Bug 208240 - crash when printing page
Summary: crash when printing page
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: rawhide
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Christopher Aillon
QA Contact:
URL:
Whiteboard:
: 213275 (view as bug list)
Depends On:
Blocks: 208795
TreeView+ depends on / blocked
 
Reported: 2006-09-27 10:03 UTC by Han-Wen Nienhuys
Modified: 2013-01-10 04:04 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-10-05 11:31:09 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 294879 0 None None None Never

Description Han-Wen Nienhuys 2006-09-27 10:03:21 UTC 
Description of problem:

* firefox-1.5.0.7-3.fc6
* surf to www.paypal.com
* print page
* kaboom.

[hanwen@haring tmp]$ gdb /usr/lib/firefox-1.5.0.7/firefox-bin 
GNU gdb Red Hat Linux (6.5-8_jkratoch0.fc6rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) r
Starting program: /usr/lib/firefox-1.5.0.7/firefox-bin 
[Thread debugging using libthread_db enabled]
[New Thread -1208886528 (LWP 3778)]
[New Thread -1211155568 (LWP 3784)]
[New Thread -1225786480 (LWP 3785)]
[New Thread -1236276336 (LWP 3787)]
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32}
[New Thread -1247294576 (LWP 3789)]
[New Thread -1257784432 (LWP 3790)]
[Thread -1247294576 (LWP 3789) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208886528 (LWP 3778)]
IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57
57          if (fcs->ref == FC_REF_CONSTANT)
Current language:  auto; currently c
(gdb) p fcs
$1 = (FcCharSet *) 0xb70db2e8
(gdb) p *fcs
Cannot access memory at address 0xb70db2e8
(gdb) bt
#0  IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57
#1  0x054572d3 in ~nsFontMetricsPS (this=0xab46cb8) at nsFontMetricsPS.cpp:111
#2  0x05456fab in nsFontMetricsPS::Release (this=0x0) at nsFontMetricsPS.cpp:135
#3  0x006757c7 in nsFontCache::Flush (this=0xaa98270) at nsDeviceContext.cpp:715
#4  0x006758c4 in ~nsFontCache (this=0xaa98270) at nsDeviceContext.cpp:580
#5  0x0545448a in ~nsFontCachePS (this=0xaa98270) at nsDeviceContextPS.cpp:547
#6  0x00675188 in ~DeviceContextImpl (this=0xb6fa4b78) at nsDeviceContext.cpp:88
#7  0x054539d8 in ~nsDeviceContextPS (this=0xb6fa4b78) at nsDeviceContextPS.cpp:134
#8  0x00675a24 in DeviceContextImpl::Release (this=0x0) at nsDeviceContext.cpp:54
#9  0x054537f8 in nsDeviceContextPS::Release (this=0xb6fa4b78)
    at nsDeviceContextPS.cpp:179
#10 0x02d676ad in ~nsCOMPtr_base (this=<value optimized out>) at nsCOMPtr.cpp:81
#11 0x0651c652 in ~nsCOMPtr (this=0xb71b135c) at dist/include/xpcom/nsCOMPtr.h:542
#12 0x066058e4 in ~nsPrintData (this=0xb71b1358) at nsPrintData.cpp:159
#13 0x06601fb3 in nsPrintEngine::Destroy (this=0xb6f6aa80) at nsPrintEngine.cpp:283
#14 0x06519f1e in DocumentViewerImpl::OnDonePrinting (this=0xa665de0)
    at nsDocumentViewer.cpp:4141
#15 0x065fc722 in HandlePLEvent (aEvent=0xb6facfa0) at nsPrintEngine.cpp:4549
#16 0x02da8bfd in PL_HandleEvent (self=0xb6facfa0) at plevent.c:688
#17 0x02da8e86 in PL_ProcessPendingEvents (self=0x9cd30f0) at plevent.c:623
#18 0x02daa6b3 in nsEventQueueImpl::ProcessPendingEvents (this=0x9cd30a8)
    at nsEventQueue.cpp:417
#19 0x00e3ac16 in event_processor_callback (source=0x9dbf320, condition=G_IO_IN, 
    data=0x0) at nsAppShell.cpp:67
#20 0x0029494d in g_io_channel_unix_get_fd () from /lib/libglib-2.0.so.0
#21 0x0026b342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#22 0x0026e31f in g_main_context_check () from /lib/libglib-2.0.so.0
#23 0x0026e6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#24 0x027621c4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#25 0x09e01ef0 in ?? ()
#26 0x09e01ef0 in ?? ()
#27 0x00000001 in ?? ()
#28 0x00000001 in ?? ()
#29 0x00000000 in ?? ()
(gdb)
Comment 1 sean 2006-10-05 01:12:44 UTC 
firefox-1.5.0.7-5.fc6.x86_64

Any page will do. Ask.com. google, etc.

The page does print, but ff segfaults immediately.
Comment 2 Han-Wen Nienhuys 2006-10-05 11:31:09 UTC 
Seems fixed now (firefox-1.5.0.7-5.fc6)
Comment 3 Jesse Keating 2006-10-27 11:06:54 UTC 
But not when PANGO is disabled.  We need this fixed with pango disabled.
Comment 4 Christopher Aillon 2006-10-27 17:38:48 UTC 
Not going to respin for the pango disabled case, since it is not the default in
Core.  The fix for the non-pango case is already committed upstream to the
branch, so the non-pango case will be fixed when we pull in 1.5.0.8.
Comment 5 Christopher Aillon 2006-10-31 16:26:08 UTC 
*** Bug 213275 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.