Bug 245444

Summary: *** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invalid pointer: 0x0000000002b73f50 ***
Product: [Fedora] Fedora Reporter: Nicolas Mailhot <nicolas.mailhot>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: hdegoede, pascal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-11 04:06:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 235703    

Description Nicolas Mailhot 2007-06-23 09:50:08 UTC 
Description of problem:
Firefox freezes xhen asked to display a popup or any other secondary window
(download prompt, preferences, etc)

Version-Release number of selected component (if applicable):

firefox-2.0.0.4-2.fc8.x86_64

How reproducible:
Always

Steps to Reproduce:
Do any action that requires displaying a non-browsing window
  
Actual results:

Firefox freeze

Additional info:

$ firefox
*** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invalid
pointer: 0x0000000002b73f50 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3d34070412]
/lib64/libc.so.6(cfree+0x8c)[0x3d34073b1c]
/usr/lib64/firefox-2.0.0.4/components/libgfx_gtk.so[0x2aaaad530c6e]
/usr/lib64/firefox-2.0.0.4/components/libgfx_gtk.so[0x2aaaad5497fe]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac95fe2f]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac960902]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac99e236]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca74491]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca86376]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac97f728]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbacb57]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbaee0c]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb2684]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb2ff7]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb516d]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbac8f6]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf44eae]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf40cf6]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf40d8c]
/usr/lib64/libgtk-x11-2.0.so.0[0x371115fef1]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x109)[0x3c92e0b099]
/lib64/libgobject-2.0.so.0[0x3c92e1bb07]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x628)[0x3c92e1cd58]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x3c92e1d173]
/usr/lib64/libgtk-x11-2.0.so.0[0x3711281bfe]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main_do_event+0x435)[0x3711158cd5]
/usr/lib64/libgdk-x11-2.0.so.0[0x3710832efa]
/usr/lib64/libgdk-x11-2.0.so.0(gdk_window_process_all_updates+0x8b)[0x371083313b]
/usr/lib64/libgdk-x11-2.0.so.0[0x3710833199]
/usr/lib64/libgdk-x11-2.0.so.0[0x371081a5be]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1c3)[0x3c92a2ee63]
/lib64/libglib-2.0.so.0[0x3c92a3215d]
/lib64/libglib-2.0.so.0(g_main_loop_run+0x1ca)[0x3c92a3246a]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main+0xa3)[0x3711159043]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf43db6]
/usr/lib64/firefox-2.0.0.4/components/libtoolkitcomps.so[0x2aaaab5867b2]
/usr/lib64/firefox-2.0.0.4/firefox-bin[0x40848b]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3d3401daa4]
/usr/lib64/firefox-2.0.0.4/firefox-bin(__gxx_personality_v0+0x1a1)[0x4039b9]
======= Memory map: ========
00400000-00418000 r-xp 00000000 fd:00 4915690                           
/usr/lib64/firefox-2.0.0.4/firefox-bin
00618000-0061a000 rw-p 00018000 fd:00 4915690                           
/usr/lib64/firefox-2.0.0.4/firefox-bin
0061a000-02c73000 rw-p 0061a000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0 
40001000-40801000 rw-p 40001000 00:00 0 
40801000-40802000 ---p 40801000 00:00 0 
40802000-41002000 rw-p 40802000 00:00 0 
41002000-41003000 ---p 41002000 00:00 0 
41003000-41803000 rw-p 41003000 00:00 0 
41803000-41804000 ---p 41803000 00:0
Comment 1 Hans de Goede 2007-07-29 13:05:27 UTC 
This works fine for me, can you test again after udating to the latest firefox:
firefox-2.0.0.4-3.fc8.x86_64
Comment 2 pascal kolijn 2007-08-06 10:37:37 UTC 
I've got this too, with firefox-2.0.0.5-3.fc8.i386 and I had it too with 1 or 2
earlier versions ( using epiphany does not trigger it ).

eg: 
so if I go to:
http://torrent.fedoraproject.org/

and click the link:

rawhide-20070801.torrent

the dialog that should appear crashes firefox:

*** glibc detected *** /usr/lib/firefox-2.0.0.5/firefox-bin: double free or
corruption (out): 0x09844280 ***
======= Backtrace: =========
/lib/libc.so.6[0xd49041]
/lib/libc.so.6(cfree+0x90)[0xd4c670]
/lib/libglib-2.0.so.0(g_free+0x31)[0x886921]
/usr/lib/firefox-2.0.0.5/components/libgfx_gtk.so[0x10a57be]
/usr/lib/firefox-2.0.0.5/components/libgfx_gtk.so[0x10c1165]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x129634c]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1296d2d]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x12d90be]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bc455]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bd3c5]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bd067]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bc4ff]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x12b84b3]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151cb7e]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151f05b]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1522619]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1522fca]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1525267]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151c921]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa7c28]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa2baf]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa2c33]
/usr/lib/libgtk-x11-2.0.so.0[0x44b042]
/lib/libgobject-2.0.so.0(g_closure_invoke+0x123)[0x815f73]
/lib/libgobject-2.0.so.0[0x827acd]
/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0x828de6]
/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x8291d9]
/usr/lib/libgtk-x11-2.0.so.0[0x584848]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x42f)[0x44438f]
/usr/lib/libgdk-x11-2.0.so.0[0x71a301]
/usr/lib/libgdk-x11-2.0.so.0(gdk_window_process_all_updates+0x97)[0x71a527]
/usr/lib/libgtk-x11-2.0.so.0[0x39af6d]
/usr/lib/libgdk-x11-2.0.so.0[0x700588]
/lib/libglib-2.0.so.0[0x87d621]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x17c)[0x87f1ec]
/lib/libglib-2.0.so.0[0x88262f]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9)[0x8829d9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x4447b4]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa66b7]
/usr/lib/firefox-2.0.0.5/components/libtoolkitcomps.so[0x32a42d6]
/usr/lib/firefox-2.0.0.5/firefox-bin[0x804fa9d]
/usr/lib/firefox-2.0.0.5/firefox-bin(__gxx_personality_v0+0x2c0)[0x804ac30]
/lib/libc.so.6(__libc_start_main+0xe0)[0xcf70b0]
/usr/lib/firefox-2.0.0.5/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab51]
======= Memory map: ========
Comment 3 Hans de Goede 2007-08-06 10:55:09 UTC 
I just tried clicking that link in my i386 rawhide firefox, no prolem. So it
seems that this is not 64 bit related, as you have it with the i386 version, and
that some special condition is needed to trigger it. Can you think of anything
special with your system, plugins, non default gtk theme, anything?
Comment 4 pascal kolijn 2007-08-06 11:19:58 UTC 
If I login with a new user, firefox-2.0.0.5-3.fc8.i386 the 'download' window
works...

even moving my original ~/.mozilla/firefox aside does not help, so it must be
something else..

But as Hans suggests (mid-air collision :o) ) :

Changing my gtk-theme back to the default fixes the crash !

Thanx, for the suggestion, I know now where to look (although with a less
exiting desktop ;o) ) I hope this might also be some help for the Original Poster.
Comment 5 Christopher Aillon 2007-08-07 17:22:37 UTC 
What was the bad gtk theme?
Comment 6 pascal kolijn 2007-08-09 08:03:10 UTC 
Reuben ( http://gnome-look.org/content/show.php/Reuben?content=56098 or
http://gnome-look.org/content/show.php/Fawn?content=58426, but I noticed that it
is a theme by the same creator (!), so I guess she must be doing something wrong
:o) )
Comment 7 Christopher Aillon 2007-08-11 04:06:45 UTC 
Okay, its not one of ours, so closing out.  Might want to send a note to the
theme author.