Bug 452579

Summary: Firefox crashes randomly
Product: [Fedora] Fedora Reporter: Michael McLagan <mmclagan>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 9CC: mcepl, walters
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-17 16:51:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael McLagan 2008-06-23 20:47:34 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Start firefox
2. Restore session
3. wait...
  
Actual results:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d836d0 (LWP 5766)]
nsVoidArray::AppendElement (this=0xbfc630cc, aElement=0xbfc6312c)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
108       PRBool AppendElement(void* aElement) {
(gdb) bt
#0  nsVoidArray::AppendElement (this=0xbfc630cc, aElement=0xbfc6312c)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
#1  0xb6ef4d47 in ~RuleProcessorData (this=0xbfc6312c)
    at nsCSSRuleProcessor.cpp:895
#2  0xb6f272d4 in nsStyleSet::ResolveStyleFor (this=0xab22bf0, 
    aContent=0xb3e9758, aParentContext=0xa5ac2f4)
    at nsIStyleRuleProcessor.h:111
#3  0xb6e51a39 in nsFrameManager::ReResolveStyleContext (this=0xa49f59c, 
    aPresContext=0xb3eb868, aFrame=0xb3d5518, aParentContent=0xb132f60, 
    aChangeList=0xbfc63558, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1176
#4  0xb6e5168f in nsFrameManager::ReResolveStyleContext (this=0xa49f59c, 
    aPresContext=0xb3eb868, aFrame=0xb19e988, aParentContent=0xa8b0ef8, 
    aChangeList=0xbfc63558, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#5  0xb6e5168f in nsFrameManager::ReResolveStyleContext (this=0xa49f59c, 
    aPresContext=0xb3eb868, aFrame=0xb822580, aParentContent=0xa8b0ef8, 
    aChangeList=0xbfc63558, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#6  0xb6e5168f in nsFrameManager::ReResolveStyleContext (this=0xa49f59c, 
    aPresContext=0xb3eb868, aFrame=0xb822434, aParentContent=0xb4fb0e0, 
    aChangeList=0xbfc63558, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#7  0xb6e517f8 in nsFrameManager::ReResolveStyleContext (this=0xa49f59c, 
    aPresContext=0xb3eb868, aFrame=0xb822284, aParentContent=0x0, 
    aChangeList=0xbfc63558, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1394
#8  0xb6e51ae6 in nsFrameManager::ComputeStyleChangeFor (this=0xa49f59c, 
    aFrame=0xb822284, aChangeList=0xbfc63558, aMinChange=0)
    at nsFrameManager.cpp:1470
#9  0xb6e38cd8 in nsCSSFrameConstructor::RestyleElement (this=0xb5bfc48, 
    aContent=0xb4fb0e0, aPrimaryFrame=0xb822284, 
    aMinHint=<value optimized out>) at nsCSSFrameConstructor.cpp:10067
#10 0xb6e38e68 in nsCSSFrameConstructor::ProcessOneRestyle (this=0xb5bfc48, 
    aContent=0xb4fb0e0, aRestyleHint=<value optimized out>, aChangeHint=0)
    at nsCSSFrameConstructor.cpp:13377
#11 0xb6e38fdc in nsCSSFrameConstructor::ProcessPendingRestyles (
    this=0xb5bfc48) at nsCSSFrameConstructor.cpp:13471
#12 0xb6e60ed1 in PresShell::DoFlushPendingNotifications (this=0xa49f580, 
    aType=Flush_Style, aInterruptibleReflow=0) at nsPresShell.cpp:4548
#13 0xb6e6102f in PresShell::FlushPendingNotifications (this=0xa49f580, 
    aType=Flush_Style) at nsPresShell.cpp:4514
#14 0xb6e27129 in nsCSSFrameConstructor::RestyleEvent::Run (this=0xbfc630cc)
    at nsCSSFrameConstructor.cpp:13544
#15 0xb75029e2 in nsThread::ProcessNextEvent (this=0x9780e00, mayWait=1, 
    result=0xbfc63de4) at nsThread.cpp:510
#16 0xb74cf978 in NS_ProcessNextEvent_P (thread=0xbfc630cc, mayWait=1)
    at nsThreadUtils.cpp:227
#17 0xb7445210 in nsBaseAppShell::Run (this=0x9822cf8)
    at nsBaseAppShell.cpp:170
#18 0xb72f9558 in nsAppStartup::Run (this=0x9856140) at nsAppStartup.cpp:181
#19 0xb6cc9961 in XRE_main (argc=1, argv=0xbfc674f4, aAppData=0x9736d00)
    at nsAppRunner.cpp:3170
#20 0x08049169 in main (argc=1, argv=0xbfc674f4) at nsXULStub.cpp:364

-------------------------------------------------------------------------------

Program received signal SIGSEGV, Segmentation fault.
nsVoidArray::AppendElement (this=0xbfcdb94c, aElement=0xbfcdb9ac)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
108       PRBool AppendElement(void* aElement) {
Missing separate debuginfos, use: debuginfo-install ORBit2.i386 alsa-lib.i386
audiofile.i386 avahi.i386 bzip2.i386 dbus-glib.i386 dbus.i386 e2fsprogs.i386
esound.i386 expat.i386 fontconfig.i386 freetype.i386 gail.i386
gnome-keyring.i386 gtk-nodoka-engine.i386 hunspell.i386 keyutils.i386 krb5.i386
lcms.i386 libICE.i386 libSM.i386 libX11.i386 libXScrnSaver.i386 libXau.i386
libXcomposite.i386 libXcursor.i386 libXdmcp.i386 libXext.i386 libXfixes.i386
libXft.i386 libXi.i386 libXinerama.i386 libXrandr.i386 libXrender.i386
libXt.i386 libart_lgpl.i386 libbonobo.i386 libbonoboui.i386 libcap.i386
libcroco.i386 libgnome.i386 libgnomecanvas.i386 libgnomeui.i386 libgsf.i386
libjpeg.i386 libpng.i386 librsvg2.i386 libselinux.i386 libxcb.i386 libxml2.i386
nss-mdns.i386 openssl.i686 pixman.i386 popt.i386 sqlite.i386 zlib.i386
(gdb) print this
$1 = (nsVoidArray * const) 0xbfcdb94c
(gdb) print aElement
$2 = (void *) 0xbfcdb9ac
#0  nsVoidArray::AppendElement (this=0xbfcdb94c, aElement=0xbfcdb9ac)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
#1  0xb6e6dd47 in ~RuleProcessorData (this=0xbfcdb9ac)
    at nsCSSRuleProcessor.cpp:895
#2  0xb6ea02d4 in nsStyleSet::ResolveStyleFor (this=0x9687f40, 
    aContent=0xa1e2278, aParentContext=0xb187ba8)
    at nsIStyleRuleProcessor.h:111
#3  0xb6dcaa39 in nsFrameManager::ReResolveStyleContext (this=0xa7129ac, 
    aPresContext=0x97b8fa8, aFrame=0xa1e4aa8, aParentContent=0xa1e19c0, 
    aChangeList=0xbfcdbdd8, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1176
#4  0xb6dca68f in nsFrameManager::ReResolveStyleContext (this=0xa7129ac, 
    aPresContext=0x97b8fa8, aFrame=0xa1e4d78, aParentContent=0xa1e1950, 
    aChangeList=0xbfcdbdd8, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#5  0xb6dca68f in nsFrameManager::ReResolveStyleContext (this=0xa7129ac, 
    aPresContext=0x97b8fa8, aFrame=0xa1e46cc, aParentContent=0xa1e1950, 
    aChangeList=0xbfcdbdd8, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#6  0xb6dca68f in nsFrameManager::ReResolveStyleContext (this=0xa7129ac, 
    aPresContext=0x97b8fa8, aFrame=0xa1e4580, aParentContent=0xb18f1c8, 
    aChangeList=0xbfcdbdd8, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
#7  0xb6dca7f8 in nsFrameManager::ReResolveStyleContext (this=0xa7129ac, 
    aPresContext=0x97b8fa8, aFrame=0xa1e43d0, aParentContent=0x0, 
    aChangeList=0xbfcdbdd8, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1394
#8  0xb6dcaae6 in nsFrameManager::ComputeStyleChangeFor (this=0xa7129ac, 
    aFrame=0xa1e43d0, aChangeList=0xbfcdbdd8, aMinChange=0)
    at nsFrameManager.cpp:1470
#9  0xb6db1cd8 in nsCSSFrameConstructor::RestyleElement (this=0xb1fe270, 
    aContent=0xb18f1c8, aPrimaryFrame=0xa1e43d0, 
    aMinHint=<value optimized out>) at nsCSSFrameConstructor.cpp:10067
#10 0xb6db1e68 in nsCSSFrameConstructor::ProcessOneRestyle (this=0xb1fe270, 
    aContent=0xb18f1c8, aRestyleHint=<value optimized out>, aChangeHint=0)
    at nsCSSFrameConstructor.cpp:13377
#11 0xb6db1fdc in nsCSSFrameConstructor::ProcessPendingRestyles (
    this=0xb1fe270) at nsCSSFrameConstructor.cpp:13471
#12 0xb6dd9ed1 in PresShell::DoFlushPendingNotifications (this=0xa712990, 
    aType=Flush_Style, aInterruptibleReflow=0) at nsPresShell.cpp:4548
#13 0xb6dda02f in PresShell::FlushPendingNotifications (this=0xa712990, 
    aType=Flush_Style) at nsPresShell.cpp:4514
#14 0xb6da0129 in nsCSSFrameConstructor::RestyleEvent::Run (this=0xbfcdb94c)
    at nsCSSFrameConstructor.cpp:13544
#15 0xb747b9e2 in nsThread::ProcessNextEvent (this=0x8264e00, mayWait=1, 
    result=0xbfcdc664) at nsThread.cpp:510
#16 0xb7448978 in NS_ProcessNextEvent_P (thread=0xbfcdb94c, mayWait=1)
    at nsThreadUtils.cpp:227
#17 0xb73be210 in nsBaseAppShell::Run (this=0x8306f00)
    at nsBaseAppShell.cpp:170
#18 0xb7272558 in nsAppStartup::Run (this=0x833a350) at nsAppStartup.cpp:181
#19 0xb6c42961 in XRE_main (argc=1, argv=0xbfcdfd74, aAppData=0x821ad00)
    at nsAppRunner.cpp:3170
#20 0x08049169 in main (argc=1, argv=0xbfcdfd74) at nsXULStub.cpp:364


Expected results:

Anything but the above!!

Additional info:

Seems to be irrelevant what pages are loaded.  It's crashed twice (at the same
spot) entering this bug report!! :(
Comment 1 Michael McLagan 2008-06-23 20:50:39 UTC 
Description of problem:
Firefox segfaults while resizing, moving the mouse across a window, when it's
sitting minimized, etc.  There's no particular rhyme or reason to when it occurs.

Version-Release number of selected component (if applicable):
firefox-3.0-1.fc9.i386

How reproducible:
Extremely annoyingly regular.
Comment 2 Michael McLagan 2008-06-25 04:32:59 UTC 
It happened again at the same spot, this time when I clicked on a "View Order"
button at Amazon.com.

This is a 'bt full' : 

Program received signal SIGSEGV, Segmentation fault.
nsVoidArray::AppendElement (this=0xbfd711dc, aElement=0xbfd7123c)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
108       PRBool AppendElement(void* aElement) {
(gdb) bt full
#0  nsVoidArray::AppendElement (this=0xbfd711dc, aElement=0xbfd7123c)
    at ../../../../dist/include/xpcom/nsVoidArray.h:108
No locals.
#1  0xb6e03d47 in ~RuleProcessorData (this=0xbfd7123c)
    at nsCSSRuleProcessor.cpp:895
No locals.
#2  0xb6e362d4 in nsStyleSet::ResolveStyleFor (this=0x9e1d280, 
    aContent=0x9a51108, aParentContext=0xaad39760)
    at nsIStyleRuleProcessor.h:111
        data = {<RuleProcessorData> = {mPresContext = 0xa70a990, 
    mContent = 0x9a51108, mParentContent = 0xa7970e0, mRuleWalker = 0xa95dff0, 
    mScopedRoot = 0x0, mContentTag = 0xb4186f10, mContentID = 0x0, 
    mIsHTMLContent = 1 '\001', mIsLink = 0 '\0', mHasAttributes = 1 '\001', 
    mCompatMode = eCompatibility_AlmostStandards, 
    mLinkState = eLinkState_Unknown, mEventState = 32768, mNameSpaceID = 3, 
    mClasses = 0x9a51200, mPreviousSiblingData = 0x0, mParentData = 0x99c6af8, 
    mLanguage = 0x0}, <No data fields>}
        result = (nsStyleContext *) 0x99c6f14
        presContext = (class nsPresContext *) 0xa70a990
#3  0xb6d60a39 in nsFrameManager::ReResolveStyleContext (this=0x9e1d394, 
    aPresContext=0xa70a990, aFrame=0xaa28fa4, aParentContent=0xa7970e0, 
    aChangeList=0xbfd71668, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1176
        localContent = (class nsIContent *) 0x9a51108
        content = (class nsIContent *) 0x9a51108
        parentContext = (nsStyleContext *) 0xaad39760
        providerIsChild = 0
        pseudoTag = (class nsIAtom * const) 0x0
        resolvedChild = (class nsIFrame *) 0x0
        providerFrame = (class nsIFrame *) 0x99c8450
        newContext = <value optimized out>
        contextIndex = <value optimized out>
        assumeDifferenceHint = 0
        oldContext = (nsStyleContext *) 0x99c6bd8
        styleSet = (nsStyleSet *) 0x9e1d280
        isAccessibilityActive = 0
        isVisible = 32768
#4  0xb6d6068f in nsFrameManager::ReResolveStyleContext (this=0x9e1d394, 
    aPresContext=0xa70a990, aFrame=0x99c8450, aParentContent=0xa797070, 
    aChangeList=0xbfd71668, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
        child = (class nsIFrame *) 0xaa28fa4
        listIndex = 0
        childList = <value optimized out>
        localContent = (class nsIContent *) 0xa7970e0
        content = (class nsIContent *) 0xa7970e0
        parentContext = (nsStyleContext *) 0xaad39900
        providerIsChild = 0
        pseudoTag = (class nsIAtom * const) 0x0
        resolvedChild = (class nsIFrame *) 0x0
        providerFrame = (class nsIFrame *) 0x99c8330
        newContext = (nsStyleContext *) 0xaad39760
        contextIndex = 0
        assumeDifferenceHint = 0
        oldContext = <value optimized out>
        styleSet = (nsStyleSet *) 0x9e1d280
        isAccessibilityActive = 0
        isVisible = -1212688252
#5  0xb6d6068f in nsFrameManager::ReResolveStyleContext (this=0x9e1d394, 
    aPresContext=0xa70a990, aFrame=0x99c83c4, aParentContent=0xa797070, 
    aChangeList=0xbfd71668, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
        child = (class nsIFrame *) 0x99c8450
        listIndex = 0
        childList = <value optimized out>
        localContent = (class nsIContent *) 0xa797070
        content = (class nsIContent *) 0xa797070
        parentContext = (nsStyleContext *) 0xaad39900
        providerIsChild = 0
        pseudoTag = (class nsIAtom * const) 0x98817e8
        resolvedChild = (class nsIFrame *) 0x0
        providerFrame = (class nsIFrame *) 0x99c8330
        newContext = (nsStyleContext *) 0xaad39880
        contextIndex = 0
        assumeDifferenceHint = 0
        oldContext = <value optimized out>
        styleSet = (nsStyleSet *) 0x9e1d280
        isAccessibilityActive = 0
        isVisible = 32768
#6  0xb6d6068f in nsFrameManager::ReResolveStyleContext (this=0x9e1d394, 
    aPresContext=0xa70a990, aFrame=0x99c8330, aParentContent=0x9a09e60, 
    aChangeList=0xbfd71668, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1404
        child = (class nsIFrame *) 0x99c83c4
        listIndex = 0
        childList = <value optimized out>
        localContent = (class nsIContent *) 0xa797070
        content = (class nsIContent *) 0xa797070
        parentContext = (nsStyleContext *) 0x99c6650
        providerIsChild = 0
        pseudoTag = (class nsIAtom * const) 0x0
        resolvedChild = (class nsIFrame *) 0x0
        providerFrame = (class nsIFrame *) 0x99c66a0
        newContext = (nsStyleContext *) 0xaad39900
        contextIndex = 0
        assumeDifferenceHint = 0
        oldContext = <value optimized out>
        styleSet = (nsStyleSet *) 0x9e1d280
        isAccessibilityActive = 0
        isVisible = 32768
#7  0xb6d607f8 in nsFrameManager::ReResolveStyleContext (this=0x9e1d394, 
    aPresContext=0xa70a990, aFrame=0x99c66a0, aParentContent=0x0, 
    aChangeList=0xbfd71668, aMinChange=nsChangeHint_RepaintFrame)
    at nsFrameManager.cpp:1394
        child = (class nsIFrame *) 0x99c8c18
        listIndex = 0
        childList = <value optimized out>
        localContent = (class nsIContent *) 0x9a09e60
        content = (class nsIContent *) 0x9a09e60
        parentContext = (nsStyleContext *) 0x99c6494
        providerIsChild = 0
        pseudoTag = (class nsIAtom * const) 0x0
        resolvedChild = (class nsIFrame *) 0x0
        providerFrame = (class nsIFrame *) 0x99c6540
        newContext = (nsStyleContext *) 0x99c6650
        contextIndex = 0
        assumeDifferenceHint = 0
        oldContext = <value optimized out>
        styleSet = (nsStyleSet *) 0x9e1d280
        isAccessibilityActive = 0
        isVisible = -1226044090
#8  0xb6d60ae6 in nsFrameManager::ComputeStyleChangeFor (this=0x9e1d394, 
    aFrame=0x99c66a0, aChangeList=0xbfd71668, aMinChange=0)
    at nsFrameManager.cpp:1470
        frameChange = <value optimized out>
        topLevelChange = 0
        frame = (class nsIFrame *) 0x99c66a0
        frame2 = (class nsIFrame *) 0x99c66a0
        propTable = (nsPropertyTable *) 0xa70aa04
#9  0xb6d47cd8 in nsCSSFrameConstructor::RestyleElement (this=0x9e1d630, 
    aContent=0x9a09e60, aPrimaryFrame=0x99c66a0, 
    aMinHint=<value optimized out>) at nsCSSFrameConstructor.cpp:10067
        changeList = {mArray = 0xbfd71674, mArraySize = 10, mCount = 1, 
  mBuffer = {{mFrame = 0x99c66a0, mContent = 0x9a09e60, 
      mHint = nsChangeHint_RepaintFrame}, {mFrame = 0x0, mContent = 0x9a09e60, 
      mHint = 3084877812}, {mFrame = 0xc, mContent = 0xb7df9178, mHint = 41}, {
      mFrame = 0x9a09e60, mContent = 0x49a374d8, mHint = 3218544632}, {
      mFrame = 0x9e1d630, mContent = 0xbfd716d8, mHint = 3067482415}, {
      mFrame = 0xc, mContent = 0x1, mHint = 165794720}, {mFrame = 0xb741ce9a, 
      mContent = 0x98900a0, mHint = 161521248}, {mFrame = 0x0, mContent = 0x0, 
      mHint = 3218544632}, {mFrame = 0x9e1d630, mContent = 0xbfd716f8, 
      mHint = 3067530093}, {mFrame = 0x9e1d394, mContent = 0x9a09e60, 
      mHint = 4294967295}}}
#10 0xb6d47e68 in nsCSSFrameConstructor::ProcessOneRestyle (this=0x9e1d630, 
    aContent=0x9a09e60, aRestyleHint=<value optimized out>, aChangeHint=0)
    at nsCSSFrameConstructor.cpp:13377
        primaryFrame = (class nsIFrame *) 0x99c66a0
#11 0xb6d47fdc in nsCSSFrameConstructor::ProcessPendingRestyles (
    this=0x9e1d630) at nsCSSFrameConstructor.cpp:13471
        currentRestyle = (
    nsCSSFrameConstructor::RestyleEnumerateData *) 0xbfd717f8
        count = 1
        restyleArr = {<nsTArray<nsCSSFrameConstructor::RestyleEnumerateData>> =
{<nsTArray_base> = {static sEmptyHdr = {mLength = 0, mCapacity = 0, 
        mIsAutoArray = 0}, mHdr = 0xbfd717f0}, <No data fields>}, 
  mAutoBuf =
"\001\000\000\000\200\000\000\200\001\000\000\000\000\000\000\000`\236 \tÜ\037\"\n\001\000\000\000\001\000\000\000XæÈ·Ð\037\"\nà\201\f\nà\201\f\nä\037\"\nð\037\"\n\001\000\000\000µ\201Á·\001\000\000\000\001\000\000\000 (ð¯\004xÄ·\bq[\n¼(Ö\n\030\033׿\000\000\000\000\000q[\n¼\037\"\n¼\037\"\nÔ\032׿Ô\032׿¼\032׿\0200«®\bq[\n\220û°´ðØ\024«¤ÜÜ·\224¿Ü·Â¾Ü·\000\000\000\000\024\031׿\000\000\000\000x\221ß·\020\000\000\000`Çá\t¤ÝÈ·\020\000\000\000\000\000\000\000\030\031׿\n\200Ä·à\030׿
\201\f\n"...}
        restylesToProcess = (
    nsCSSFrameConstructor::RestyleEnumerateData *) 0xbfd717f8
        lastRestyle = (
    nsCSSFrameConstructor::RestyleEnumerateData *) 0xbfd71804
#12 0xb6d6fed1 in PresShell::DoFlushPendingNotifications (this=0x9e1d378, 
    aType=Flush_Style, aInterruptibleReflow=0) at nsPresShell.cpp:4548
        kungFuDeathGrip = {<nsCOMPtr_base> = {
    mRawPtr = 0x9e1d378}, <No data fields>}
        batch = {mRootVM = {<nsCOMPtr_base> = {
      mRawPtr = 0x9ebade8}, <No data fields>}}
        updateFlags = <value optimized out>
        isSafeToFlush = 1
        viewManagerDeathGrip = {<nsCOMPtr_base> = {
    mRawPtr = 0xa70b380}, <No data fields>}
#13 0xb6d7002f in PresShell::FlushPendingNotifications (this=0x9e1d378, 
    aType=Flush_Style) at nsPresShell.cpp:4514
No locals.
#14 0xb6d36129 in nsCSSFrameConstructor::RestyleEvent::Run (this=0xbfd711dc)
    at nsCSSFrameConstructor.cpp:13544
No locals.
#15 0xb74119e2 in nsThread::ProcessNextEvent (this=0x986fe00, mayWait=1, 
    result=0xbfd71ef4) at nsThread.cpp:510
        notifyGlobalObserver = 1
        obs = {<nsCOMPtr_base> = {mRawPtr = 0xb4b2e83c}, <No data fields>}
        event = {<nsCOMPtr_base> = {mRawPtr = 0xa758790}, <No data fields>}
        rv = 3073720303
#16 0xb73de978 in NS_ProcessNextEvent_P (thread=0xbfd711dc, mayWait=1)
    at nsThreadUtils.cpp:227
        val = <value optimized out>
#17 0xb7354210 in nsBaseAppShell::Run (this=0xb4b2e838)
    at nsBaseAppShell.cpp:170
        thread = (class nsIThread *) 0x986fe00
#18 0xb7208558 in nsAppStartup::Run (this=0xb4b359a8) at nsAppStartup.cpp:181
        rv = <value optimized out>
#19 0xb6bd8961 in XRE_main (argc=1, argv=0xbfd75604, aAppData=0x9825d00)
    at nsAppRunner.cpp:3170
        obsService = {<nsCOMPtr_base> = {
    mRawPtr = 0xb4b00950}, <No data fields>}
        remoteService = {<nsCOMPtr_base> = {
    mRawPtr = 0xb0337058}, <No data fields>}
        appStartup = {<nsCOMPtr_base> = {
    mRawPtr = 0xb4b359a8}, <No data fields>}
        workingDir = {<nsCOMPtr_base> = {
    mRawPtr = 0xb41ad838}, <No data fields>}
        chromeObserver = {<nsCOMPtr_base> = {
    mRawPtr = 0x98c9438}, <No data fields>}
        cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0xb41755c0}, <No data fields>}
        noEMRestart = <value optimized out>
        xpcom = {mServiceManager = 0x98826a4}
        desktopStartupIDEnv = <value optimized out>
        updRoot = {<nsCOMPtr_base> = {mRawPtr = 0x9825e90}, <No data fields>}
        persistent = 1
        profLD = {<nsCOMPtr_base> = {mRawPtr = 0x986fd10}, <No data fields>}
        dirProvider = {<nsIDirectoryServiceProvider2> =
{<nsIDirectoryServiceProvider> = {<nsISupports> = {
        _vptr.nsISupports = 0xb7acb6c8}, <No data fields>}, <No data fields>},
<nsIProfileStartup> = {<nsISupports> = {
      _vptr.nsISupports = 0xb7acb6ec}, <No data fields>}, 
  mAppProvider = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, 
  mGREDir = {<nsCOMPtr_base> = {mRawPtr = 0x9825f30}, <No data fields>}, 
  mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x9825e90}, <No data fields>}, 
  mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x986fc98}, <No data fields>}, 
  mProfileLocalDir = {<nsCOMPtr_base> = {
      mRawPtr = 0x986fd10}, <No data fields>}, mProfileNotified = 1 '\001', 
  mExtensionsLoaded = 1 '\001', mAppBundleDirectories = {<nsCOMArray_base> = {
      mArray = {mImpl = 0x0}}, <No data fields>}, 
  mExtensionDirectories = {<nsCOMArray_base> = {mArray = {
        mImpl = 0x98a0a18}}, <No data fields>}, 
  mThemeDirectories = {<nsCOMArray_base> = {mArray = {
        mImpl = 0x98a0a48}}, <No data fields>}}
        nativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x98413f0}, <No data fields>}
        desktopStartupIDPtr = <value optimized out>
        startOffline = 0
        profileName = {<nsFixedCString> = {<nsCString> = {<nsACString_internal>
= {<nsCSubstring_base> = {<No data fields>}, mData = 0x987a480 "default", 
        mLength = 7, mFlags = 65541}, <No data fields>}, mFixedCapacity = 63, 
    mFixedBuf = 0xbfd722d4 ""}, 
  mStorage =
"\000\"׿ULз@\221ß·t\000\000\000@\221ß·\b#׿ôÏñ·t\000\000\0008$׿(#׿Íg»·8_\202\t\204Ø··(#׿`\201@·8_\202\t"}
        upgraded = <value optimized out>
        versionOK = <value optimized out>
        appInitiatedRestart = <value optimized out>
        desktopStartupID = {<nsFixedCString> = {<nsCString> =
{<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData =
0xbfd72328 "", 
        mLength = 0, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, 
    mFixedBuf = 0xbfd72328 ""}, 
  mStorage =
"\000#׿ÀÙB·0_\202\t´!\005\bX#׿ØÈB·T$׿\001\000\000\000îT@·´!\005\b8$׿\000\000\000\000x#׿àÑ\004\b8$׿\000\000\000"}
        canRun = 1
        xremotearg = <value optimized out>
        profileLock = {<nsCOMPtr_base> = {
    mRawPtr = 0x987a638}, <No data fields>}
        profD = {<nsCOMPtr_base> = {mRawPtr = 0x986fc98}, <No data fields>}
        version = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> =
{<nsCSubstring_base> = {<No data fields>}, 
        mData = 0xbfd72280 "3.0_2008061712/2008061712", mLength = 25, 
        mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, 
    mFixedBuf = 0xbfd72280 "3.0_2008061712/2008061712"}, 
  mStorage =
"3.0_2008061712/2008061712\000ß·(_\202\t\220^\202\tT$׿\002\000\000\000\000\000\000\000\230^\202\t\204Ø··Ø\"׿`\201@·"}
        needsRestart = 0
        display = (GdkDisplay *) 0x983b020
        osABI = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> =
{<No data fields>}, mData = 0xb74773f3 "Linux_x86-gcc3", mLength = 14, 
      mFlags = 1}, <No data fields>}, <No data fields>}
        rv = 0
        ar = <value optimized out>
        gtkModules = <value optimized out>
        override = 0x0
        appData = {<nsXREAppData> = {size = 56, ry = 0x9825e90, 
    vendor = 0x98267e8 "Mozilla", name = 0x98267c8 "Firefox", 
    version = 0x98267d8 "3.0", buildID = 0x9817c38 "2008061712", 
    ID = 0x9825fd0 "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", 
    copyright = 0x9826000 "Copyright (c) 1998 - 2008 mozilla.org", flags = 6, 
    xreDirectory = 0x9825f30, minVersion = 0x9826758 "1.9", 
    maxVersion = 0x9826768 "1.9", 
    crashReporterURL = 0x9826030 "https://crash-reports.mozilla.com/submit", 
    profile = 0x0}, <No data fields>}
        iniFile = {<nsCOMPtr_base> = {mRawPtr = 0x9826060}, <No data fields>}
        localIniFile = {<nsCOMPtr_base> = {
    mRawPtr = 0x9826060}, <No data fields>}
        parser = {
  mSections = {<nsBaseHashtable<nsDepCharHashKey,
nsAutoPtr<nsINIParser_internal::INIValue>, nsINIParser_internal::INIValue*>> =
{<nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser_internal::INIValue> > >> = {
        mTable = {ops = 0xb7b944e4, data = 0x0, hashShift = 28, 
          maxAlphaFrac = 192 'À', minAlphaFrac = 64 '@', entrySize = 12, 
          entryCount = 1, removedCount = 0, generation = 0, 
          entryStore = 0x9826270 ""}}, <No data fields>}, <No data fields>}, 
  mFileContents = {mRawPtr = 0x9826338 "[Build"}}
        i = <value optimized out>
#20 0x08049169 in main (argc=1, argv=0xbfd75604) at nsXULStub.cpp:364
        iniFile = {<nsCOMPtr_base> = {mRawPtr = 0x9825c88}, <No data fields>}
        appData = {mAppData = 0x9825d00}
        rv = <value optimized out>
        lastSlash = <value optimized out>
        iniPath = "/usr/lib/firefox-3.0pre/application.ini", '\0' <repeats 4056
times>
        tmpPath = '\0' <repeats 4095 times>
        greDir = "/usr/lib/xulrunner-1.9\000libxpcom.so", '\0' <repeats 4061 times>
        fileStat = {st_dev = 771, __pad1 = 0, st_ino = 2143365, 
  st_mode = 33261, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0, 
  __pad2 = 0, st_size = 43124, st_blksize = 4096, st_blocks = 88, st_atim = {
    tv_sec = 1214367640, tv_nsec = 0}, st_mtim = {tv_sec = 1213734561, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1213916982, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
        parser = {
  mSections = {<nsBaseHashtable<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue>, nsINIParser::INIValue*>> =
{<nsTHashtable<nsBaseHashtableET<nsDepCharHashKey,
nsAutoPtr<nsINIParser::INIValue> > >> = {mTable = {ops = 0x8052274, 
          data = 0x0, hashShift = 28, maxAlphaFrac = 192 'À', 
          minAlphaFrac = 64 '@', entrySize = 12, entryCount = 4, 
          removedCount = 0, generation = 0, 
          entryStore = 0x9817170 ""}}, <No data fields>}, <No data fields>}, 
  mFileContents = {mRawPtr = 0x9817238 "; ***** BEGIN LICENSE BLOCK *****"}}
        retval = <value optimized out>
        kXULFuncs = {{functionName = 0x804e0c5 "XRE_CreateAppData", 
    function = 0x805229c}, {functionName = 0x804e0d7 "XRE_FreeAppData", 
    function = 0x80522a0}, {functionName = 0x804e0e7 "XRE_main", 
    function = 0x80522a4}, {functionName = 0x0, function = 0x0}}
        kProperties = {{property = 0x804e0b6 "xulrunner", 
    value = 0x804e0c0 "true"}}
Comment 3 Steven Usdansky 2008-07-17 15:47:40 UTC 
I'm seeing this a lot - it just locks up on me apparently for no reason; most 
recently when I tried to add my infor to this bugzilla (now using Opera). 
Started session in a terminal window and got the following:

~$ firefox
*** glibc detected *** /usr/lib/firefox-3.0/firefox: malloc(): memory 
corruption: 0x0af79f88 ***
======= Backtrace: =========
/lib/libc.so.6[0x963d16]
/lib/libc.so.6(__libc_malloc+0x95)[0x965465]
/usr/lib/libstdc++.so.6(_Znwj+0x27)[0x31e207]
/usr/lib/libhunspell-1.2.so.0(_ZN8Hunspell4initEPKcS1_S1_+0x54)[0x7154954]
/usr/lib/libhunspell-1.2.so.0(_ZN8HunspellC1EPKcS1_+0x33)[0x7154b93]
/usr/lib/xulrunner-1.9/libxul.so[0x3e7feb9]
/usr/lib/xulrunner-1.9/libxul.so[0x3e76887]
/usr/lib/xulrunner-1.9/libxul.so[0x3d6c43e]
/usr/lib/xulrunner-1.9/libxul.so[0x3d6d530]
/usr/lib/xulrunner-1.9/libxul.so[0x3e7b363]
/usr/lib/xulrunner-1.9/libxul.so[0x3afa1a1]
/usr/lib/xulrunner-1.9/libxul.so[0x3af2e92]
/usr/lib/xulrunner-1.9/libxul.so[0x388c0b3]
/usr/lib/xulrunner-1.9/libxul.so[0x37ee6ce]
/usr/lib/xulrunner-1.9/libxul.so[0x37e8a89]
/usr/lib/xulrunner-1.9/libxul.so[0x37e8ee9]
/usr/lib/xulrunner-1.9/libxul.so[0x37f3e59]
/usr/lib/xulrunner-1.9/libxul.so[0x381b1ec]
/usr/lib/xulrunner-1.9/libxul.so[0x397b22d]
/usr/lib/xulrunner-1.9/libxul.so[0x393e95f]
/usr/lib/xulrunner-1.9/libxul.so[0x3a06581]
/usr/lib/xulrunner-1.9/libxul.so[0x3a06d4f]
/usr/lib/xulrunner-1.9/libxul.so[0x3a070a6]
/usr/lib/xulrunner-1.9/libxul.so[0x379f222]
/usr/lib/xulrunner-1.9/libxul.so[0x379f37a]
/usr/lib/xulrunner-1.9/libxul.so[0x379f666]
/usr/lib/xulrunner-1.9/libxul.so[0x37a0f45]
/usr/lib/xulrunner-1.9/libxul.so[0x37a2099]
/usr/lib/xulrunner-1.9/libxul.so[0x37a27b9]
/usr/lib/xulrunner-1.9/libxul.so[0x37a955a]
/usr/lib/xulrunner-1.9/libxul.so[0x37abbd3]
/usr/lib/xulrunner-1.9/libxul.so[0x37a97ee]
/usr/lib/xulrunner-1.9/libxul.so[0x37a9188]
/usr/lib/xulrunner-1.9/libxul.so[0x37ac8b4]
/usr/lib/xulrunner-1.9/libxul.so[0x3ebef92]
/usr/lib/xulrunner-1.9/libxul.so[0x3e8bf18]
/usr/lib/xulrunner-1.9/libxul.so[0x3e01770]
/usr/lib/xulrunner-1.9/libxul.so[0x3cb5718]
/usr/lib/xulrunner-1.9/libxul.so(XRE_main+0x1d04)[0x3683ea2]
/usr/lib/firefox-3.0/firefox(__gxx_personality_v0+0x511)[0x8049169]
/lib/libc.so.6(__libc_start_main+0xe5)[0x9085d5]
/usr/lib/firefox-3.0/firefox(__gxx_personality_v0+0x69)[0x8048cc1]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00111000-001a0000 r-xp 00000000 08:0e 120610     /usr/lib/libfreetype.so.6.3.17
001a0000-001a4000 rw-p 0008e000 08:0e 120610     /usr/lib/libfreetype.so.6.3.17
001a4000-001af000 r-xp 00000000 08:0e 378003     /lib/libnss_files-2.8.90.so
001af000-001b0000 r--p 0000a000 08:0e 378003     /lib/libnss_files-2.8.90.so
001b0000-001b1000 rw-p 0000b000 08:0e 378003     /lib/libnss_files-2.8.90.so
001b1000-001b3000 r-xp 00000000 08:0e 788830     /usr/lib/gconv/UTF-16.so
001b3000-001b4000 r--p 00002000 08:0e 788830     /usr/lib/gconv/UTF-16.so
001b4000-001b5000 rw-p 00003000 08:0e 788830     /usr/lib/gconv/UTF-16.so
001b5000-001b7000 r-xp 00000000 08:0e 116821     /usr/lib/libXss.so.1.0.0
001b7000-001b8000 rw-p 00001000 08:0e 116821     /usr/lib/libXss.so.1.0.0
001bd000-001ea000 r-xp 00000000 08:0e 119869     /usr/lib/libgssapi_krb5.so.2.2
001ea000-001ec000 rw-p 0002d000 08:0e 119869     /usr/lib/libgssapi_krb5.so.2.2
001f2000-0020c000 r-xp 00000000 08:0e 377125     /lib/libselinux.so.1
0020c000-0020d000 r--p 00019000 08:0e 377125     /lib/libselinux.so.1
0020d000-0020e000 rw-p 0001a000 08:0e 377125     /lib/libselinux.so.1
00210000-00251000 r-xp 00000000 08:0e 379745     /lib/libgobject-2.0.so.0.1703.0
00251000-00252000 rw-p 00041000 08:0e 379745     /lib/libgobject-2.0.so.0.1703.0
00252000-00261000 r-xp 00000000 08:0e 235748     /usr/lib/firefox-3.0/
components/libbrowserdirprovider.so
00261000-00262000 rw-p 0000e000 08:0e 235748     /usr/lib/firefox-3.0/
components/libbrowserdirprovider.so
00263000-0034a000 r-xp 00000000 08:0e 116930     /usr/lib/libstdc++.so.6.0.10
0034a000-0034e000 r--p 000e6000 08:0e 116930     /usr/lib/libstdc++.so.6.0.10
0034e000-00350000 rw-p 000ea000 08:0e 116930     /usr/lib/libstdc++.so.6.0.10
00350000-00355000 rw-p 00350000 00:00 0 
00355000-0035e000 r-xp 00000000 08:0e 119791     /usr/lib/xulrunner-1.9/
components/libdbusservice.so
0035e000-0035f000 rw-p 00009000 08:0e 119791     /usr/lib/xulrunner-1.9/
components/libdbusservice.so
0035f000-0036b000 r-xp 00000000 08:0e 235749     /usr/lib/firefox-3.0/
components/libnkgnomevfs.so
0036b000-0036c000 rw-p 0000c000 08:0e 235749     /usr/lib/firefox-3.0/
components/libnkgnomevfs.so
0036c000-003cc000 r-xp 00000000 08:0e 118026     /usr/lib/
libgnomevfs-2.so.0.2200.0
003cc000-003cf000 rw-p 00060000 08:0e 118026     /usr/lib/
libgnomevfs-2.so.0.2200.0
003d1000-003e5000 r-xp 00000000 08:0e 120731     /usr/lib/libbonobo-
activation.so.4.0.0
003e5000-003e7000 rw-p 00014000 08:0e 120731     /usr/lib/libbonobo-
activation.so.4.0.0
003e9000-003fc000 r-xp 00000000 08:0e 120950     /usr/lib/libXft.so.2.1.2
003fc000-003fd000 rw-p 00012000 08:0e 120950     /usr/lib/libXft.so.2.1.2
003ff000-004e0000 r-xp 00000000 08:0e 378459     /lib/libglib-2.0.so.0.1703.0
004e0000-004e1000 rw-p 000e1000 08:0e 378459     /lib/libglib-2.0.so.0.1703.0
004e3000-0050c000 r-xp 00000000 08:0e 120566     /usr/lib/
libpangoft2-1.0.so.0.2101.2
0050c000-0050d000 rw-p 00029000 08:0e 120566     /usr/lib/
libpangoft2-1.0.so.0.2101.2
0050f000-0052a000 r-xp 00000000 08:0e 120609     /usr/lib/libatk-1.0.so.0.2209.1
0052a000-0052c000 rw-p 0001a000 08:0e 120609     /usr/lib/libatk-1.0.so.0.2209.1
0052e000-00543000 r-xp 00000000 08:0e 120700     /usr/lib/libgnome-2.so.0.2303.1
00543000-00544000 rw-p 00014000 08:0e 120700     /usr/lib/li/usr/lib/
firefox-3.0/run-mozilla.sh: line 131: 26878 Killed                  "$prog" 
${1+"$@"}
~$
Comment 4 Matěj Cepl 2008-07-17 16:51:08 UTC 

*** This bug has been marked as a duplicate of 447444 ***