Bug 448817
| Summary: | ajaxy widget triggers js_Interpret segmentation fault | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Luke Macken <lmacken> |
| Component: | firefox | Assignee: | Gecko Maintainer <gecko-bugs-nobody> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | CC: | mcepl, pfrields, walters |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox-3.0.1-1.fc9.i386 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-07-24 22:44:34 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Are you by chance able to reproduce it with upstream binary from http://www.mozilla.com/en-US/firefox/all-beta.html ? Reporter, could you please reply to the previous question? If you won't reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you. OK, now I am asking for the reproduction with the latest upgrades from Fedora 9. If you won't reply in one month, now I will really close this bug as INSUFFICIENT_DATA. Thank you. I am unable to reproduce this issue with the latest upstream binary. And firefox-3.0.1-1.fc9.i386? I'm unable to reproduce the issue with 3.0.1 either |
Description of problem: Occasionally, when using an ajaxy auto-complete field widget (the TurboGears AutoCompleteField, to be exact), firefox will segfault with the following backtrace: Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) bt #0 0x0000000000000000 in ?? () #1 0x0000003c9d24a07d in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4277 #2 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1303 #3 0x0000003c9bc48481 in nsXPCWrappedJSClass::CallMethod ( this=<value optimized out>, wrapper=<value optimized out>, methodIndex=<value optimized out>, info=<value optimized out>, nativeParams=<value optimized out>) at xpcwrappedjsclass.cpp:1475 #4 0x0000003c9c422bc1 in PrepareAndDispatch (self=<value optimized out>, methodIndex=<value optimized out>, args=<value optimized out>, gpregs=<value optimized out>, fpregs=<value optimized out>) at xptcstubs_x86_64_linux.cpp:151 #5 0x0000003c9c42206f in SharedStub () from /usr/lib64/xulrunner-1.9pre/libxul.so #6 0x0000003c9c421fd4 in NS_InvokeByIndex_P (that=<value optimized out>, methodIndex=<value optimized out>, paramCount=<value optimized out>, params=<value optimized out>) at xptcinvoke_x86_64_linux.cpp:208 #7 0x0000003c9bc4b4ef in XPCWrappedNative::CallMethod ( ccx=<value optimized out>, mode=<value optimized out>) at xpcwrappednative.cpp:2369 #8 0x0000003c9bc53c0b in XPC_WN_CallMethod (cx=<value optimized out>, obj=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>, vp=<value optimized out>) at xpcwrappednativejsops.cpp:1470 #9 0x0000003c9d24bf17 in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1287 #10 0x0000003c9d23f258 in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4841 #11 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1303 #12 0x0000003c9d239bd3 in fun_apply (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>) at jsfun.c:1650 #13 0x0000003c9d248789 in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4824 #14 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, #15 0x0000003c9bc48481 in nsXPCWrappedJSClass::CallMethod ( this=<value optimized out>, wrapper=<value optimized out>, methodIndex=<value optimized out>, info=<value optimized out>, nativeParams=<value optimized out>) at xpcwrappedjsclass.cpp:1475 #16 0x0000003c9c422bc1 in PrepareAndDispatch (self=<value optimized out>, methodIndex=<value optimized out>, args=<value optimized out>, gpregs=<value optimized out>, fpregs=<value optimized out>) at xptcstubs_x86_64_linux.cpp:151 #17 0x0000003c9c42206f in SharedStub () from /usr/lib64/xulrunner-1.9pre/libxul.so #18 0x0000003c9c2b8f3f in jsds_ExecutionHookProc (jsdc=<value optimized out>, jsdthreadstate=<value optimized out>, type=<value optimized out>, callerdata=<value optimized out>, rval=<value optimized out>) at jsd_xpc.cpp:690 #19 0x0000003c9c2b14d9 in jsd_CallExecutionHook (jsdc=<value optimized out>, cx=<value optimized out>, type=<value optimized out>, hook=<value optimized out>, hookData=<value optimized out>, rval=<value optimized out>) at jsd_hook.c:177 #20 0x0000003c9c2b0fbb in jsd_DebugErrorHook (cx=<value optimized out>, message=<value optimized out>, report=<value optimized out>, closure=<value optimized out>) at jsd_high.c:370 #21 0x0000003c9d222ab3 in js_ReportErrorVA (cx=<value optimized out>, flags=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at jscntxt.c:976 #22 0x0000003c9d216f9f in JS_ReportError (cx=<value optimized out>, format=<value optimized out>) at jsapi.c:5464 #23 0x0000003c9bd2475e in SetPendingException (cx=<value optimized out>, aMsg=<value optimized out>) at nsScriptSecurityManager.cpp:159 #24 0x0000003c9bd23dff in nsScriptSecurityManager::CheckPropertyAccessImpl ( this=<value optimized out>, aAction=<value optimized out>, aCallContext=<value optimized out>, cx=<value optimized out>, aJSObject=<value optimized out>, aObj=<value optimized out>, aTargetURI=<value optimized out>, aClassInfo=Could not find the frame base for "nsScriptSecurityManager::CheckPropertyAccessImpl(unsigned int, nsAXPCNativeCallContext*, JSContext*, JSObject*, nsISupports*, nsIURI*, nsIClassInfo*, char const*, long, void**)". ) at nsScriptSecurityManager.cpp:883 #25 0x0000003c9bd23f42 in nsScriptSecurityManager::CanAccess ( this=<value optimized out>, aAction=<value optimized out>, aCallContext=<value optimized out>, cx=<value optimized out>, aJSObject=<value optimized out>, aObj=<value optimized out>, aClassInfo=Could not find the frame base for "nsScriptSecurityManager::CanAccess(unsigned int, nsAXPCNativeCallContext*, JSContext*, JSObject*, nsISupports*, nsIClassInfo*, long, void**)". ) at nsScriptSecurityManager.cpp:3096 #26 0x0000003c9bc4abbe in XPCWrappedNative::CallMethod ( ccx=<value optimized out>, mode=<value optimized out>) at xpcwrappednative.cpp:1961 #27 0x0000003c9bc53afe in XPC_WN_GetterSetter (cx=<value optimized out>, obj=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>, vp=<value optimized out>) at xpcprivate.h:2256 #28 0x0000003c9d24bf17 in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1287 #29 0x0000003c9d24c159 in js_InternalInvoke (cx=<value optimized out>, obj=<value optimized out>, fval=<value optimized out>, flags=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>, rval=<value optimized out>) at jsinterp.c:1359 #30 0x0000003c9d24c25f in js_InternalGetOrSet (cx=<value optimized out>, obj=<value optimized out>, id=<value optimized out>, fval=<value optimized out>, mode=<value optimized out>, argc=<value optimized out>, argv=Could not find the frame base for "js_InternalGetOrSet". ) at jsinterp.c:1417 #31 0x0000003c9d252381 in js_NativeGet (cx=<value optimized out>, obj=<value optimized out>, pobj=<value optimized out>, sprop=<value optimized out>, vp=<value optimized out>) at jsobj.c:3543 #32 0x0000003c9d253381 in js_GetPropertyHelper (cx=<value optimized out>, obj=<value optimized out>, id=<value optimized out>, vp=<value optimized out>, entryp=<value optimized out>) at jsobj.c:3693 #33 0x0000003c9d23f5a2 in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4170 #34 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1303 #35 0x0000003c9d239bd3 in fun_apply (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>) at jsfun.c:1650 #36 0x0000003c9d248789 in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4824 #37 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1303 #38 0x0000003c9d239bd3 in fun_apply (cx=<value optimized out>, #39 0x0000003c9d248789 in js_Interpret (cx=0x7f6897259750) at jsinterp.c:4824 #40 0x0000003c9d24bf7f in js_Invoke (cx=<value optimized out>, argc=<value optimized out>, vp=<value optimized out>, flags=<value optimized out>) at jsinterp.c:1303 #41 0x0000003c9bc48481 in nsXPCWrappedJSClass::CallMethod ( this=<value optimized out>, wrapper=<value optimized out>, methodIndex=<value optimized out>, info=<value optimized out>, nativeParams=<value optimized out>) at xpcwrappedjsclass.cpp:1475 #42 0x0000003c9c422bc1 in PrepareAndDispatch (self=<value optimized out>, methodIndex=<value optimized out>, args=<value optimized out>, gpregs=<value optimized out>, fpregs=<value optimized out>) at xptcstubs_x86_64_linux.cpp:151 #43 0x0000003c9c42206f in SharedStub () from /usr/lib64/xulrunner-1.9pre/libxul.so #44 0x0000003c9bf1fcbc in nsEventListenerManager::HandleEventSubType ( this=<value optimized out>, aListenerStruct=<value optimized out>, aListener=<value optimized out>, aDOMEvent=<value optimized out>, aCurrentTarget=<value optimized out>, aPhaseFlags=<value optimized out>) at nsEventListenerManager.cpp:1080 #45 0x0000003c9bf202a2 in nsEventListenerManager::HandleEvent ( this=<value optimized out>, aPresContext=<value optimized out>, aEvent=<value optimized out>, aDOMEvent=<value optimized out>, aCurrentTarget=<value optimized out>, aFlags=<value optimized out>, aEventStatus=Could not find the frame base for "nsEventListenerManager::HandleEvent(nsPresContext*, nsEvent*, nsIDOMEvent**, nsISupports*, unsigned int, nsEventStatus*)". ) at nsEventListenerManager.cpp:1184 #46 0x0000003c9bf38eb2 in nsEventTargetChainItem::HandleEvent ( this=<value optimized out>, aVisitor=<value optimized out>, aFlags=<value optimized out>) at nsEventDispatcher.cpp:206 #47 0x0000003c9bf39053 in nsEventTargetChainItem::HandleEventTargetChain ( this=<value optimized out>, aVisitor=<value optimized out>, aFlags=<value optimized out>, aCallback=<value optimized out>) at nsEventDispatcher.cpp:287 #48 0x0000003c9bf3935f in nsEventDispatcher::Dispatch ( aTarget=<value optimized out>, aPresContext=<value optimized out>, aEvent=<value optimized out>, aDOMEvent=<value optimized out>, aEventStatus=<value optimized out>, aCallback=<value optimized out>) at nsEventDispatcher.cpp:479 #49 0x0000003c9bf26003 in nsEventStateManager::DispatchMouseEvent ( this=<value optimized out>, aEvent=<value optimized out>, aMessage=<value optimized out>, aTargetContent=<value optimized out>, aRelatedContent=<value optimized out>) at nsEventStateManager.cpp:2947 #50 0x0000003c9bf262f7 in nsEventStateManager::NotifyMouseOver ( this=<value optimized out>, aEvent=<value optimized out>, aContent=<value optimized out>) at nsEventStateManager.cpp:3070 #51 0x0000003c9bf28982 in nsEventStateManager::GenerateMouseEnterExit ( this=<value optimized out>, aEvent=<value optimized out>) at nsEventStateManager.cpp:3101 #52 0x0000003c9bf2c7a0 in nsEventStateManager::PreHandleEvent ( this=<value optimized out>, aPresContext=<value optimized out>, aEvent=<value optimized out>, aTargetFrame=<value optimized out>, aStatus=<value optimized out>, aView=<value optimized out>) at nsEventStateManager.cpp:857 #53 0x0000003c9bda5061 in PresShell::HandleEventInternal ( this=<value optimized out>, aEvent=<value optimized out>, aView=<value optimized out>, aStatus=<value optimized out>) at nsPresShell.cpp:5935 #54 0x0000003c9bda58d7 in PresShell::HandlePositionedEvent ( this=<value optimized out>, aView=<value optimized out>, aTargetFrame=<value optimized out>, aEvent=<value optimized out>, aEventStatus=<value optimized out>) at nsPresShell.cpp:5833 #55 0x0000003c9bda5d1c in PresShell::HandleEvent (this=<value optimized out>, aView=<value optimized out>, aEvent=<value optimized out>, aEventStatus=<value optimized out>) at nsPresShell.cpp:5693 #56 0x0000003c9c0014fa in nsViewManager::HandleEvent ( this=<value optimized out>, aView=<value optimized out>, aPoint=<value optimized out>, aEvent=<value optimized out>, aCaptured=<value optimized out>) at nsViewManager.cpp:1388 #57 0x0000003c9c003348 in nsViewManager::DispatchEvent ( this=<value optimized out>, aEvent=<value optimized out>, aStatus=<value optimized out>) at nsViewManager.cpp:1343 #58 0x0000003c9bffe249 in HandleEvent (aEvent=<value optimized out>) at nsView.cpp:168 #59 0x0000003c9c34c20d in nsCommonWidget::DispatchEvent ( this=<value optimized out>, aEvent=<value optimized out>, #60 0x0000003c9c347257 in nsWindow::OnMotionNotifyEvent ( this=<value optimized out>, aWidget=<value optimized out>, aEvent=<value optimized out>) at nsWindow.cpp:2023 #61 0x0000003c9c3473b1 in motion_notify_event_cb ( widget=<value optimized out>, event=<value optimized out>) at nsWindow.cpp:4623 #62 0x0000003c8c587f2a in _gtk_marshal_BOOLEAN__BOXED (closure=Could not find the frame base for "_gtk_marshal_BOOLEAN__BOXED". ) at gtkmarshalers.c:84 #63 0x0000003c85c0b6dd in IA__g_closure_invoke (closure=<value optimized out>, return_value=<value optimized out>, n_param_values=<value optimized out>, param_values=<value optimized out>, invocation_hint=<value optimized out>) at gclosure.c:490 #64 0x0000003c85c1f6c1 in signal_emit_unlocked_R (node=<value optimized out>, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:2440 #65 0x0000003c85c20a1f in IA__g_signal_emit_valist ( instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=<value optimized out>) at gsignal.c:2209 #66 0x0000003c85c210e3 in IA__g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>) at gsignal.c:2243 #67 0x0000003c8c6f4df5 in gtk_widget_event_internal (widget=Could not find the frame base for "gtk_widget_event_internal". ) at gtkwidget.c:4678 #68 0x0000003c8c6f493d in IA__gtk_widget_event (widget=Could not find the frame base for "IA__gtk_widget_event". ) at gtkwidget.c:4478 #69 0x0000003c8c5864c6 in IA__gtk_propagate_event (widget=Could not find the frame base for "IA__gtk_propagate_event". ) at gtkmain.c:2336 #70 0x0000003c8c5850fd in IA__gtk_main_do_event (event=Could not find the frame base for "IA__gtk_main_do_event". ) at gtkmain.c:1556 #71 0x0000003c8cc57c29 in gdk_event_dispatch (source=Could not find the frame base for "gdk_event_dispatch". ) at gdkevents-x11.c:2351 #72 0x0000003c8583749b in IA__g_main_context_dispatch ( context=<value optimized out>) at gmain.c:2009 #73 0x0000003c8583ac7d in g_main_context_iterate ( context=<value optimized out>, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2642 #74 0x0000003c8583ae3b in IA__g_main_context_iteration ( context=<value optimized out>, may_block=<value optimized out>) #75 0x0000003c9c35fea1 in nsBaseAppShell::DoProcessNextNativeEvent ( this=<value optimized out>, mayWait=<value optimized out>) at nsBaseAppShell.cpp:151 #76 0x0000003c9c35ffef in nsBaseAppShell::OnProcessNextEvent ( this=<value optimized out>, thr=<value optimized out>, mayWait=<value optimized out>, recursionDepth=<value optimized out>) at nsBaseAppShell.cpp:296 #77 0x0000003c9c416a4b in nsThread::ProcessNextEvent ( this=<value optimized out>, mayWait=<value optimized out>, result=<value optimized out>) at nsThread.cpp:497 #78 0x0000003c9c3e82f6 in NS_ProcessNextEvent_P (thread=<value optimized out>, mayWait=<value optimized out>) at nsThreadUtils.cpp:227 #79 0x0000003c9c36010d in nsBaseAppShell::Run (this=<value optimized out>) at nsBaseAppShell.cpp:170 #80 0x0000003c9c2235bd in nsAppStartup::Run (this=<value optimized out>) at nsAppStartup.cpp:181 #81 0x0000003c9bc1f73b in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3154 #82 0x0000000000401665 in __gxx_personality_v0 () at ../../../../libstdc++-v3/libsupc++/eh_personality.cc:363 #83 0x0000003c8401e32a in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=Could not find the frame base for "__libc_start_main". ) at libc-start.c:220 #84 0x0000000000401159 in __gxx_personality_v0 () at ../../../../libstdc++-v3/libsupc++/eh_personality.cc:363 #85 0x00007fffab949968 in ?? () #86 0x000000000000001c in ?? () #87 0x0000000000000001 in ?? () #88 0x00007fffab94a303 in ?? () #89 0x0000000000000000 in ?? () Version-Release number of selected component (if applicable): firefox-3.0-0.60.beta5.fc9.x86_64 How reproducible: Sometimes Steps to Reproduce: 1. Give auto-complete field focus 2. type something, and remove focus Actual results: *boom* Expected results: ajaxy widget should work, and not explode.