+++ This bug was initially created as a clone of Bug #208240 +++ Description of problem: * firefox-1.5.0.7-3.fc6 * surf to www.paypal.com * print page * kaboom. [hanwen@haring tmp]$ gdb /usr/lib/firefox-1.5.0.7/firefox-bin GNU gdb Red Hat Linux (6.5-8_jkratoch0.fc6rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) r Starting program: /usr/lib/firefox-1.5.0.7/firefox-bin [Thread debugging using libthread_db enabled] [New Thread -1208886528 (LWP 3778)] [New Thread -1211155568 (LWP 3784)] [New Thread -1225786480 (LWP 3785)] [New Thread -1236276336 (LWP 3787)] Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} Adblock Plus: abp.QI to an unknown interface: {a6cf906b-15b3-11d2-932e-00805f8add32} [New Thread -1247294576 (LWP 3789)] [New Thread -1257784432 (LWP 3790)] [Thread -1247294576 (LWP 3789) exited] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208886528 (LWP 3778)] IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57 57 if (fcs->ref == FC_REF_CONSTANT) Current language: auto; currently c (gdb) p fcs $1 = (FcCharSet *) 0xb70db2e8 (gdb) p *fcs Cannot access memory at address 0xb70db2e8 (gdb) bt #0 IA__FcCharSetDestroy (fcs=0xb70db2e8) at fccharset.c:57 #1 0x054572d3 in ~nsFontMetricsPS (this=0xab46cb8) at nsFontMetricsPS.cpp:111 #2 0x05456fab in nsFontMetricsPS::Release (this=0x0) at nsFontMetricsPS.cpp:135 #3 0x006757c7 in nsFontCache::Flush (this=0xaa98270) at nsDeviceContext.cpp:715 #4 0x006758c4 in ~nsFontCache (this=0xaa98270) at nsDeviceContext.cpp:580 #5 0x0545448a in ~nsFontCachePS (this=0xaa98270) at nsDeviceContextPS.cpp:547 #6 0x00675188 in ~DeviceContextImpl (this=0xb6fa4b78) at nsDeviceContext.cpp:88 #7 0x054539d8 in ~nsDeviceContextPS (this=0xb6fa4b78) at nsDeviceContextPS.cpp:134 #8 0x00675a24 in DeviceContextImpl::Release (this=0x0) at nsDeviceContext.cpp:54 #9 0x054537f8 in nsDeviceContextPS::Release (this=0xb6fa4b78) at nsDeviceContextPS.cpp:179 #10 0x02d676ad in ~nsCOMPtr_base (this=<value optimized out>) at nsCOMPtr.cpp:81 #11 0x0651c652 in ~nsCOMPtr (this=0xb71b135c) at dist/include/xpcom/nsCOMPtr.h:542 #12 0x066058e4 in ~nsPrintData (this=0xb71b1358) at nsPrintData.cpp:159 #13 0x06601fb3 in nsPrintEngine::Destroy (this=0xb6f6aa80) at nsPrintEngine.cpp:283 #14 0x06519f1e in DocumentViewerImpl::OnDonePrinting (this=0xa665de0) at nsDocumentViewer.cpp:4141 #15 0x065fc722 in HandlePLEvent (aEvent=0xb6facfa0) at nsPrintEngine.cpp:4549 #16 0x02da8bfd in PL_HandleEvent (self=0xb6facfa0) at plevent.c:688 #17 0x02da8e86 in PL_ProcessPendingEvents (self=0x9cd30f0) at plevent.c:623 #18 0x02daa6b3 in nsEventQueueImpl::ProcessPendingEvents (this=0x9cd30a8) at nsEventQueue.cpp:417 #19 0x00e3ac16 in event_processor_callback (source=0x9dbf320, condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67 #20 0x0029494d in g_io_channel_unix_get_fd () from /lib/libglib-2.0.so.0 #21 0x0026b342 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #22 0x0026e31f in g_main_context_check () from /lib/libglib-2.0.so.0 #23 0x0026e6c9 in g_main_loop_run () from /lib/libglib-2.0.so.0 #24 0x027621c4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #25 0x09e01ef0 in ?? () #26 0x09e01ef0 in ?? () #27 0x00000001 in ?? () #28 0x00000001 in ?? () #29 0x00000000 in ?? () (gdb)
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering. This request is not yet committed for inclusion in release.
Sure. Thanks for the info. Reference to Release Criteria: Section 1.D.1 Desktop->Firefox->Smoketest passes 100%
Confirming on RHEL5 running: firefox-1.5.0.7-7.fc6.i386 Despite the original RawHide Bug 208240 for firefox-1.5.0.7-3.fc6 has been CLOSED. The Bug still looks to be the same. Reproducibility: Always. 1. http://www.redhat.com/ 2. Print Preview 3. Close (Preview) #0 0x0079aa77 in FcCharSetDestroy () from /usr/lib/libfontconfig.so.1 #1 0x018da2d3 in ~nsFontMetricsPS (this=0xb2d60e30) at nsFontMetricsPS.cpp:111 #2 0x018d9fab in nsFontMetricsPS::Release (this=0x0) at nsFontMetricsPS.cpp:135 #3 0x00d8a7c7 in nsFontCache::Flush (this=0xb2fcb4a8) at nsDeviceContext.cpp:715 #4 0x00d8a8c4 in ~nsFontCache (this=0xb2fcb4a8) at nsDeviceContext.cpp:580 #5 0x018d748a in ~nsFontCachePS (this=0xb2fcb4a8) at nsDeviceContextPS.cpp:547 #6 0x00d8a188 in ~DeviceContextImpl (this=0xb31e4b90) at nsDeviceContext.cpp:88 #7 0x018d69d8 in ~nsDeviceContextPS (this=0xb31e4b90) at nsDeviceContextPS.cpp:134 #8 0x00d8aa24 in DeviceContextImpl::Release (this=0x0) at nsDeviceContext.cpp:54 #9 0x018d67f8 in nsDeviceContextPS::Release (this=0xb31e4b90) at nsDeviceContextPS.cpp:179 #10 0x06e23909 in nsCOMPtr_base::assign_assuming_AddRef (this=0x0, newPtr=0x0) at ../dist/include/xpcom/nsCOMPtr.h:531 #11 0x06e236ee in nsCOMPtr_base::assign_with_AddRef (this=0x9972e28, rawPtr=0x0) at nsCOMPtr.cpp:89 #12 0x00d8b517 in nsCOMPtr<nsIDeviceContext>::operator= (this=0x9972e28, rhs=0x0) at dist/include/xpcom/nsCOMPtr.h:713 #13 0x00d89971 in DeviceContextImpl::SetAltDevice (this=0x9972df0, aAltDC=0x0) at nsDeviceContext.cpp:547 #14 0x012285a0 in DocumentViewerImpl::InitInternal (this=0xb3e70f40, aParentWidget=0xb3f7c360, aState=0x0, aDeviceContext=0x9972df0, aBounds=@0xbfd8f988, aDoCreation=1, aInPrintPreview=1) at nsDocumentViewer.cpp:786 #15 0x0122b960 in DocumentViewerImpl::ReturnToGalleyPresentation (this=0xb3e70f40) at nsDocumentViewer.cpp:3972 #16 0x01226c7f in DocumentViewerImpl::ExitPrintPreview (this=0xb3e70f40) at nsDocumentViewer.cpp:3650 #17 0x06e7bbe1 in XPTC_InvokeByIndex () at dist/include/xpcom/xptcstubsdef.inc:251 #18 0x0053843f in XPCWrappedNative::CallMethod (ccx=@0xbfd8fc5c, mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2156 #19 0x0053c119 in XPC_WN_CallMethod (cx=0x956e9d0, obj=0x947ec80, argc=0, argv=0x9af82a0, vp=0xbfd8fd7c) at xpcwrappednativejsops.cpp:1445 #20 0x0013daa7 in js_Invoke (cx=0x956e9d0, argc=0, flags=2) at jsinterp.c:1187 #21 0x00131026 in js_InternalInvoke (cx=0x956e9d0, obj=0x947ec80, fval=155708608, flags=2, argc=0, argv=0x9af8284, rval=0xbfd8ff58) at jsinterp.c:1284 #22 0x0010ca48 in JS_CallFunctionValue (cx=0x956e9d0, obj=0x947ec80, fval=155708608, argc=0, argv=0x9af8284, rval=0xbfd8ff58) at jsapi.c:4186 #23 0x0053f941 in XPC_NW_FunctionWrapper (cx=0x956e9d0, obj=0x947ec88, argc=0, argv=0x9af8284, rval=0xbfd8fffc) at XPCNativeWrapper.cpp:385 #24 0x0013daa7 in js_Invoke (cx=0x956e9d0, argc=0, flags=0) at jsinterp.c:1187 #25 0x00138641 in js_Interpret (cx=0x956e9d0, pc=0x95aaee5 ":", result=0xbfd90328) at jsinterp.c:3583 #26 0x0013db00 in js_Invoke (cx=0x956e9d0, argc=1, flags=2) at jsinterp.c:1207 #27 0x00131026 in js_InternalInvoke (cx=0x956e9d0, obj=0x9828598, fval=155707856, flags=2, argc=1, argv=0xbfd9057c, rval=0xbfd9056c) at jsinterp.c:1284 #28 0x0010ca48 in JS_CallFunctionValue (cx=0x956e9d0, obj=0x9828598, fval=155707856, argc=1, argv=0xbfd9057c, rval=0xbfd9056c) at jsapi.c:4186 #29 0x0149b9db in nsJSContext::CallEventHandler (this=0x955cc50, aTarget=0x9828598, aHandler=0x947e9d0, argc=1, argv=0xbfd9057c, rval=0xbfd9056c) at nsJSEnvironment.cpp:1456 #30 0x014d64eb in nsJSEventListener::HandleEvent (this=0xb2af4328, aEvent=0x99621e0) at nsJSEventListener.cpp:186 #31 0x013cae23 in nsEventListenerManager::HandleEventSubType (this=0xb2f6cef0, aListenerStruct=0xb3ed9c60, aDOMEvent=0x99621e0, aCurrentTarget=0x9a94350, aSubType=8, aPhaseFlags=7) at nsEventListenerManager.cpp:1687 #32 0x013cc1b7 in nsEventListenerManager::HandleEvent (this=0xb2f6cef0, aPresContext=0x965c978, aEvent=0xbfd90980, aDOMEvent=0xbfd9083c, aCurrentTarget=0x9a94350, aFlags=7, aEventStatus=0xbfd909c8) at nsEventListenerManager.cpp:1788 #33 0x01474a7e in nsXULElement::HandleDOMEvent (this=0xb2af42f0, aPresContext=0x965c978, aEvent=0xbfd90980, aDOMEvent=0xbfd9083c, aFlags=7, aEventStatus=0xbfd909c8) at nsXULElement.cpp:2152 #34 0x0123ff1f in PresShell::HandleDOMEventWithTarget (this=0x92b01c0, aTargetContent=0xb2af42f0, aEvent=0xbfd90980, aStatus=0xbfd909c8) at nsPresShell.cpp:6519 #35 0x013471e2 in nsButtonBoxFrame::DoMouseClick (this=0xb3dde094, aEvent=0xbfd90b78, aTrustEvent=0) at nsButtonBoxFrame.cpp:179 #36 0x0133e0b3 in nsButtonBoxFrame::MouseClicked (this=0xb3dde094, aPresContext=0x965c978, aEvent=0xbfd90b78) at nsButtonBoxFrame.h:61 #37 0x01347434 in nsButtonBoxFrame::HandleEvent (this=0xb3dde094, aPresContext=0x965c978, aEvent=0xbfd90b78, aEventStatus=0xbfd91020) at nsButtonBoxFrame.cpp:149 #38 0x0123a9b2 in PresShell::HandleEventInternal (this=0x92b01c0, aEvent=0xbfd90b78, aView=0x0, aFlags=1, aStatus=0xbfd91020) at nsPresShell.cpp:6464 #39 0x0123b082 in PresShell::HandleEventWithTarget (this=0x92b01c0, aEvent=0xbfd90b78, aFrame=0xb3dde094, aContent=0xb2af42f0, aFlags=1, aStatus=0xbfd91020) at nsPresShell.cpp:6320 #40 0x013cef25 in nsEventStateManager::CheckForAndDispatchClick (this=0x961a508, aPresContext=0x965c978, aEvent=0xbfd91174, aStatus=0xbfd91020) at nsEventStateManager.cpp:3049 #41 0x013d55ea in nsEventStateManager::PostHandleEvent (this=0x961a508, aPresContext=0x965c978, aEvent=0xbfd91174, aTargetFrame=0xb3dde094, aStatus=0xbfd91020, aView=0x96344b0) at nsEventStateManager.cpp:2027 #42 0x0123aae3 in PresShell::HandleEventInternal (this=0x92b01c0, aEvent=0xbfd91174, aView=0x96344b0, aFlags=513, aStatus=0xbfd91020) at nsPresShell.cpp:6495 #43 0x012440dd in PresShell::HandleEvent (this=0x92b01c0, aView=0x96344b0, aEvent=0xbfd91174, aEventStatus=0xbfd91020, aForceHandle=1, aHandled=@0xbfd91018) at nsPresShell.cpp:6259 #44 0x01492e28 in nsViewManager::HandleEvent (this=0x96a6c78, aView=0x96344b0, aEvent=0xbfd91174, aCaptured=0) at nsViewManager.cpp:2557 #45 0x01496d0e in nsViewManager::DispatchEvent (this=0x96a6c78, aEvent=0xbfd91174, aStatus=0xbfd91130) at nsViewManager.cpp:2246 #46 0x0148dfa5 in HandleEvent (aEvent=0xbfd91174) at nsView.cpp:171 #47 0x00d504c0 in nsCommonWidget::DispatchEvent (this=0x9634518, aEvent=0xbfd91174, aStatus=@0xbfd911bc) at nsCommonWidget.cpp:219 #48 0x00d4b01e in nsWindow::OnButtonReleaseEvent (this=0x9634518, aWidget=0x93bdd48, aEvent=0x9576400) at nsWindow.cpp:1600 #49 0x00d4b049 in button_release_event_cb (widget=0x93bdd48, event=0x9576400) at nsWindow.cpp:3731 #50 0x009fe0c0 in gtk_marshal_BOOLEAN__VOID () from /usr/lib/libgtk-x11-2.0.so.0 #51 0x006a6f0b in IA__g_closure_invoke (closure=0x955ccc0, return_value=0xbfd91340, n_param_values=2, param_values=0xbfd9141c, invocation_hint=0xbfd9132c) at gclosure.c:490 #52 0x006b7e83 in signal_emit_unlocked_R (node=0x932cf60, detail=0, instance=0x93bdd48, emission_return=0xbfd915dc, instance_and_params=0xbfd9141c) at gsignal.c:2438 #53 0x006b9147 in IA__g_signal_emit_valist (instance=0x93bdd48, signal_id=29, detail=0, var_args=0xbfd91660 "x\026ٿ") at gsignal.c:2207 #54 0x006b9539 in IA__g_signal_emit (instance=0x93bdd48, signal_id=29, detail=0) at gsignal.c:2241 #55 0x00b12118 in gtk_widget_get_default_style () from /usr/lib/libgtk-x11-2.0.so.0 #56 0x009f7563 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #57 0x009f8767 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #58 0x0082a0ea in gdk_add_client_message_filter () from /usr/lib/libgdk-x11-2.0.so.0 #59 0x005f4342 in IA__g_main_context_dispatch (context=0x9157368) at gmain.c:2045 #60 0x005f731f in g_main_context_iterate (context=0x9157368, block=1, dispatch=1, self=0x93385a8) at gmain.c:2677 #61 0x005f76c9 in IA__g_main_loop_run (loop=0x95060a8) at gmain.c:2881 #62 0x009f8be4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #63 0x00d4efeb in nsAppShell::Run (this=0x9349378) at nsAppShell.cpp:139 #64 0x01c0ff86 in nsAppStartup::Run (this=0x9352840) at nsAppStartup.cpp:150 #65 0x0804f66f in XRE_main (argc=3, argv=0xbfd91d94, aAppData=0x8065480) at nsAppRunner.cpp:2374 #66 0x0804ab90 in main (argc=Cannot access memory at address 0x1 ) at nsBrowserApp.cpp:61 #67 0x00322f2c in __libc_start_main (main=0x804ab64 <main>, argc=3, ubp_av=0xbfd91d94, init=0x8059660 <__libc_csu_init>, fini=0x8059650 <__libc_csu_fini>, rtld_fini=0x2fe390 <_dl_fini>, stack_end=0xbfd91d8c) at libc-start.c:231 #68 0x0804aae1 in _start ()
Can you by any chance install debuginfo packages for fontconfig, and reproduce this under valgrind?
Created attachment 138903 [details] .tar.gz of core + gdb session log Ran under valgrind, externally attached gdb(1), "gcore" generated core file (crashed "thread 8" in the core file). No firefox plugins installed (even no libnullplugin.so).
No, I really need the valgrind output, not the core or gdb log.
Created attachment 138965 [details] valgrind --trace-children=yes firefox 2>&1|tee /tmp/firefox-vagrind.log
*** Bug 211669 has been marked as a duplicate of this bug. ***
Behdad says that this will most likely be fixed when the firefox/pango printing changes land (see bug 182533)
Created attachment 139257 [details] patch
Upstreamed: https://bugzilla.mozilla.org/show_bug.cgi?id=357859
This is actually already fixed upstream, with a better patch (on Oct 6). Please pick from there: https://bugzilla.mozilla.org/show_bug.cgi?id=294879
has this been built? Can we move it to modified?
(In reply to comment #14) > has this been built? No. However, caillon has been building firefox with the pango printing patch, and with that patch this bug will not be hit (unless user uses MOZ_DISABLE_PANGO=1)
firefox-1.5.0.7-8.el5 has the pango printing patch
Verified the crash was not found in firefox-1.5.0.7-8.el5.
Retested the bug with firefox-1.5.0.7-8.el5. on RHEL5-Client-20061108.nightly and verfied again it has been fixed. Resolve it now.