Description of problem: Firefox bombs out with a segfault Version-Release number of selected component (if applicable): firefox-1.5.0.10-1.fc6 How reproducible: Always Steps to Reproduce: 1. Open a SEP retirement plan with T Rowe Price 2. Sign up for online access 3. Log on to www.troweprice.com 4. In the account tab, click on the link for your retirement plan Actual results: Firefox crashes with a segfault Expected results: I get to ponder on my golden retirement years. Additional info: This is an x86_64-specific issue. T Rowe Price uses flash. There is no flash plugin for x86_64. On a different laptop, with flash installed firefox does not crash. Firefox has a history of crashing on sites with Flash, when the flash plugin is not installed or available. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 46912496257664 (LWP 3640)] 0x00002aaab6e9bcf2 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgklayout.so (gdb) where #0 0x00002aaab6e9bcf2 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgklayout.so #1 0x00002aaab6e9bd8c in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgklayout.so #2 0x00002aaaba8c30ce in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgkplugin.so #3 0x00002aaaba8be665 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgkplugin.so #4 0x00002aaaba8c1ee7 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgkplugin.so #5 0x00002aaaba8bfda4 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libgkplugin.so #6 0x00002aaaaeca92bb in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libnecko.so #7 0x00002aaaaeca9499 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libnecko.so #8 0x00002aaaaec422ec in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libnecko.so #9 0x00002aaaaec425c3 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libnecko.so #10 0x000000351686128b in NS_AsyncCopy () from /usr/lib64/firefox-1.5.0.10/libxpcom_core.so #11 0x0000003516872319 in PL_HandleEvent () ---Type <return> to continue, or q <return> to quit--- from /usr/lib64/firefox-1.5.0.10/libxpcom_core.so #12 0x000000351687252b in PL_ProcessPendingEvents () from /usr/lib64/firefox-1.5.0.10/libxpcom_core.so #13 0x00000035168737cd in nsAutoMonitor::NewMonitor () from /usr/lib64/firefox-1.5.0.10/libxpcom_core.so #14 0x00002aaaaf8be232 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libwidget_gtk2.so #15 0x0000003087c2cf64 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #16 0x0000003087c2fd9d in g_main_context_check () from /lib64/libglib-2.0.so.0 #17 0x0000003087c300aa in g_main_loop_run () from /lib64/libglib-2.0.so.0 #18 0x000000375bb2d023 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 #19 0x00002aaaaf8be616 in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libwidget_gtk2.so #20 0x00002aaab421b13a in __cxa_pure_virtual () from /usr/lib64/firefox-1.5.0.10/components/libtoolkitcomps.so #21 0x0000000000408284 in __cxa_pure_virtual () #22 0x0000003a5a81da44 in __libc_start_main () from /lib64/libc.so.6 #23 0x0000000000403939 in __cxa_pure_virtual () #24 0x00007fff40ba3dd8 in ?? () #25 0x0000000000000000 in ?? ()
Reporter, I really cannot create an investment account just to triage a bug. So, please, help me a little to understand better what's going on, please. First of all, I am really not quite sure, that I understand what exactly the problem is and whether it is site-specific or general problem with flash. Could you go to the canonical Flash-testing site http://www.badgerbadgerbadger.com and tell me what happens? When I do that here with RHEL5/x86_64 (no flash installed) I get a blank rectangle in middle of the screen saying "Click here to download plugin". When I click on it finder of plugins jumps up and says, that no plugin is available. Is it the same for you or does you firefox crash? Second, if that works for you (i.e., flash doesn't work but firefox doesn't crash either), than could you try website mentioned in the upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=301802 and https://bugzilla.mozilla.org/show_bug.cgi?id=301802#c7 and tell me whether actually you bug is not a duplicate of the upstream one? Thanks a lot for the cooperation
I get the same results as you on www.badgerbadgerbadger.com, and this is not the upstream bug. The upstream bug is an X window error being reported on standard error. I get a full-blown segfault. Completely different. I tried to get something useful out of firefox-debuginfo, but given the sophisticated nature of the firefox startup shell script wrapper, I could not easily figure out how to make it run the debuginfo version of the firefox binary. If I can have the instructions for starting the debuginfo version of firefox-bin, together with the debuginfo version of all the component libraries, then I can perhaps be able to obtain more information about the crash.
if you have both gdb and firefox-debuginfo installed, run `firefox -g`
Nice trick. The segfault is caused by a null pointer derefence in nsObjectFrame.cpp, line 3098, which reads: GetParent()->ReflowDirtyChild(mContent->GetDocument()->GetShellAt(0), this); mContent->GetDocument() returns a NULL pointer -- BOOM! Breakpoint 1, nsObjectFrame::PluginNotAvailable (this=0x2193cd0, aMimeType=<value optimized out>) at nsObjectFrame.cpp:3096 (gdb) next (gdb) p mContent $1 = (nsIContent *) 0x21ce4c0 (gdb) p *mContent $2 = {<nsISupports> = {_vptr.nsISupports = 0x2aaab343d0f0}, static sTabFocusModel = 7, static sTabFocusModelAppliesToXUL = 0, mParentPtrBits = 35437616} (gdb) p mContent->GetDocument() [Thread 1126189376 (LWP 6604) exited] $3 = (class nsIDocument *) 0x0
Appears to be https://bugzilla.mozilla.org/show_bug.cgi?id=282933
Can you try this build: http://people.redhat.com/caillon/RPMS/fc6/firefox-1.5.0.10-5.fc6.caillon.x86_64.rpm to see if it helps. It is the same as the current fc6 version but adds the patch from the upstream bug.
Yup -- the upstream patch completely fixes the bug. Perfect.