Bug 477232
Summary: | Crashes (not only) on the print dialog (nsAutoptr) | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Kratochvil <jan.kratochvil> | ||||||||||||
Component: | firefox | Assignee: | Martin Stransky <stransky> | ||||||||||||
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||
Severity: | high | Docs Contact: | |||||||||||||
Priority: | medium | ||||||||||||||
Version: | 10 | CC: | gecko-bugs-nobody, mcepl, stransky, walters | ||||||||||||
Target Milestone: | --- | Keywords: | Reopened | ||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | x86_64 | ||||||||||||||
OS: | Linux | ||||||||||||||
URL: | http://zpravy.idnes.cz/tiskni.asp?r=krimi&c=A081219_131955_krimi_itu | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2009-03-31 13:58:57 UTC | Type: | --- | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Description
Jan Kratochvil
2008-12-19 18:54:59 UTC
Created attachment 327554 [details]
Backtrace from crashed firefox
I was quite surprised how easy it was to reproduce this -- first attempt: click on the first article on the homepage of idnes.cz ("Dana Matulková won StarDance III" -- really important piece of news ;-), click on print button, and although the print dialog window starts to draw, it never draws completely, kernel load goes through the roof (something between 7 and 10), and firefox crashes.
Created attachment 327575 [details]
Another one, similiar content.
Created attachment 327597 [details]
Verified on firefox-3.0.5-1.fc10.x86_64.
firefox-3.0.5-1.fc10.x86_64
xulrunner-1.9.0.5-1.fc10.x86_64
Created attachment 327602 [details]
another backtrace of the reproduction
Actually this one is even more interesting. I have a Greasemonkey script for fixing all those silly bugzilla attachments MIME types "application/octet-stream" (it changes the MIME type to "text/plain") and when trying to add "text/x-log" as another MIME type which needs to be removed, I made a mistake in Javascript of the function which is run inside of array.filter method.
function isOctetStream(element, index, array) {
var inArray = ["application/octet-stream","text/x-log"];
return(inArray.indexOf(element) != -1);
// the previous line should read -- see missing indexing of the array
// return(inArray.indexOf(element[2]) != -1);
}
...
var badAttachments = getAttachments(aTable).filter(isOctetStream);
When running this script on bugzilla, firefox constantly crashed with the attached backtrace. When I fixed the script, the bug is gone.
So, it looks to me like firefox (yes, I have firefox-3.0.5-1.fc10.i386 as well) doesn't recover well from Javascript bugs and crashes.
We filed this bug in the upstream database (https://bugzilla.mozilla.org/show_bug.cgi?id=470789) and believe that it is more appropriate to let it be resolved upstream. Red Hat will continue to track the issue in the centralized upstream bug tracker, and will review any bug fixes that become available for consideration in future updates. Thank you for the bug report. Reproducer cookbook: Open http://zpravy.idnes.cz/archiv.asp . Open each of the articles there into a new tab, open 10-20 tabs at once this way into the same window. Then click on "Print" ("Tisk") in each of the tabs. If Firefox survives close the whole window and start again. On the 2nd or 3rd window it will crash. Reproduced now on updated F10, firefox-3.0.8-1.fc10.x86_64. Okay, taking this one. On ftp://ftp.mozilla.org/pub/firefox/releases/3.1b3/linux-i686/en-US/firefox-3.1b3.tar.bz2 it is unreproducible for me in Fedora 10 i686 in qemu-kvm -smp 1. Forgot in the reproducer cookbook above I also use for Firefox: export MALLOC_CHECK_=3 (I did not try if is required for the reproducibility on native F10 Firefox.) Hm, it's really strange. I tried to reproduce it with 3.0.8, 3.1b3, both i386 & x86_64 but all works for me... Let's hope it's fixed in the upcoming 3.5 release. FYI on full F11.x86_64 it is no longer reproducible for me. (firefox-3.5-0.20.beta4.fc11.x86_64 if it was not caused by some of the .so's) yes, I see the patch in 3.1 line - https://bugzilla.mozilla.org/show_bug.cgi?id=451341 So upgrade to f11 will resolve this issue. FYI https://bugzilla.mozilla.org/show_bug.cgi?id=451341 gives to mortals: You are not authorized to access bug #451341. But I believe. I see. Anyway mozilla BZ claims it should be fixed in upcoming firefox 3.0.11 so you can easily test it in ~ month ;-) |