Bug 546155
Summary: | [abrt] crash detected in firefox, PackageKit-plugin, [@ run_length_encode_types_utf8] | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ole Sandum <ole> | ||||
Component: | firefox | Assignee: | Martin Stransky <stransky> | ||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 12 | CC: | alex, a.schapira, bifrost, campbecg, cpanceac, dandreadante, dfurniss, eblix08, fett, gecko-bugs-nobody, ian.springer, info, jhauva, joseph490, kubiznakpetr, maximumhax, merlinmails, mothlight, nerses73, pantelis.fedora, stransky, tadej.j, tears_of_time, thomas.hilaire, ursus.kirk, vox, yates | ||||
Target Milestone: | --- | Keywords: | Triaged | ||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | abrt_hash:9ec550406a9c6cab5a0f102e408cc869e47deb8e | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-12-04 01:52:18 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ole Sandum
2009-12-10 08:33:42 UTC
Created attachment 377400 [details]
File: backtrace
Any reproduction steps? Browsing the URL mentioned in 542568 provokes the crash: http://people.freedesktop.org/~hughsient/temp/test.html Which plug-ins do you have installed? Copied from my about:plugins: nswrapper_32_32.libvlcplugin.so nswrapper_32_32.libflashplayer.so packagekit-plugin.so (the one being exercised by the above link) libtotem-cone-plugin.so libtotem-gmp-plugin.so libtotem-mully-plugin.so libtotem-narrowspace-plugin.so IcedTeaPlugin.so gecko-mediaplayer-dvx.so gecko-mediaplayer-qt.so gecko-mediaplayer-rm.so gecko-mediaplayer-wmp.so gecko-mediaplayer.so librhythmbox-itms-detection-plugin.so #3 <signal handler called> No symbol table info available. #4 0x004db416 in __kernel_vsyscall () No symbol table info available. #5 0x005dfa81 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = <value optimized out> resultvar = <value optimized out> pid = 7495668 selftid = 5268 #6 0x005e134a in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = {0 <repeats 16 times>, 1, 7497127, 3214557892, 6814148, 1, 6416756, 2, 7497127, 1, 7497056, 4294967295, 5898718, 7497056, 7497127, 3214557936, 6415727}}, sa_flags = 7497056, sa_restorer = 0x7265a7 <_IO_2_1_stderr_+71>} sigs = {__val = {32, 0 <repeats 31 times>}} #7 0x00ca79ff in __gnu_cxx::__verbose_terminate_handler () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:93 terminating = true t = <value optimized out> #8 0x00ca56f6 in __cxxabiv1::__terminate (handler=<value optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:38 No locals. #9 0x00ca5733 in std::terminate () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:48 No locals. #10 0x00ca5872 in __cxxabiv1::__cxa_throw (obj=<value optimized out>, tinfo=<value optimized out>, dest=<value optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:83 header = <value optimized out> #11 0x00ca5f07 in operator new (sz=40) at ../../../../libstdc++-v3/libsupc++/new_op.cc:58 handler = <value optimized out> p = <value optimized out> -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Setting to triaged and assigning to Martin. Please update if this is incorrect. This bug has been triaged -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers *** Bug 554794 has been marked as a duplicate of this bug. *** *** Bug 570983 has been marked as a duplicate of this bug. *** *** Bug 570558 has been marked as a duplicate of this bug. *** *** Bug 570706 has been marked as a duplicate of this bug. *** *** Bug 572365 has been marked as a duplicate of this bug. *** *** Bug 571807 has been marked as a duplicate of this bug. *** Cool, I can reproduce the crash at http://people.freedesktop.org/~hughsient/temp/test.html It's a crash in PackageKit mozilla plugin: #0 0x00007ffff6bf26c5 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff6bf3ea5 in abort () at abort.c:92 #2 0x00007ffff209740a in IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fffffff8090) at gmessages.c:549 #3 0x00007ffff20974a3 in IA__g_log (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>) at gmessages.c:569 #4 0x00007ffff209592c in IA__g_malloc (n_bytes=48) at gmem.c:135 #5 0x00007ffff20aabaa in IA__g_slice_alloc (mem_size=48) at gslice.c:824 #6 0x00007ffff20aaeb6 in IA__g_slice_alloc0 (mem_size=48) at gslice.c:833 #7 0x00007ffff1c0b924 in run_length_encode_types_utf8 (str=<value optimized out>, bytelen=<value optimized out>, pbase_dir=<value optimized out>) at fribidi.c:121 #8 fribidi_analyse_string_utf8 (str=<value optimized out>, bytelen=<value optimized out>, pbase_dir=<value optimized out>) at fribidi.c:493 #9 _pango_fribidi_log2vis_get_embedding_levels_new_utf8 (str=<value optimized out>, bytelen=<value optimized out>, pbase_dir=<value optimized out>) at fribidi.c:924 #10 0x00007ffff1bf68f4 in pango_log2vis_get_embedding_levels (text= 0x7fffcfc24f10 "Install FSpot now\nVersion: 0.6.1.5-2.fc12", length=<value optimized out>, pbase_dir=0x7fffffff835c) at pango-bidi-type.c:134 #11 0x00007ffff1bf7494 in itemize_state_init (state=0x7fffffff83e0, context=0x7fffcf50f4c0 [PangoContext], text=<value optimized out>, base_dir=PANGO_DIRECTION_LTR, start_index=0, length=<value optimized out>, attrs=<value optimized out>, cached_iter=<value optimized out>, desc=<value optimized out>) at pango-context.c:856 #12 0x00007ffff1bf8793 in pango_itemize_with_base_dir (context=0x352e, base_dir=4294967295, text=<value optimized out>, start_index=-135475136, length=13614, attrs=<value optimized out>, cached_iter=<value optimized out>) at pango-context.c:1523 #13 0x00007ffff1c00638 in pango_layout_check_lines (layout=<value optimized out>) at pango-layout.c:3818 #14 0x00007ffff1c019a9 in pango_layout_get_extents_internal (layout=0x7fffce14e2f0 [PangoLayout], ink_rect=0x7fffffff8cd0, logical_rect=<value optimized out>, line_extents=0x0) at pango-layout.c:2431 #15 0x00007ffff1c0356e in pango_layout_get_pixel_extents (layout=0x7fffce14e2f0 [PangoLayout], ink_rect=0x7fffffff8cd0, logical_rect=0x0) at pango-layout.c:2635 #16 0x00007fffcddfbd3e in pk_plugin_install_draw (plugin=<value optimized out>, cr=0x7fffcfcbc400) at pk-plugin-install.c:765 #17 0x00007fffcddfcb13 in pk_main_draw_window (plugin=0x7fffceaf0fa0 [PkPluginInstall]) at pk-main.c:296 #18 0x00007ffff2345a8e in IA__g_closure_invoke (closure=0x7fffd1a1ffd0, return_value=0x0, n_param_values=1, param_values= 0x7fffcfc252e0, invocation_hint=0x7fffffff8eb0) at gclosure.c:767 #19 0x00007ffff235aec3 in signal_emit_unlocked_R (node=<value optimized out>, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #20 0x00007ffff235c259 in IA__g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fffffff90a0) at gsignal.c:2980 #21 0x00007ffff235c7a3 in IA__g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, ---Type <return> to continue, or q <return> to quit--- detail=<value optimized out>) at gsignal.c:3037 #22 0x00007fffcddf992e in pk_plugin_request_refresh (plugin=0x7fffceaf0fa0 [PkPluginInstall]) at pk-plugin.c:237 #23 0x00007fffcddfb42c in pk_plugin_install_finished_cb (object=0x7fffce14e5b0 [PkResults], res=<value optimized out>, self= 0x7fffceaf0fa0 [PkPluginInstall]) at pk-plugin-install.c:306 #24 0x00007ffff0ef45d9 in complete_in_idle_cb (data=<value optimized out>) at gsimpleasyncresult.c:598 #25 0x00007ffff208d20e in g_main_dispatch (context=0x7ffff68596d0) at gmain.c:1960 #26 IA__g_main_context_dispatch (context=0x7ffff68596d0) at gmain.c:2513 #27 0x00007ffff2090bf8 in g_main_context_iterate (context=0x7ffff68596d0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591 #28 0x00007ffff2090d1a in IA__g_main_context_iteration (context=0x7ffff68596d0, may_block=1) at gmain.c:2654 #29 0x00007ffff554dc4b in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #30 0x00007ffff554ddb1 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #31 0x00007ffff55fb6c6 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #32 0x00007ffff55cef3d in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #33 0x00007ffff554de9d in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #34 0x00007ffff5411854 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so #35 0x00007ffff4daa0a2 in XRE_main () from /usr/lib64/xulrunner-1.9.1/libxul.so #36 0x0000000000402616 in mmap () at ../sysdeps/unix/syscall-template.S:82 #37 0x00007ffff6bdeb1d in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=<value optimized out>) at libc-start.c:226 #38 0x0000000000401e29 in mmap () at ../sysdeps/unix/syscall-template.S:82 #39 0x00007fffffffde78 in ?? () #40 0x000000000000001c in ?? () #41 0x0000000000000001 in ?? () #42 0x00007fffffffe1ee in ?? () #43 0x0000000000000000 in ?? () From console: GLib-ERROR **: gmem.c:136: failed to allocate 48 bytes aborting... I wonder how is that possible? 142 gpointer 143 g_malloc0 (gsize n_bytes) 144 { 145 if (G_UNLIKELY (!g_mem_initialized)) 146 g_mem_init_nomessage(); 147 if (G_LIKELY (n_bytes)) 148 { 149 gpointer mem; 150 (gdb) 151 mem = glib_mem_vtable.calloc (1, n_bytes); 152 if (mem) 153 return mem; 154 155 g_error ("%s: failed to allocate %"G_GSIZE_FORMAT" bytes", 156 G_STRLOC, n_bytes); 157 } 158 159 return NULL; 160 } (gdb) p n_bytes $3 = 48 Got another crashes from different parts of firefox but all are from malloc...it looks like the packagekit plugin breaks memory allocations somehow... *** Bug 577446 has been marked as a duplicate of this bug. *** *** Bug 579367 has been marked as a duplicate of this bug. *** *** Bug 579260 has been marked as a duplicate of this bug. *** *** Bug 592015 has been marked as a duplicate of this bug. *** *** Bug 588265 has been marked as a duplicate of this bug. *** *** Bug 586086 has been marked as a duplicate of this bug. *** *** Bug 585742 has been marked as a duplicate of this bug. *** *** Bug 585669 has been marked as a duplicate of this bug. *** *** Bug 585219 has been marked as a duplicate of this bug. *** *** Bug 575966 has been marked as a duplicate of this bug. *** *** Bug 578139 has been marked as a duplicate of this bug. *** *** Bug 584244 has been marked as a duplicate of this bug. *** *** Bug 592690 has been marked as a duplicate of this bug. *** *** Bug 593869 has been marked as a duplicate of this bug. *** *** Bug 598178 has been marked as a duplicate of this bug. *** *** Bug 601178 has been marked as a duplicate of this bug. *** *** Bug 602466 has been marked as a duplicate of this bug. *** *** Bug 603334 has been marked as a duplicate of this bug. *** This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping The bug persists still in Fedora 13 (just reported Bug 649672) Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. |