Bug 604678
| Summary: | [spice] spice-xpi crash (seg fault) on rhel 6 which causes firefox to crash | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Haim <hateya> |
| Component: | spice-xpi | Assignee: | Yuval Kashtan <ykashtan> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Desktop QE <desktop-qa-list> |
| Severity: | urgent | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.1 | CC: | bazulay, caillon, danken, hateya, iheim, jrb, lkocman, mgoldboi, stransky, uril, vbenes, yeylon, ykaul |
| Target Milestone: | rc | Keywords: | Regression, TestBlocker |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | spice-xpi-2.3-0.4.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-11-10 21:39:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
nspluginwrapper-1.3.0-12.el6.x86_64 export IGNORE_WRAP="libtotem*:libjavaplugin*:gecko-mediaplayer*:mplayerplug in*:librhythmbox*:packagekit*:libnsISpicec*" It's because a missing NULL pointer check in nsPluginInstance::~nsPluginInstance(). It should be:
nsPluginInstance::~nsPluginInstance()
{
// mScriptablePeer may be also held by the browser
// so releasing it here does not guarantee that it is over
// we should take precaution in case it will be called later
// and zero its mPlugin member
if(mScriptablePeer) {
mScriptablePeer->SetInstance(NULL);
NS_IF_RELEASE(mScriptablePeer);
}
}
Note: The fix is already included in RHEL5 package, spice-xpi-2.2-1.el5. Verified on: spice-xpi-2.4-1.el6.x86_64 spice-client-0.4.2-18.el6.x86_64 kernel-2.6.32-70.el6.x86_64 firefox-3.6.9-1.el6.x86_64 nspluginwrapper-1.3.0-14.el6.x86_64 nspluginwrapper-1.3.0-14.el6.i686 No issues with launching spicec from user portal. Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |
Description of problem: trying to launch spice using firefox from user portal results with firefox crashes on segfualt coming from spice-xpi on nsScriptablePeer::SetInstance (this=0x0, plugin=0x0 segfualt is: ived signal SIGSEGV, Segmentation fault. nsScriptablePeer::SetInstance (this=0x0, plugin=0x0) at nsScriptablePeer.cpp:112 112 mPlugin = plugin; from investigating further, it looks like firefox in its current version which is 3.6.4 is no longer supports scrip-table plug-ins, which is a problem to us as spice-xpi is one. meaning need to perform some code changes. repro steps: 1) browse to user portal 2) try to launch spice on particular vm 3) firefox crash package list: spice-client-0.4.2-11.el6.x86_64 spice-xpi-2.3-0.2.el6.x86_64 2.6.32-33.el6.x86_64 firefox-3.6.4-7.el6.x86_64 attached with gdb to firefox so you can see the stack trace below ived signal SIGSEGV, Segmentation fault. nsScriptablePeer::SetInstance (this=0x0, plugin=0x0) at nsScriptablePeer.cpp:112 112 mPlugin = plugin; (gdb) bt #0 nsScriptablePeer::SetInstance (this=0x0, plugin=0x0) at nsScriptablePeer.cpp:112 #1 0x00007f98140f30f5 in nsPluginInstance::~nsPluginInstance (this= 0x7f9814766000, __in_chrg=<value optimized out>) at plugin.cpp:199 #2 0x00007f98140f31a9 in nsPluginInstance::~nsPluginInstance (this= 0x7f9814766000, __in_chrg=<value optimized out>) at plugin.cpp:201 #3 0x00007f98140f1d16 in NPP_Destroy (instance=<value optimized out>, save=<value optimized out>) at npp_gate.cpp:87 #4 0x00007f9830b34e73 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #5 0x00007f98305d88a9 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #6 0x00007f98305d8a39 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #7 0x00007f9830d42927 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #8 0x00007f9830d14231 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #9 0x00007f9830c956f6 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #10 0x00007f9830ce6e34 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #11 0x00007f9830c0bbc5 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #12 0x00007f9830acb2d0 in ?? () from /usr/lib64/xulrunner-1.9.2/libxul.so #13 0x00007f98303e4b99 in XRE_main () from /usr/lib64/xulrunner-1.9.2/libxul.so #14 0x00000000004026e8 in ?? () #15 0x0000003c0761ec5d in __libc_start_main (main=0x401f86, argc=1, ubp_av= 0x7fffcad516d8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffcad516c8) at libc-start.c:226 ---Type <return> to continue, or q <return> to quit--- #16 0x0000000000401e29 in ?? () #17 0x00007fffcad516c8 in ?? () #18 0x000000000000001c in ?? () #19 0x0000000000000001 in ?? () #20 0x00007fffcad5342c in ?? () #21 0x0000000000000000 in ?? () (gdb) l nsScriptablePeer.cpp the class nsScriptablePeer does not have any method named cpp Hint: try 'nsScriptablePeer.cpp<TAB> or 'nsScriptablePeer.cpp<ESC-?> (Note leading single quote.) (gdb) l nsS Display all 170 possibilities? (y or n) (gdb) l nsScriptablePeer::SetInstance(nsPluginInstance*) 107 return NS_NOINTERFACE; 108 } 109 110 void nsScriptablePeer::SetInstance(nsPluginInstance* plugin) 111 { 112 mPlugin = plugin; 113 } 114 115 // 116 // the following methods will be callable from JavaScript (gdb) q A debugging session is active. Inferior 1 [process 5104] will be detached. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: