RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1330898 - [ffmpeg-libs] enable ffmpeg versions > 54.35.1
Summary: [ffmpeg-libs] enable ffmpeg versions > 54.35.1
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: firefox
Version: 6.7
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Martin Stransky
QA Contact: Desktop QE
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard:
: 1349899 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-27 09:23 UTC by Götz Waschk
Modified: 2020-03-11 15:06 UTC (History)
15 users (show)

Fixed In Version: firefox-45.6.0-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-24 14:47:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1263665 0 P1 RESOLVED Blacklist or fix vulnerable/unsupported libav versions on Linux 2021-01-12 10:18:35 UTC

Description Götz Waschk 2016-04-27 09:23:31 UTC 
Description of problem:
Since the latest security update firefox keeps crashing.

Version-Release number of selected component (if applicable):
firefox-45.1.0-1.el6_7.x86_64

How reproducible:
very much so

Steps to Reproduce:
1. go to https://www.tumblr.com/dashboard while being logged in and scroll a bit
2.
3.

Actual results:
crash

Expected results:
no crash

Additional info:
one of several backtraces:
Program received signal SIGSEGV, Segmentation fault.
js::jit::EnterBaselineMethod (cx=0x7f595afeac00, state=...)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jit/BaselineJIT.cpp:178
178	    data.jitcode = baseline->method()->raw();
(gdb) bt full
#0  js::jit::EnterBaselineMethod (cx=0x7f595afeac00, state=...)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jit/BaselineJIT.cpp:178
        data = {jitcode = 0x5 <Address 0x5 out of bounds>, osrFrame = 
    0x7f594c69bd30, calleeToken = 0x5, maxArgv = 0x7f5983a10cca, maxArgc = 
    2015907840, numActualArgs = 32601, osrNumStackValues = 2747049856, 
          scopeChain = {<js::RootedBase<JSObject*>> = {<No data fields>}, 
            stack = 0x7f595afeac18, prev = 0x7ffea3bcafa0, ptr = 0x0}, 
          result = {<js::RootedBase<JS::Value>> = 
    {<js::MutableValueOperations<JS::Rooted<JS::Value> >> = 
    {<js::ValueOperations<JS::Rooted<JS::Value> >> = 
    {<No data fields>}, <No data fields>}, <No data fields>}, stack = 
    0x7f595afeac68, prev = 0x7ffea3bcab40, ptr = {data = {asBits = 
    18444773748872577024, debugView = {payload47 = 0, tag = 
    JSVAL_TAG_UNDEFINED}, s = {payload = {i32 = 0, u32 = 0, why = 
    JS_ELEMENTS_HOLE}}, asDouble = -nan(0x9000000000000), asPtr = 
    0xfff9000000000000, asWord = 18444773748872577024, asUIntPtr = 
    18444773748872577024}}}, constructing = 176}
        vals = {<JS::AutoVectorRooterBase<JS::Value>> = {<JS::AutoGCRooter> = {
              down = 0x7ffea3bca830, tag_ = 140022434028032, stackTop = 0x0}, 
            vector = {<js::TempAllocPolicy> = {cx_ = 0x7f5983691660}, 
              static kElemIsPod = false, static kMaxInlineBytes = 1024, 
              static kInlineCapacity = 8, static kInlineBytes = 64, mBegin = 
---Type <return> to continue, or q <return> to quit---
    0x0, mLength = 0, mCapacity = 140731645470960, mStorage = {u = {mBytes = 
    "\000\254\376ZY\177\000\000 \213\247KY\177\000\000\373\335p\203Y\177\000\000𨼣\376\177\000\000\000\254\376ZY\177\000\000\200\250\274\243\376\177\000\000\374ef\203Y\177\000\000P\254\376ZY\177\000", mDummy = 140021755456512}}, 
              static sMaxInlineStorage = <optimized out>}}, <No data fields>}
        status = <value optimized out>
#1  0x00007f59839833a4 in js::RunScript (cx=0x7f595afeac00, state=...)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/vm/Interpreter.cpp:381
        status = <value optimized out>
        status = <value optimized out>
        marker = {profiler = 0x7f5978288760, size_before = {<No data fields>}}
#2  0x00007f59839835ad in js::Invoke (cx=0x7f595afeac00, args=..., construct=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/vm/Interpreter.cpp:462
        gcIfRequested = {runtime = 0x7f5978285000}
        state = {<js::RunState> = {_vptr.RunState = 0x7f59858aa9b0, kind_ = 
    js::RunState::Invoke, script_ = {<js::RootedBase<JSScript*>> = 
    {<No data fields>}, stack = 0x7f595afeac50, prev = 0x7ffea3bcab00, ptr = 
    0x7f594ba78b20}}, args_ = @0x7ffea3bca970, initial_ = js::INITIAL_NONE, 
          createSingleton_ = false}
        ok = <value optimized out>
        initial = <error reading variable initial (Unhandled dwarf expression op---Type <return> to continue, or q <return> to quit---
code 0xf3)>
        skipForCallee = <value optimized out>
#3  0x00007f5983983e29 in js::Invoke (cx=0x7f595afeac00, thisv=..., fval=..., 
    argc=1, argv=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/vm/Interpreter.cpp:496
        args = {<js::detail::GenericInvokeArgs> = {<JS::CallArgs> = 
    {<JS::detail::CallArgsBase<(JS::detail::UsedRval)0>> = 
    {<JS::CallReceiver> = 
    {<JS::detail::CallReceiverBase<(JS::detail::UsedRval)0>> = 
    {<JS::detail::UsedRvalBase<(JS::detail::UsedRval)1>> = {<No data fields>}, 
                    argv_ = 0x7ffea3bca9c8}, <No data fields>}, argc_ = 1, 
                constructing_ = false}, <No data fields>}, v_ = 
    {<JS::AutoVectorRooterBase<JS::Value>> = {<JS::AutoGCRooter> = {down = 
    0x7ffea3bcac40, tag_ = -10, stackTop = 0x7f595afeac78}, vector = 
    {<js::TempAllocPolicy> = {cx_ = 0x7f595afeac00}, static kElemIsPod = 
    false, static kMaxInlineBytes = 1024, static kInlineCapacity = 8, 
                  static kInlineBytes = 64, mBegin = 0x7ffea3bca9b8, mLength = 
    3, mCapacity = 8, mStorage = {u = {mBytes = 
    "\220U\360tY\177\374\377\000\000\000\000\000\000\371\377 U\360tY\177\374\377P\251\274\243\376\177\000\000\220U\360tY\177\000\000\030\254\376ZY\177\000\000ȩ\274\243\376\177\000\000\000\000\000\000\000\000\000", mDummy = 
    18445758195993433488}}, 
---Type <return> to continue, or q <return> to quit---
                  static sMaxInlineStorage = <optimized out>}}, <No data fields>}}, <No data fields>}
#4  0x00007f598369425f in js::jit::DoCallFallback (cx=0x7f595afeac00, frame=
    0x7ffea3bcae78, stub_=0x7f596c2d3ac8, argc=1, vp=0x7ffea3bcae10, 
    res=<value optimized out>)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jit/BaselineIC.cpp:6162
        stub = {engine_ = js::jit::ICStubCompiler::Baseline, stub_ = 
    0x7f596c2d3ac8, frame_ = 0x7ffea3bcae78, pcOffset_ = 47}
        constructing = false
        vpRoot = {<JS::AutoGCRooter> = {down = 0x7ffea3bcb100, tag_ = 3, 
            stackTop = 0x7f595afeac78}, array = 0x7ffea3bcae10}
        script = {<js::RootedBase<JSScript*>> = {<No data fields>}, stack = 
    0x7f595afeac50, prev = 0x7ffea3bcbb38, ptr = 0x7f594ba78a50}
        op = JSOP_CALL
        callee = {<js::RootedBase<JS::Value>> = 
    {<js::MutableValueOperations<JS::Rooted<JS::Value> >> = 
    {<js::ValueOperations<JS::Rooted<JS::Value> >> = 
    {<No data fields>}, <No data fields>}, <No data fields>}, stack = 
    0x7f595afeac68, prev = 0x7ffea3bcb0d8, ptr = {data = {asBits = 
    18445758195993433488, debugView = {payload47 = 140022190724496, tag = 
    JSVAL_TAG_OBJECT}, s = {payload = {i32 = 1961907600, u32 = 1961907600, 
                  why = 1961907600}}, asDouble = -nan(0xc7f5974f05590), 
---Type <return> to continue, or q <return> to quit---
              asPtr = 0xfffc7f5974f05590, asWord = 18445758195993433488, 
              asUIntPtr = 18445758195993433488}}}
        handled = true
        thisv = {<js::RootedBase<JS::Value>> = 
    {<js::MutableValueOperations<JS::Rooted<JS::Value> >> = 
    {<js::ValueOperations<JS::Rooted<JS::Value> >> = 
    {<No data fields>}, <No data fields>}, <No data fields>}, stack = 
    0x7f595afeac68, prev = 0x7ffea3bcab20, ptr = {data = {asBits = 
    18444773748872577024, debugView = {payload47 = 0, tag = 
    JSVAL_TAG_UNDEFINED}, s = {payload = {i32 = 0, u32 = 0, why = 
    JS_ELEMENTS_HOLE}}, asDouble = -nan(0x9000000000000), asPtr = 
    0xfff9000000000000, asWord = 18444773748872577024, asUIntPtr = 
    18444773748872577024}}}
        args = 0x7ffea3bcae20
        createSingleton = <value optimized out>
#5  0x00007f597a423280 in ?? ()
No symbol table info available.
#6  0x00007ffea3bcae7a in ?? ()
No symbol table info available.
#7  0x00007ffea3bcadc8 in ?? ()
No symbol table info available.
#8  0x00007f595afeac18 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#9  0xfff9000000000000 in ?? ()
No symbol table info available.
#10 0x00007f5985aaaee0 in js::jit::DoSpreadCallFallbackInfo ()
   from /usr/lib64/firefox/libxul.so
No symbol table info available.
#11 0x00007f59743586a0 in ?? ()
No symbol table info available.
#12 0x00007f595e8f57f3 in ?? ()
No symbol table info available.
#13 0x0000000000000902 in ?? ()
No symbol table info available.
#14 0x00007ffea3bcae78 in ?? ()
No symbol table info available.
#15 0x00007f596c2d3ac8 in ?? ()
No symbol table info available.
#16 0x0000000000000001 in ?? ()
No symbol table info available.
#17 0x00007ffea3bcae10 in ?? ()
No symbol table info available.
#18 0xfffc7f5974f05590 in ?? ()
No symbol table info available.
#19 0xfff9000000000000 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#20 0xfffc7f5974f05520 in ?? ()
No symbol table info available.
#21 0x00007ffea3bcaeb8 in ?? ()
No symbol table info available.
#22 0x00007f596c2d3ac8 in ?? ()
No symbol table info available.
#23 0x00007f595c139539 in ?? ()
No symbol table info available.
#24 0x0000000000000f01 in ?? ()
No symbol table info available.
#25 0xfffc7f5974f05520 in ?? ()
No symbol table info available.
#26 0xfff9000000000000 in ?? ()
No symbol table info available.
#27 0xfffc7f5974f05590 in ?? ()
No symbol table info available.
#28 0xfffc7f594c6e3460 in ?? ()
No symbol table info available.
#29 0xfffc7f5974f05520 in ?? ()
No symbol table info available.
#30 0xfff8800000000000 in ?? ()
No symbol table info available.
#31 0x00007ffea3bcaa48 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#32 0xfffffffffffffff2 in ?? ()
No symbol table info available.
#33 0x00007f5900000078 in ?? ()
No symbol table info available.
#34 0x00007f594c689d80 in ?? ()
No symbol table info available.
#35 0x00007ffea3bcaeb0 in ?? ()
No symbol table info available.
#36 0x00007f5974f05520 in ?? ()
No symbol table info available.
#37 0x0000000000000008 in ?? ()
No symbol table info available.
#38 0x000000104b4ce4c0 in ?? ()
No symbol table info available.
#39 0x00007ffea3bcaf20 in ?? ()
No symbol table info available.
#40 0x00007f597a41a84f in ?? ()
No symbol table info available.
#41 0x0000000000000404 in ?? ()
No symbol table info available.
#42 0x00007f594c6b5540 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#43 0x0000000000000001 in ?? ()
No symbol table info available.
#44 0xfffc7f594c6e3460 in ?? ()
No symbol table info available.
#45 0xfffc7f5974f054b0 in ?? ()
No symbol table info available.
#46 0x00007ffea3bcb0e8 in ?? ()
No symbol table info available.
#47 0x0000000004000000 in ?? ()
No symbol table info available.
#48 0x00007f597a41a710 in ?? ()
No symbol table info available.
#49 0x00007ffea3bcaf50 in ?? ()
No symbol table info available.
#50 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)
Comment 1 Götz Waschk 2016-04-27 09:30:27 UTC 
Here's another backtrace from the same situation as in the bug report:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fa846bfd700 (LWP 23137)]
0x0000003db222ac73 in do_something (p=0x7fa848243540)
    at pulsecore/pstream.c:181
181	    p->mainloop->defer_enable(p->defer_event, 0);
(gdb) bt full
#0  0x0000003db222ac73 in do_something (p=0x7fa848243540)
    at pulsecore/pstream.c:181
        __func__ = "do_something"
        __PRETTY_FUNCTION__ = "do_something"
#1  0x00007fa8804dbb4c in dispatch_pollfds (m=0x7fa8483a6c00)
    at pulse/mainloop.c:688
        e = 0x7fa8502db240
        k = <value optimized out>
        r = <value optimized out>
#2  pa_mainloop_dispatch (m=0x7fa8483a6c00) at pulse/mainloop.c:933
        dispatched = <value optimized out>
        __func__ = "pa_mainloop_dispatch"
        __PRETTY_FUNCTION__ = "pa_mainloop_dispatch"
#3  0x00007fa8804dbed8 in pa_mainloop_iterate (m=0x7fa8483a6c00, 
    block=<value optimized out>, retval=0x0) at pulse/mainloop.c:964
        r = 1
        __func__ = "pa_mainloop_iterate"
        __PRETTY_FUNCTION__ = "pa_mainloop_iterate"
#4  0x00007fa8804dbf80 in pa_mainloop_run (m=0x7fa8483a6c00, retval=0x0)
    at pulse/mainloop.c:979
        r = <value optimized out>
#5  0x00007fa8804eaa4b in thread (userdata=0x7fa84ea588e0)
    at pulse/thread-mainloop.c:94
---Type <return> to continue, or q <return> to quit---
        m = 0x7fa84ea588e0
        mask = {__val = {18446744067267100671, 
    18446744073709551615 <repeats 15 times>}}
#6  0x0000003db22389b8 in internal_thread_func (userdata=0x7fa85a771160)
    at pulsecore/thread-posix.c:72
        t = 0x7fa85a771160
        __func__ = "internal_thread_func"
        __PRETTY_FUNCTION__ = "internal_thread_func"
#7  0x0000003da7207aa1 in start_thread (arg=0x7fa846bfd700)
    at pthread_create.c:301
        __res = <value optimized out>
        pd = 0x7fa846bfd700
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140360718210816, 
    -7801606672684834921, 264799109984, 140360718211520, 0, 3, 
    7848557468950830999, -7800113264031064169}, mask_was_saved = 0}}, priv = {
            pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
              canceltype = 0}}}
        not_first_call = <value optimized out>
        pagesize_m1 = <value optimized out>
        sp = <value optimized out>
        freesize = <value optimized out>
#8  0x0000003da66e893d in clone ()
---Type <return> to continue, or q <return> to quit---
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
No locals.
Comment 2 Götz Waschk 2016-04-27 09:34:04 UTC 
And another crash:
(gdb) bt full
#0  nsCOMPtr_base::~nsCOMPtr_base (this=Unhandled dwarf expression opcode 0xf3
)
    at ../../../../dist/include/nsCOMPtr.h:295
No locals.
#1  0x00007fed8d500883 in ~nsCOMPtr (inst=0x7fed51dfb260)
    at ../../../dist/include/nsCOMPtr.h:349
No locals.
#2  ~XPCNativeInterface (inst=0x7fed51dfb260)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/xpconnect/src/xpcprivate.h:1416
No locals.
#3  XPCNativeInterface::DestroyInstance (inst=0x7fed51dfb260)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/xpconnect/src/XPCWrappedNativeInfo.cpp:402
No locals.
#4  0x00007fed8d4e2bdd in XPCJSRuntime::FinalizeCallback (fop=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/xpconnect/src/XPCJSRuntime.cpp:852
        entry = <value optimized out>
        iface = <value optimized out>
        i = {mTable = 0x7fed822cfac0, mStart = 0x7fed67489000 "", mLimit = 
    0x7fed6748c000 "", mCurrent = 0x7fed6748a6f8 "\361\"\375z", mNexts = 102, 
          mNextsLimit = 219, mHaveRemoved = true}
        doSweep = true
---Type <return> to continue, or q <return> to quit---
        self = 0x7fed822d9000
#5  0x00007fed8ee6d409 in js::gc::GCRuntime::callFinalizeCallbacks (this=
    0x7fed838893f8, fop=0x7ffc8af2ade0, status=JSFINALIZE_COLLECTION_END)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:1651
        p = @0x7fed8388b508
        __for_range = @0x7fed8388b4f0
        __for_begin = 0x7fed8388b508
#6  0x00007fed8ee7ab12 in js::gc::GCRuntime::endSweepPhase (this=
    0x7fed838893f8, destroyingRuntime=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:5557
        ap = {stats = @0x7fed83889590, task = 0x0, phase = 
    js::gcstats::PHASE_FINALIZE_END, enabled = true}
        ap = {stats = @0x7fed83889590, task = 0x0, phase = 
    js::gcstats::PHASE_SWEEP, enabled = true}
        fop = {<JSFreeOp> = {runtime_ = 0x7fed83889000}, freeLaterList = 
    {<js::SystemAllocPolicy> = {<No data fields>}, static kElemIsPod = true, 
            static kMaxInlineBytes = 1024, static kInlineCapacity = 0, 
            static kInlineBytes = 1, mBegin = 0x7ffc8af2ae00, mLength = 0, 
            mCapacity = 0, mStorage = {u = {mBytes = "", mDummy = 
    140658024288256}}, static sMaxInlineStorage = <optimized out>}, 
          threadType = js::MainThread}
#7  0x00007fed8ee872e0 in js::gc::GCRuntime::incrementalCollectSlice (this=
    0x7fed838893f8, budget=..., reason=JS::gcreason::REFRESH_FRAME)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:6089
        copy = {runtime = 0x7fed83889000}
        slice = {runtime = 0x7fed83889000}
        destroyingRuntime = false
        initialState = js::gc::SWEEP
#8  0x00007fed8ee87daa in js::gc::GCRuntime::gcCycle (this=0x7fed838893f8, 
    nonincrementalByAPI=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:6278
        notify = {gc_ = @0x7fed838893f8}
        session = {lock = {runtime = 0x7fed83889000}, runtime = 
    0x7fed83889000, prevState = JS::Idle, pseudoFrame = {profiler_ = 
    0x7fed8388c760, sizeBefore_ = {<No data fields>}}}
        prevState = <value optimized out>
#9  0x00007fed8ee8817e in js::gc::GCRuntime::collect (this=0x7fed838893f8, 
    nonincrementalByAPI=false, budget=..., reason=JS::gcreason::REFRESH_FRAME)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:6384
        wasReset = <value optimized out>
        repeatForDeadZone = <value optimized out>
        aept = {gc_ = @0x7fed838893f8}
        agc = {stats = @0x7fed83889590}
        logGC = {logger = 0x7fed85960510, payload = {event = 0x7fed00000005, 
            id = TraceLogger_GC}, isEvent = false, executed = false, prev = 
    0x0}
---Type <return> to continue, or q <return> to quit---
        repeat = false
#10 0x00007fed8ee89300 in gcSlice (rt=0x7fed83889000)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:6457
No locals.
#11 notifyDidPaint (rt=0x7fed83889000)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsgc.cpp:6518
No locals.
#12 JS::NotifyDidPaint (rt=0x7fed83889000)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/src/jsfriendapi.cpp:1048
No locals.
#13 0x00007fed8d4fd2ae in nsXPConnect::NotifyDidPaint (this=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/js/xpconnect/src/nsXPConnect.cpp:1063
No locals.
#14 0x00007fed8e36146c in nsRefreshDriver::Tick (this=0x7fed6d7e8000, 
    aNowEpoch=Unhandled dwarf expression opcode 0xf3
)
    at /usr/src/debug/firefox-45.1.0/firefox-45.1.0esr/layout/base/nsRefreshDriver.cpp:1872
        timelines = {mRawPtr = 0x7fed773bff10}
        profilingDocShells = 
    {<nsTArray_Impl<nsDocShell*, nsTArrayInfallibleAllocator>> = 
    {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = 
---Type <return> to continue, or q <return> to quit---
    {mHdr = Traceback (most recent call last):
  File "/usr/share/glib-2.0/gdb/gobject.py", line 78, in pretty_printer_lookup
    if is_g_type_instance (val):
  File "/usr/share/glib-2.0/gdb/gobject.py", line 51, in is_g_type_instance
    return is_g_type_instance_helper (type)
  File "/usr/share/glib-2.0/gdb/gobject.py", line 45, in is_g_type_instance_helper
Comment 3 Martin Stransky 2016-04-27 09:34:53 UTC 
Can you please test that in safe mode? (firefox -safe-mode). Can you also test upstream firefox from mozilla.com? (https://www.mozilla.org/en-US/firefox/organizations/all/)
Comment 4 Götz Waschk 2016-04-27 10:27:06 UTC 
I have founde the problem: I had installed a third-party package of vlc (from rpmfusion), it pulled ffmpeg-libs as a dependency. Firefox from RH was built in a way to dynamically load libavcodec.so.53 at runtime. This has caused the crashes, after removing ffmpeg-libs, I couldn't reproduce a crash yet.
Comment 5 Martin Stransky 2016-04-28 09:18:55 UTC 
Thanks for the info!
Comment 6 Martin Stransky 2016-05-02 12:43:46 UTC 
Okay, closing. Please reopen if you see it again.
Comment 7 Martin Stransky 2016-05-02 13:14:21 UTC 
Well, I think we should block the libavcodec.so.53 on RHEL6/5 to avoid the crashes here.
Comment 8 Martin Stransky 2016-05-02 18:24:38 UTC 
Which version of ffmpeg did you install please? I'd like to reproduce the issue.
Comment 9 Götz Waschk 2016-05-03 06:14:53 UTC 
I had installed the ffmpeg-libs package version 0.10.15-1.el6 from rpmfusion.org
Comment 10 Martin Stransky 2016-05-03 10:45:24 UTC 
Yes, I can reproduce it. It really crashes reliably when playing youtube videos.
Comment 11 Martin Stransky 2016-05-03 13:09:35 UTC 
We need to disable ffmpeg as ti causes such crashes.

Added to firefox-45.1.0-3, the fix which will be released with new Firefox update.
Comment 12 manuel wolfshant 2016-05-09 12:17:45 UTC 
I encounter the same issue on two completely different PCs. On both firefox-38.7.0-1.el6.centos.x86_64 works perfectly fine but firefox-45.1.0-1.el6.centos.x86_64 crashes soon after being loaded, even if the " youtube "tab is not active.
Both systems have ffmpeg-libs-0.10.4-2.el6.nux.x86_64 installed.
Comment 13 John Hodrien 2016-05-09 14:35:43 UTC 
Just to confirm, does this disable the known broken version, or all ffmpeg in firefox?  Would hate to lose access to newer versions which works just fine (e.g. libavcodec.so.56), and provides HTML5 h264 support.
Comment 14 Götz Waschk 2016-05-11 06:04:47 UTC 
(In reply to John Hodrien from comment #13)
I can confirm that firefox is working fine with _other_ versions of ffmpeg, e.g. my self-compiled version 2.8.7 enables H264 support in youtube.
Comment 15 manuel wolfshant 2016-05-11 07:18:23 UTC 
Over here  firefox-45.1.0-1.el6.centos.x86_64  works fine after updating to ffmpeg-libs-2.6.8-3.el6.nux.x86_64
Comment 16 Martin Stransky 2016-05-11 10:51:01 UTC 
Okay, we can enable the well working versions in next update. The recent package just disables all ffmpeg libs.
Comment 17 Jordi Sanfeliu 2016-05-28 17:30:59 UTC 
I just want to say that I had the same crashes with firefox-45.1.0-1.el6.centos.x86_64.rpm (and ffmpeg-2.6.8-3.el6.nux.x86_64) on a CentOS 6.7, so I had to use the previous version firefox-38.7.0-1.el6.centos.x86_64.rpm.

Today, I've upgraded to CentOS 6.8 which comes with the new firefox-45.1.1-1.el6.centos.x86_64 and all is working fine again.

Thanks!
Comment 18 John Hodrien 2016-06-06 08:38:23 UTC 
Also confirmed that firefox-45.1.1-1.el6.centos.x86_64 definitely breaks h264 HTML5 support within firefox as expected (easily confirmed via http://youtube.com/html5)

Downgrade to firefox-45.1.0-1.el6.centos.x86_64 gets it working again.
Comment 19 John Hodrien 2016-06-09 16:00:22 UTC 
45.2.0 released, and it still breaks h264 support.  Can we have a plan for this being un-broken?
Comment 20 Martin Stransky 2016-06-10 07:04:15 UTC 
(In reply to John Hodrien from comment #19)
> 45.2.0 released, and it still breaks h264 support.  Can we have a plan for
> this being un-broken?

No. I don't have a reliable list of working/broken fmpeg-libs for RHEL6 which is fairly old system and we don't add features here.

We're not going to re-enable h264 on rhel6 unless there's a business need for this request. In that case please file a request through customer portal and we'll reconsider that.
Comment 21 manuel wolfshant 2016-06-10 07:31:27 UTC 
Can you please reevaluate your decision, given that we are still in Production 2 phase ?
The only non-functional ffmpeg version was 0.10, anything newer ( past 2.6, if I am not mistaken) seems to work fine.

Thank you
Comment 22 Jiri Prajzner 2016-06-10 09:24:39 UTC 
(In reply to manuel wolfshant from comment #21)
> Can you please reevaluate your decision, given that we are still in
> Production 2 phase ?
> The only non-functional ffmpeg version was 0.10, anything newer ( past 2.6,
> if I am not mistaken) seems to work fine.
> 
> Thank you

I second that.
Comment 23 Peter Åstrand 2016-06-21 19:19:14 UTC 
Please revert this change, or at least make it possible to configure this at runtime.
Comment 24 Martin Stransky 2016-06-23 12:29:02 UTC 
The comment 20 still apply. If there's a business need for that please raise it through customer portal.
Comment 25 Martin Stransky 2016-06-27 09:43:22 UTC 
*** Bug 1349899 has been marked as a duplicate of this bug. ***
Comment 28 Martin Stransky 2017-01-06 08:51:38 UTC 
Okay, let's target that for next FF update, Firefox 45.7.
Comment 31 Martin Stransky 2017-01-11 09:23:51 UTC 
Yes, we can enable it now. Mozilla fixed the security issue related to old ffmepg versions: https://bugzilla.mozilla.org/show_bug.cgi?id=1263665
Comment 33 Martin Stransky 2017-01-11 09:48:56 UTC 
> Okay, let's target that for next FF update, Firefox 45.7.

According to https://wiki.mozilla.org/RapidRelease/Calendar the ESR 45.7 is going to be release on 2017-01-24.
Comment 41 Martin Stransky 2017-02-24 14:47:34 UTC 
firefox-45.6.0-2 has been released.
Note You need to log in before you can comment on or make changes to this bug.