcap[2];

Previous version:
struct cpuid_get_hwcap {
char *cgh_archname;
uint_t cgh_hwcap;

To play video by flash player plugin we can write a wrapper for ioctl function. The content of 2.c file is below.

#include <stdio.h>
#include <sys/types.h>
#include <stdarg.h>
#include <dlfcn.h>
typedef struct cpuid_get_hwcap_old {
char *cgh_archname;
uint_t cgh_hwcap;
} *s_cpuid_get_hwcap_old;

static int (*real_ioctl)(int fildes, int request, /* arg */ …) = 0;

int ioctl(int fildes, int request, /* arg */ …){
va_list args;
va_start(args, request);
s_cpuid_get_hwcap_old ps = va_arg(args, s_cpuid_get_hwcap_old);
if (request==((‘c'<<24)|(‘i'<<16)|(‘d'<<8 )|0) ){
ps->cgh_hwcap = 0x40435c6f;
printf(«123\nps=%s\n», ps->cgh_archname);
return 0;
real_ioctl = dlsym(RTLD_NEXT, «ioctl»);

asm(«addl    $36, %%esp\n\t»
«popl    %%ebx\n\t»
«popl    %%ebp\n\t»
«movl %0, %%eax\n\t»
«jmp *%%eax»:: «r»(real_ioctl));

return -1;

gcc  -c -fPIC 2.c
gcc -shared -fPIC -o 2.so 2.o
sudo cp 2.so /usr/lib/firefox37/lib/firefox-37.0/
sudo mv /usr/lib/firefox37/lib/firefox-37.0/plugin-container /usr/lib/firefox37/lib/firefox-37.0/plugin-container_old

and create file /usr/lib/firefox37/lib/firefox-37.0/plugin-container with this content
export LD_LIBRARY_PATH=/usr/lib/firefox37/lib/firefox-37.0/
export LD_PRELOAD=2.so
/usr/lib/firefox37/lib/firefox-37.0/plugin-container_old $@

Now plugin can play video.

Download 2.so

Andrey Sokolov

PS — the source code of 2.so library is far from perfect. Some day I’ll improve it.

Speak Your Mind