Bug 546155

Summary: [abrt] crash detected in firefox, PackageKit-plugin, [@ run_length_encode_types_utf8]
Product: [Fedora] Fedora Reporter: Ole Sandum <ole>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: alex, a.schapira, bifrost, campbecg, cpanceac, dandreadante, dfurniss, eblix08, fett, gecko-bugs-nobody, ian.springer, info, jhauva, joseph490, kubiznakpetr, maximumhax, merlinmails, mothlight, nerses73, pantelis.fedora, stransky, tadej.j, tears_of_time, thomas.hilaire, ursus.kirk, vox, yates
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard: abrt_hash:9ec550406a9c6cab5a0f102e408cc869e47deb8e
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-04 01:52:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Ole Sandum 2009-12-10 08:33:42 UTC 
abrt 1.0.0 detected a crash.

How to reproduce: https://bugzilla.redhat.com/show_bug.cgi?id=542568
Comment: https://bugzilla.redhat.com/show_bug.cgi?id=542568
Attached file: backtrace
cmdline: /usr/lib/firefox-3.5.5/firefox
component: firefox
executable: /usr/lib/firefox-3.5.5/firefox
kernel: 2.6.31.6-162.fc12.i686
package: firefox-3.5.5-1.fc12
rating: 4
reason: Process was terminated by signal 6
Comment 1 Ole Sandum 2009-12-10 08:33:46 UTC 
Created attachment 377400 [details]
File: backtrace
Comment 2 Martin Stransky 2009-12-10 08:48:52 UTC 
Any reproduction steps?
Comment 3 Ole Sandum 2009-12-10 09:05:13 UTC 
Browsing the URL mentioned in 542568 provokes the crash:

http://people.freedesktop.org/~hughsient/temp/test.html
Comment 4 Martin Stransky 2009-12-10 09:21:01 UTC 
Which plug-ins do you have installed?
Comment 5 Ole Sandum 2009-12-10 09:45:19 UTC 
Copied from my about:plugins:

nswrapper_32_32.libvlcplugin.so
nswrapper_32_32.libflashplayer.so
packagekit-plugin.so  (the one being exercised by the above link)
libtotem-cone-plugin.so
libtotem-gmp-plugin.so
libtotem-mully-plugin.so
libtotem-narrowspace-plugin.so
IcedTeaPlugin.so
gecko-mediaplayer-dvx.so
gecko-mediaplayer-qt.so
gecko-mediaplayer-rm.so
gecko-mediaplayer-wmp.so
gecko-mediaplayer.so
librhythmbox-itms-detection-plugin.so
Comment 6 Chris Campbell 2009-12-16 01:51:38 UTC 
#3  <signal handler called>
No symbol table info available.
#4  0x004db416 in __kernel_vsyscall ()
No symbol table info available.
#5  0x005dfa81 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimized out>
        resultvar = <value optimized out>
        pid = 7495668
        selftid = 5268
#6  0x005e134a in abort () at abort.c:92
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, 
          sa_mask = {__val = {0 <repeats 16 times>, 1, 7497127, 3214557892, 
    6814148, 1, 6416756, 2, 7497127, 1, 7497056, 4294967295, 5898718, 
    7497056, 7497127, 3214557936, 6415727}}, sa_flags = 7497056, 
          sa_restorer = 0x7265a7 <_IO_2_1_stderr_+71>}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#7  0x00ca79ff in __gnu_cxx::__verbose_terminate_handler ()
    at ../../../../libstdc++-v3/libsupc++/vterminate.cc:93
        terminating = true
        t = <value optimized out>
#8  0x00ca56f6 in __cxxabiv1::__terminate (handler=<value optimized out>)
    at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:38
No locals.
#9  0x00ca5733 in std::terminate ()
    at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:48
No locals.
#10 0x00ca5872 in __cxxabiv1::__cxa_throw (obj=<value optimized out>, 
    tinfo=<value optimized out>, dest=<value optimized out>)
    at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:83
        header = <value optimized out>
#11 0x00ca5f07 in operator new (sz=40)
    at ../../../../libstdc++-v3/libsupc++/new_op.cc:58
        handler = <value optimized out>
        p = <value optimized out>


-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 7 Chris Campbell 2009-12-16 01:52:52 UTC 
Setting to triaged and assigning to Martin. Please update if this is incorrect.

This bug has been triaged

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 8 Chris Campbell 2010-01-12 23:24:24 UTC 
*** Bug 554794 has been marked as a duplicate of this bug. ***
Comment 9 Chris Campbell 2010-03-06 20:56:21 UTC 
*** Bug 570983 has been marked as a duplicate of this bug. ***
Comment 10 Chris Campbell 2010-03-07 14:40:25 UTC 
*** Bug 570558 has been marked as a duplicate of this bug. ***
Comment 11 Chris Campbell 2010-03-08 18:58:12 UTC 
*** Bug 570706 has been marked as a duplicate of this bug. ***
Comment 12 Chris Campbell 2010-03-12 01:32:29 UTC 
*** Bug 572365 has been marked as a duplicate of this bug. ***
Comment 13 Chris Campbell 2010-03-12 01:40:40 UTC 
*** Bug 571807 has been marked as a duplicate of this bug. ***
Comment 14 Martin Stransky 2010-03-19 14:47:52 UTC 
Cool, I can reproduce the crash at http://people.freedesktop.org/~hughsient/temp/test.html
Comment 15 Martin Stransky 2010-03-19 14:58:26 UTC 
It's a crash in PackageKit mozilla plugin:

#0  0x00007ffff6bf26c5 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff6bf3ea5 in abort () at abort.c:92
#2  0x00007ffff209740a in IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>,
    format=<value optimized out>, args1=0x7fffffff8090) at gmessages.c:549
#3  0x00007ffff20974a3 in IA__g_log (log_domain=<value optimized out>, log_level=<value optimized out>,
    format=<value optimized out>) at gmessages.c:569
#4  0x00007ffff209592c in IA__g_malloc (n_bytes=48) at gmem.c:135
#5  0x00007ffff20aabaa in IA__g_slice_alloc (mem_size=48) at gslice.c:824
#6  0x00007ffff20aaeb6 in IA__g_slice_alloc0 (mem_size=48) at gslice.c:833
#7  0x00007ffff1c0b924 in run_length_encode_types_utf8 (str=<value optimized out>, bytelen=<value optimized out>,
    pbase_dir=<value optimized out>) at fribidi.c:121
#8  fribidi_analyse_string_utf8 (str=<value optimized out>, bytelen=<value optimized out>, pbase_dir=<value optimized out>)
    at fribidi.c:493
#9  _pango_fribidi_log2vis_get_embedding_levels_new_utf8 (str=<value optimized out>, bytelen=<value optimized out>,
    pbase_dir=<value optimized out>) at fribidi.c:924
#10 0x00007ffff1bf68f4 in pango_log2vis_get_embedding_levels (text=
    0x7fffcfc24f10 "Install FSpot now\nVersion: 0.6.1.5-2.fc12", length=<value optimized out>, pbase_dir=0x7fffffff835c)
    at pango-bidi-type.c:134
#11 0x00007ffff1bf7494 in itemize_state_init (state=0x7fffffff83e0, context=0x7fffcf50f4c0 [PangoContext],
    text=<value optimized out>, base_dir=PANGO_DIRECTION_LTR, start_index=0, length=<value optimized out>,
    attrs=<value optimized out>, cached_iter=<value optimized out>, desc=<value optimized out>) at pango-context.c:856
#12 0x00007ffff1bf8793 in pango_itemize_with_base_dir (context=0x352e, base_dir=4294967295, text=<value optimized out>,
    start_index=-135475136, length=13614, attrs=<value optimized out>, cached_iter=<value optimized out>)
    at pango-context.c:1523
#13 0x00007ffff1c00638 in pango_layout_check_lines (layout=<value optimized out>) at pango-layout.c:3818
#14 0x00007ffff1c019a9 in pango_layout_get_extents_internal (layout=0x7fffce14e2f0 [PangoLayout], ink_rect=0x7fffffff8cd0,
    logical_rect=<value optimized out>, line_extents=0x0) at pango-layout.c:2431
#15 0x00007ffff1c0356e in pango_layout_get_pixel_extents (layout=0x7fffce14e2f0 [PangoLayout], ink_rect=0x7fffffff8cd0,
    logical_rect=0x0) at pango-layout.c:2635
#16 0x00007fffcddfbd3e in pk_plugin_install_draw (plugin=<value optimized out>, cr=0x7fffcfcbc400) at pk-plugin-install.c:765
#17 0x00007fffcddfcb13 in pk_main_draw_window (plugin=0x7fffceaf0fa0 [PkPluginInstall]) at pk-main.c:296
#18 0x00007ffff2345a8e in IA__g_closure_invoke (closure=0x7fffd1a1ffd0, return_value=0x0, n_param_values=1, param_values=
    0x7fffcfc252e0, invocation_hint=0x7fffffff8eb0) at gclosure.c:767
#19 0x00007ffff235aec3 in signal_emit_unlocked_R (node=<value optimized out>, detail=<value optimized out>, 
    instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>)
    at gsignal.c:3247
#20 0x00007ffff235c259 in IA__g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, 
    detail=<value optimized out>, var_args=0x7fffffff90a0) at gsignal.c:2980
#21 0x00007ffff235c7a3 in IA__g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, 
---Type <return> to continue, or q <return> to quit---
    detail=<value optimized out>) at gsignal.c:3037
#22 0x00007fffcddf992e in pk_plugin_request_refresh (plugin=0x7fffceaf0fa0 [PkPluginInstall]) at pk-plugin.c:237
#23 0x00007fffcddfb42c in pk_plugin_install_finished_cb (object=0x7fffce14e5b0 [PkResults], res=<value optimized out>, self=
    0x7fffceaf0fa0 [PkPluginInstall]) at pk-plugin-install.c:306
#24 0x00007ffff0ef45d9 in complete_in_idle_cb (data=<value optimized out>) at gsimpleasyncresult.c:598
#25 0x00007ffff208d20e in g_main_dispatch (context=0x7ffff68596d0) at gmain.c:1960
#26 IA__g_main_context_dispatch (context=0x7ffff68596d0) at gmain.c:2513
#27 0x00007ffff2090bf8 in g_main_context_iterate (context=0x7ffff68596d0, block=<value optimized out>,
    dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591
#28 0x00007ffff2090d1a in IA__g_main_context_iteration (context=0x7ffff68596d0, may_block=1) at gmain.c:2654
#29 0x00007ffff554dc4b in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#30 0x00007ffff554ddb1 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#31 0x00007ffff55fb6c6 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#32 0x00007ffff55cef3d in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#33 0x00007ffff554de9d in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#34 0x00007ffff5411854 in ?? () from /usr/lib64/xulrunner-1.9.1/libxul.so
#35 0x00007ffff4daa0a2 in XRE_main () from /usr/lib64/xulrunner-1.9.1/libxul.so
#36 0x0000000000402616 in mmap () at ../sysdeps/unix/syscall-template.S:82
#37 0x00007ffff6bdeb1d in __libc_start_main (main=<value optimized out>, argc=<value optimized out>,
    ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>,
    stack_end=<value optimized out>) at libc-start.c:226
#38 0x0000000000401e29 in mmap () at ../sysdeps/unix/syscall-template.S:82
#39 0x00007fffffffde78 in ?? ()
#40 0x000000000000001c in ?? ()
#41 0x0000000000000001 in ?? ()
#42 0x00007fffffffe1ee in ?? ()
#43 0x0000000000000000 in ?? ()
Comment 16 Martin Stransky 2010-03-19 15:22:41 UTC 
From console:

GLib-ERROR **: gmem.c:136: failed to allocate 48 bytes
aborting...

I wonder how is that possible?
Comment 17 Martin Stransky 2010-03-19 15:26:43 UTC 
142 gpointer
143 g_malloc0 (gsize n_bytes)
144 {
145   if (G_UNLIKELY (!g_mem_initialized))
146     g_mem_init_nomessage();
147   if (G_LIKELY (n_bytes))
148     {
149       gpointer mem;
150
(gdb)
151       mem = glib_mem_vtable.calloc (1, n_bytes);
152       if (mem)
153     return mem;
154
155       g_error ("%s: failed to allocate %"G_GSIZE_FORMAT" bytes",
156                G_STRLOC, n_bytes);
157     }
158
159   return NULL;
160 }
(gdb) p n_bytes
$3 = 48
Comment 18 Martin Stransky 2010-03-22 10:16:17 UTC 
Got another crashes from different parts of firefox but all are from malloc...it looks like the packagekit plugin breaks memory allocations somehow...
Comment 19 Chris Campbell 2010-03-27 16:35:36 UTC 
*** Bug 577446 has been marked as a duplicate of this bug. ***
Comment 20 Chris Campbell 2010-04-04 17:14:51 UTC 
*** Bug 579367 has been marked as a duplicate of this bug. ***
Comment 21 Chris Campbell 2010-04-04 17:50:39 UTC 
*** Bug 579260 has been marked as a duplicate of this bug. ***
Comment 22 Chris Campbell 2010-05-14 11:53:53 UTC 
*** Bug 592015 has been marked as a duplicate of this bug. ***
Comment 23 Chris Campbell 2010-05-14 11:54:21 UTC 
*** Bug 588265 has been marked as a duplicate of this bug. ***
Comment 24 Chris Campbell 2010-05-14 11:54:47 UTC 
*** Bug 586086 has been marked as a duplicate of this bug. ***
Comment 25 Chris Campbell 2010-05-14 11:55:02 UTC 
*** Bug 585742 has been marked as a duplicate of this bug. ***
Comment 26 Chris Campbell 2010-05-14 11:55:53 UTC 
*** Bug 585669 has been marked as a duplicate of this bug. ***
Comment 27 Chris Campbell 2010-05-14 11:56:46 UTC 
*** Bug 585219 has been marked as a duplicate of this bug. ***
Comment 28 Chris Campbell 2010-05-14 11:57:47 UTC 
*** Bug 575966 has been marked as a duplicate of this bug. ***
Comment 29 Chris Campbell 2010-05-14 11:58:03 UTC 
*** Bug 578139 has been marked as a duplicate of this bug. ***
Comment 30 Chris Campbell 2010-05-28 12:56:11 UTC 
*** Bug 584244 has been marked as a duplicate of this bug. ***
Comment 31 Chris Campbell 2010-06-12 22:57:03 UTC 
*** Bug 592690 has been marked as a duplicate of this bug. ***
Comment 32 Chris Campbell 2010-06-12 22:57:16 UTC 
*** Bug 593869 has been marked as a duplicate of this bug. ***
Comment 33 Chris Campbell 2010-06-12 22:57:29 UTC 
*** Bug 598178 has been marked as a duplicate of this bug. ***
Comment 34 Chris Campbell 2010-06-12 22:57:39 UTC 
*** Bug 601178 has been marked as a duplicate of this bug. ***
Comment 35 Chris Campbell 2010-06-12 22:57:52 UTC 
*** Bug 602466 has been marked as a duplicate of this bug. ***
Comment 36 Chris Campbell 2010-06-12 22:58:03 UTC 
*** Bug 603334 has been marked as a duplicate of this bug. ***
Comment 37 Bug Zapper 2010-11-04 03:44:20 UTC 
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 38 Ole Sandum 2010-11-04 09:12:09 UTC 
The bug persists still in Fedora 13 (just reported Bug 649672)
Comment 39 Bug Zapper 2010-12-04 01:52:18 UTC 
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.