Bug 208240

Summary: crash when printing page
Product: [Fedora] Fedora Reporter: Han-Wen Nienhuys <hanwen>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: davej, dcantrell, desktop-bugs, wtogami
Target Milestone: ---Keywords: Desktop
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-05 11:31:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 208795    

Description Han-Wen Nienhuys 2006-09-27 10:03:21 UTC
Description of problem:

* firefox-1.5.0.7-3.fc6
* surf to www.paypal.com
* print page
* kaboom.

[hanwen@haring tmp]$ gdb /usr/lib/firefox-1.5.0.7/firefox-bin 
GNU gdb Red Hat Linux (6.5-8_jkratoch0.fc6rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) r
Starting program: /usr/lib/firefox-1.5.0.7/firefox-bin 
[Thread debugging using libthread_db enabled]
[New Thread -1208886528 (LWP 3778)]
[New Thread -1211155568 (LWP 3784)]
[New Thread -1225786480 (LWP 3785)]
[New Thread -1236276336 (LWP 3787)]
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
[New Thread -1247294576 (LWP 3789)]
[New Thread -1257784432 (LWP 3790)]
[Thread -1247294576 (LWP 3789) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208886528 (LWP 3778)]
IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57
57          if (fcs->ref == FC_REF_CONSTANT)
Current language:  auto; currently c
(gdb) p fcs
$1 = (FcCharSet *) 0xb70db2e8
(gdb) p *fcs
Cannot access memory at address 0xb70db2e8
(gdb) bt
#0  IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57
#1  0x054572d3 in ~nsFontMetricsPS (this=0xab46cb8) at nsFontMetricsPS.cpp:111
#2  0x05456fab in nsFontMetricsPS::Release (this=0x0) at nsFontMetricsPS.cpp:135
#3  0x006757c7 in nsFontCache::Flush (this=0xaa98270) at nsDeviceContext.cpp:715
#4  0x006758c4 in ~nsFontCache (this=0xaa98270) at nsDeviceContext.cpp:580
#5  0x0545448a in ~nsFontCachePS (this=0xaa98270) at nsDeviceContextPS.cpp:547
#6  0x00675188 in ~DeviceContextImpl (this=0xb6fa4b78) at nsDeviceContext.cpp:88
#7  0x054539d8 in ~nsDeviceContextPS (this=0xb6fa4b78) at nsDeviceContextPS.cpp:134
#8  0x00675a24 in DeviceContextImpl::Release (this=0x0) at nsDeviceContext.cpp:54
#9  0x054537f8 in nsDeviceContextPS::Release (this=0xb6fa4b78)
    at nsDeviceContextPS.cpp:179
#10 0x02d676ad in ~nsCOMPtr_base (this=<value optimized out>) at nsCOMPtr.cpp:81
#11 0x0651c652 in ~nsCOMPtr (this=0xb71b135c) at dist/include/xpcom/nsCOMPtr.h:542
#12 0x066058e4 in ~nsPrintData (this=0xb71b1358) at nsPrintData.cpp:159
#13 0x06601fb3 in nsPrintEngine::Destroy (this=0xb6f6aa80) at nsPrintEngine.cpp:283
#14 0x06519f1e in DocumentViewerImpl::OnDonePrinting (this=0xa665de0)
    at nsDocumentViewer.cpp:4141
#15 0x065fc722 in HandlePLEvent (aEvent=0xb6facfa0) at nsPrintEngine.cpp:4549
#16 0x02da8bfd in PL_HandleEvent (self=0xb6facfa0) at plevent.c:688
#17 0x02da8e86 in PL_ProcessPendingEvents (self=0x9cd30f0) at plevent.c:623
#18 0x02daa6b3 in nsEventQueueImpl::ProcessPendingEvents (this=0x9cd30a8)
    at nsEventQueue.cpp:417
#19 0x00e3ac16 in event_processor_callback (source=0x9dbf320, condition=G_IO_IN, 
    data=0x0) at nsAppShell.cpp:67
#20 0x0029494d in g_io_channel_unix_get_fd () from /lib/libglib-2.0.so.0
#21 0x0026b342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#22 0x0026e31f in g_main_context_check () from /lib/libglib-2.0.so.0
#23 0x0026e6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#24 0x027621c4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#25 0x09e01ef0 in ?? ()
#26 0x09e01ef0 in ?? ()
#27 0x00000001 in ?? ()
#28 0x00000001 in ?? ()
#29 0x00000000 in ?? ()
(gdb)

Comment 1 sean 2006-10-05 01:12:44 UTC
firefox-1.5.0.7-5.fc6.x86_64

Any page will do. Ask.com. google, etc.

The page does print, but ff segfaults immediately.

Comment 2 Han-Wen Nienhuys 2006-10-05 11:31:09 UTC
Seems fixed now (firefox-1.5.0.7-5.fc6)


Comment 3 Jesse Keating 2006-10-27 11:06:54 UTC
But not when PANGO is disabled.  We need this fixed with pango disabled.

Comment 4 Christopher Aillon 2006-10-27 17:38:48 UTC
Not going to respin for the pango disabled case, since it is not the default in
Core.  The fix for the non-pango case is already committed upstream to the
branch, so the non-pango case will be fixed when we pull in 1.5.0.8.

Comment 5 Christopher Aillon 2006-10-31 16:26:08 UTC
*** Bug 213275 has been marked as a duplicate of this bug. ***