Bug 162406

Summary: Firefox crashes on some pages
Product: [Fedora] Fedora Reporter: Daniel Malmgren <dm>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: blizzard, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-20 09:58:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Malmgren 2005-07-04 08:19:33 UTC 
Description of problem:
Lately Firefox crashes on some pages. It's no randomness involved, the pages
that crashes, always crashes. One example is
http://dev.gentoo.org/~spock/projects/gensplash/changelog.php

Version-Release number of selected component (if applicable):
firefox-1.0.4-5

Additional info:
I don't know exactly when this behaviour started, but it hasn't been like this
for many days.
Backtrace follows:
GNU gdb Red Hat Linux (6.3.0.0-0.1rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/li bthread_db.so.1".

(gdb) run
Starting program: /usr/lib/firefox-1.0.4/firefox-bin
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
[Thread debugging using libthread_db enabled]
[New Thread -1220450624 (LWP 3269)]
[New Thread -1226519632 (LWP 3274)]

(firefox-bin:3269): Gdk-WARNING **: gdk_property_get(): length value has wrapped
in calculati on (did you pass G_MAXLONG?)
[New Thread -1252107344 (LWP 3275)]
[New Thread -1260500048 (LWP 3276)]
[New Thread -1271514192 (LWP 3277)]
[New Thread -1279906896 (LWP 3278)]
[New Thread -1288299600 (LWP 3279)]
UA: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.8) Gecko/20050623
Fedora/1.0.4-5 Firefox/1.0.4:, extra:  Firefox/1.0.4
[New Thread -1302332496 (LWP 3280)]
[New Thread -1310725200 (LWP 3281)]
[Thread -1302332496 (LWP 3280) exited]
[New Thread -1302332496 (LWP 3282)]
[Thread -1310725200 (LWP 3281) exited]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1220450624 (LWP 3269)]
0xb65221ff in nsFontMetricsPango::CacheFontMetrics (this=0x891bf98)
    at nsFontMetricsPango.cpp:341
341         mEmAscent = nscoord(mMaxAscent * mEmHeight / lineHeight);
(gdb) bt
#0  0xb65221ff in nsFontMetricsPango::CacheFontMetrics (this=0x891bf98)
    at nsFontMetricsPango.cpp:341
#1  0xb6523c98 in nsFontMetricsPango::Init (this=0x891bf98, aFont=@0x891b120,
    aLangGroup=0x82f6e10, aContext=0x0) at nsFontMetricsPango.cpp:276
#2  0xb7154314 in nsFontCache::GetMetricsFor (this=0x85d8cb8, aFont=@0x891b120,
    aLangGroup=0x82f6e10, aMetrics=@0xbfffc0e0) at nsDeviceContext.cpp:630
#3  0xb715533e in DeviceContextImpl::GetMetricsFor (this=0x86c0408,
aFont=@0x891b120,
    aLangGroup=0x82f6e10, aMetrics=@0xbfffc0e0) at nsDeviceContext.cpp:305
#4  0xb575e12c in nsHTMLReflowState::CalcLineHeight (aPresContext=0x88c9030,
    aRenderingContext=0x883f4f8, aFrame=0x0) at nsHTMLReflowState.cpp:2155
#5  0xb57487b2 in nsBlockReflowState (this=0xbfffc18c, aReflowState=@0xbfffc4d8,
    aPresContext=0x88c9030, aFrame=0x89d36c8, aMetrics=@0xbfffc5d0,
aBlockMarginRoot=0)
    at nsBlockReflowState.cpp:167
#6  0xb5745cf1 in nsBlockFrame::Reflow (this=0x89d36c8, aPresContext=0x88c9030,
    aMetrics=@0xbfffc5d0, aReflowState=@0xbfffc4d8, aStatus=@0xbfffc6d0)
    at nsBlockFrame.cpp:680
#7  0xb574804c in nsBlockReflowContext::ReflowBlock (this=0xbfffc58c,
aSpace=@0xbfffc6a4,
    aApplyTopMargin=1, aPrevBottomMargin=@0xbfffc958, aIsAdjacentWithTop=0,
    aComputedOffsets=@0xbfffc694, aFrameRS=@0xbfffc4d8,
aFrameReflowStatus=@0xbfffc6d0)
    at nsBlockReflowContext.cpp:546
#8  0xb574483a in nsBlockFrame::ReflowBlockFrame (this=0x89d3364,
aState=@0xbfffc8f8, aLine=
      {mCurrent = 0x89d3930}, aKeepReflowGoing=0xbfffc8b0) at nsBlockFrame.cpp:3068
#9  0xb5744cba in nsBlockFrame::ReflowLine (this=0x89d3364, aState=@0xbfffc8f8,
aLine=
      {mCurrent = 0x89d3930}, aKeepReflowGoing=0xbfffc8b0, aDamageDirtyArea=0)
    at nsBlockFrame.cpp:2334
#10 0xb5745309 in nsBlockFrame::ReflowDirtyLines (this=0x89d3364,
aState=@0xbfffc8f8)
    at nsBlockFrame.cpp:2097
#11 0xb5745f21 in nsBlockFrame::Reflow (this=0x89d3364, aPresContext=0x88c9030,
    aMetrics=@0xbfffcd3c, aReflowState=@0xbfffcc44, aStatus=@0xbfffce3c)
    at nsBlockFrame.cpp:815
#12 0xb574804c in nsBlockReflowContext::ReflowBlock (this=0xbfffccf8,
aSpace=@0xbfffce10,
    aApplyTopMargin=1, aPrevBottomMargin=@0xbfffd0c4, aIsAdjacentWithTop=0,
    aComputedOffsets=@0xbfffce00, aFrameRS=@0xbfffcc44,
aFrameReflowStatus=@0xbfffce3c)
    at nsBlockReflowContext.cpp:546
#13 0xb574483a in nsBlockFrame::ReflowBlockFrame (this=0x89cb480,
aState=@0xbfffd064, aLine=
      {mCurrent = 0x89d461c}, aKeepReflowGoing=0xbfffd01c) at nsBlockFrame.cpp:3068
#14 0xb5744cba in nsBlockFrame::ReflowLine (this=0x89cb480, aState=@0xbfffd064,
aLine=
      {mCurrent = 0x89d461c}, aKeepReflowGoing=0xbfffd01c, aDamageDirtyArea=0)
    at nsBlockFrame.cpp:2334
#15 0xb5745309 in nsBlockFrame::ReflowDirtyLines (this=0x89cb480,
aState=@0xbfffd064)
    at nsBlockFrame.cpp:2097
#16 0xb5745f21 in nsBlockFrame::Reflow (this=0x89cb480, aPresContext=0x88c9030,
    aMetrics=@0xbfffd4a8, aReflowState=@0xbfffd3b0, aStatus=@0xbfffd5a8)
    at nsBlockFrame.cpp:815
#17 0xb574804c in nsBlockReflowContext::ReflowBlock (this=0xbfffd464,
aSpace=@0xbfffd57c,
    aApplyTopMargin=0, aPrevBottomMargin=@0xbfffd830, aIsAdjacentWithTop=1,
    aComputedOffsets=@0xbfffd56c, aFrameRS=@0xbfffd3b0,
aFrameReflowStatus=@0xbfffd5a8)
    at nsBlockReflowContext.cpp:546
#18 0xb574483a in nsBlockFrame::ReflowBlockFrame (this=0x89cae00,
aState=@0xbfffd7d0, aLine=
      {mCurrent = 0x89d4748}, aKeepReflowGoing=0xbfffd788) at nsBlockFrame.cpp:3068
#19 0xb5744cba in nsBlockFrame::ReflowLine (this=0x89cae00, aState=@0xbfffd7d0,
aLine=
      {mCurrent = 0x89d4748}, aKeepReflowGoing=0xbfffd788, aDamageDirtyArea=1)
    at nsBlockFrame.cpp:2334
#20 0xb5745309 in nsBlockFrame::ReflowDirtyLines (this=0x89cae00,
aState=@0xbfffd7d0)
    at nsBlockFrame.cpp:2097
#21 0xb5745f21 in nsBlockFrame::Reflow (this=0x89cae00, aPresContext=0x88c9030,
    aMetrics=@0xbfffdc14, aReflowState=@0xbfffdb1c, aStatus=@0xbfffdd14)
    at nsBlockFrame.cpp:815
#22 0xb574804c in nsBlockReflowContext::ReflowBlock (this=0xbfffdbd0,
aSpace=@0xbfffdce8,
    aApplyTopMargin=1, aPrevBottomMargin=@0xbfffdf9c, aIsAdjacentWithTop=1,
    aComputedOffsets=@0xbfffdcd8, aFrameRS=@0xbfffdb1c,
aFrameReflowStatus=@0xbfffdd14)
    at nsBlockReflowContext.cpp:546
#23 0xb574483a in nsBlockFrame::ReflowBlockFrame (this=0x89cac04,
aState=@0xbfffdf3c, aLine=
      {mCurrent = 0x89caec4}, aKeepReflowGoing=0xbfffdef4) at nsBlockFrame.cpp:3068
#24 0xb5744cba in nsBlockFrame::ReflowLine (this=0x89cac04, aState=@0xbfffdf3c,
aLine=
      {mCurrent = 0x89caec4}, aKeepReflowGoing=0xbfffdef4, aDamageDirtyArea=1)
    at nsBlockFrame.cpp:2334
#25 0xb5745309 in nsBlockFrame::ReflowDirtyLines (this=0x89cac04,
aState=@0xbfffdf3c)
    at nsBlockFrame.cpp:2097
#26 0xb5745f21 in nsBlockFrame::Reflow (this=0x89cac04, aPresContext=0x88c9030,
    aMetrics=@0xbfffe23c, aReflowState=@0xbfffe188, aStatus=@0xbfffe4cc)
    at nsBlockFrame.cpp:815
#27 0xb574cbfd in nsContainerFrame::ReflowChild (this=0x883ad08,
aKidFrame=0x89cac04,
    aPresContext=0x88c9030, aDesiredSize=@0xbfffe23c, aReflowState=@0xbfffe188,
aX=0, aY=0,
    aFlags=0, aStatus=@0xbfffe4cc) at nsContainerFrame.cpp:967
#28 0xb575d172 in CanvasFrame::Reflow (this=0x883ad08, aPresContext=0x88c9030,
    aDesiredSize=@0xbfffe45c, aReflowState=@0xbfffe2f8, aStatus=@0xbfffe4cc)
    at nsHTMLFrame.cpp:552
#29 0xb5805d3d in nsBoxToBlockAdaptor::Reflow (this=0x89c9b58, aState=@0xbfffe798,
    aPresContext=0x88c9030, aDesiredSize=@0xbfffe45c, aReflowState=@0xbfffe894,
    aStatus=@0xbfffe4cc, aX=0, aY=0, aWidth=19050, aHeight=13155, aMoveFrame=1)
    at nsBoxToBlockAdaptor.cpp:878
#30 0xb580600b in nsBoxToBlockAdaptor::DoLayout (this=0x89c9b58, aState=@0xbfffe798)
    at nsBoxToBlockAdaptor.cpp:626
#31 0xb57fe95b in nsBox::Layout (this=0x89c9b58, aState=@0xbfffe798) at
nsBox.cpp:1014
#32 0xb57fd835 in nsScrollBoxFrame::DoLayout (this=0x883af34, aState=@0xbfffe798)
    at nsScrollBoxFrame.cpp:335
#33 0xb57fe95b in nsBox::Layout (this=0x883af68, aState=@0xbfffe798) at
nsBox.cpp:1014
#34 0xb5806b41 in nsContainerBox::LayoutChildAt (aState=@0xbfffe798, aBox=0x883af68,
    aRect=@0xbfffe6ac) at nsContainerBox.cpp:650
#35 0xb5759209 in nsGfxScrollFrameInner::LayoutBox (this=0x89c36c0,
aState=@0xbfffe798,
    aBox=0x883af68, aRect=@0xbfffe6ac) at nsGfxScrollFrame.cpp:1264
#36 0xb575aa9d in nsGfxScrollFrameInner::Layout (this=0x89c36c0, aState=@0xbfffe798)
    at nsGfxScrollFrame.cpp:1417
#37 0xb575b394 in nsGfxScrollFrame::DoLayout (this=0x883ae2c, aState=@0xbfffe798)
    at nsGfxScrollFrame.cpp:1272
#38 0xb57fe95b in nsBox::Layout (this=0x883ae60, aState=@0xbfffe798) at
nsBox.cpp:1014
#39 0xb5802ef2 in nsBoxFrame::Reflow (this=0x883ae2c, aPresContext=0x88c9030,
    aDesiredSize=@0xbfffe9fc, aReflowState=@0xbfffe894, aStatus=@0xbfffeb54)
    at nsBoxFrame.cpp:865
#40 0xb5758ffb in nsGfxScrollFrame::Reflow (this=0x883ae2c, aPresContext=0x88c9030,
    aDesiredSize=@0xbfffe9fc, aReflowState=@0xbfffe894, aStatus=@0xbfffeb54)
    at nsGfxScrollFrame.cpp:870
#41 0xb574cbfd in nsContainerFrame::ReflowChild (this=0x883ac10,
aKidFrame=0x883ae2c,
    aPresContext=0x88c9030, aDesiredSize=@0xbfffe9fc, aReflowState=@0xbfffe894,
aX=0, aY=0,
    aFlags=0, aStatus=@0xbfffeb54) at nsContainerFrame.cpp:967
#42 0xb579a815 in ViewportFrame::Reflow (this=0x883ac10, aPresContext=0x88c9030,
    aDesiredSize=@0xbfffeb94, aReflowState=@0xbfffea88, aStatus=@0xbfffeb54)
    at nsViewportFrame.cpp:248
#43 0xb577ed7a in IncrementalReflow::Dispatch (this=0xbfffebe0,
aPresContext=0x88c9030,
    aDesiredSize=@0xbfffeb94, aMaxSize=@0xbfffec10, aRendContext=@0x883f4f8)
    at nsPresShell.cpp:896
#44 0xb5788276 in PresShell::ProcessReflowCommands (this=0x831e6a0,
aInterruptible=1)
    at nsPresShell.cpp:6397
#45 0xb578b026 in ReflowEvent::HandleEvent (this=0x89cdde0) at nsPresShell.cpp:6223
#46 0xb5788367 in HandlePLEvent (aEvent=0x89cdde0) at nsPresShell.cpp:6239
#47 0xb7edcada in PL_HandleEvent (self=0x89cdde0) at plevent.c:673
#48 0xb7edcf7a in PL_ProcessPendingEvents (self=0x8199808) at plevent.c:608
#49 0xb7ede2f5 in nsEventQueueImpl::ProcessPendingEvents (this=0x81997c0)
    at nsEventQueue.cpp:398
#50 0xb707bca8 in event_processor_callback (source=0x81d1930, condition=G_IO_IN,
    data=0x81997c0) at nsAppShell.cpp:67
#51 0xb783f89c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#52 0xb7818b2e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#53 0xb781bb36 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#54 0xb781be23 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#55 0xb7bcdc85 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#56 0xb707c0ec in nsAppShell::Run (this=0x80e1b58) at nsAppShell.cpp:142
#57 0xb718683f in nsAppShellService::Run (this=0x8196c70) at
nsAppShellService.cpp:494
#58 0x08051965 in xre_main (argc=1, argv=0xbffff8d4, aAppData=0x8065014)
    at nsAppRunner.cpp:1925
#59 0x0804dbbd in main (argc=1, argv=0xbffff8d4) at nsBrowserApp.cpp:59
#60 0xb747edd6 in __libc_start_main () from /lib/libc.so.6
#61 0x0804db19 in _start ()
Comment 1 Michael Schwendt 2005-07-19 20:40:14 UTC 
Duplicate of bug 161576.
Comment 2 Daniel Malmgren 2005-07-20 09:58:07 UTC 
(In reply to comment #1)
> Duplicate of bug 161576.

Yep, seems so.

*** This bug has been marked as a duplicate of 161576 ***