245444 – *** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invalid pointer: 0x0000000002b73f50 ***

Bug 245444 - *** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invalid pointer: 0x0000000002b73f50 ***

Summary: *** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invali...

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F8Blocker
TreeView+	depends on / blocked

Reported:	2007-06-23 09:50 UTC by Nicolas Mailhot
Modified:	2007-11-30 22:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-08-11 04:06:45 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nicolas Mailhot 2007-06-23 09:50:08 UTC

Description of problem:
Firefox freezes xhen asked to display a popup or any other secondary window
(download prompt, preferences, etc)

Version-Release number of selected component (if applicable):

firefox-2.0.0.4-2.fc8.x86_64

How reproducible:
Always

Steps to Reproduce:
Do any action that requires displaying a non-browsing window
  
Actual results:

Firefox freeze

Additional info:

$ firefox
*** glibc detected *** /usr/lib64/firefox-2.0.0.4/firefox-bin: free(): invalid
pointer: 0x0000000002b73f50 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3d34070412]
/lib64/libc.so.6(cfree+0x8c)[0x3d34073b1c]
/usr/lib64/firefox-2.0.0.4/components/libgfx_gtk.so[0x2aaaad530c6e]
/usr/lib64/firefox-2.0.0.4/components/libgfx_gtk.so[0x2aaaad5497fe]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac95fe2f]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac960902]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac99e236]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca74491]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca86376]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca75496]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca750c0]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaaca7452a]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaac97f728]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbacb57]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbaee0c]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb2684]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb2ff7]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbb516d]
/usr/lib64/firefox-2.0.0.4/components/libgklayout.so[0x2aaaacbac8f6]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf44eae]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf40cf6]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf40d8c]
/usr/lib64/libgtk-x11-2.0.so.0[0x371115fef1]
/lib64/libgobject-2.0.so.0(g_closure_invoke+0x109)[0x3c92e0b099]
/lib64/libgobject-2.0.so.0[0x3c92e1bb07]
/lib64/libgobject-2.0.so.0(g_signal_emit_valist+0x628)[0x3c92e1cd58]
/lib64/libgobject-2.0.so.0(g_signal_emit+0x83)[0x3c92e1d173]
/usr/lib64/libgtk-x11-2.0.so.0[0x3711281bfe]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main_do_event+0x435)[0x3711158cd5]
/usr/lib64/libgdk-x11-2.0.so.0[0x3710832efa]
/usr/lib64/libgdk-x11-2.0.so.0(gdk_window_process_all_updates+0x8b)[0x371083313b]
/usr/lib64/libgdk-x11-2.0.so.0[0x3710833199]
/usr/lib64/libgdk-x11-2.0.so.0[0x371081a5be]
/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1c3)[0x3c92a2ee63]
/lib64/libglib-2.0.so.0[0x3c92a3215d]
/lib64/libglib-2.0.so.0(g_main_loop_run+0x1ca)[0x3c92a3246a]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main+0xa3)[0x3711159043]
/usr/lib64/firefox-2.0.0.4/components/libwidget_gtk2.so[0x2aaaaaf43db6]
/usr/lib64/firefox-2.0.0.4/components/libtoolkitcomps.so[0x2aaaab5867b2]
/usr/lib64/firefox-2.0.0.4/firefox-bin[0x40848b]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3d3401daa4]
/usr/lib64/firefox-2.0.0.4/firefox-bin(__gxx_personality_v0+0x1a1)[0x4039b9]
======= Memory map: ========
00400000-00418000 r-xp 00000000 fd:00 4915690                           
/usr/lib64/firefox-2.0.0.4/firefox-bin
00618000-0061a000 rw-p 00018000 fd:00 4915690                           
/usr/lib64/firefox-2.0.0.4/firefox-bin
0061a000-02c73000 rw-p 0061a000 00:00 0                                  [heap]
40000000-40001000 ---p 40000000 00:00 0 
40001000-40801000 rw-p 40001000 00:00 0 
40801000-40802000 ---p 40801000 00:00 0 
40802000-41002000 rw-p 40802000 00:00 0 
41002000-41003000 ---p 41002000 00:00 0 
41003000-41803000 rw-p 41003000 00:00 0 
41803000-41804000 ---p 41803000 00:0

Comment 1 Hans de Goede 2007-07-29 13:05:27 UTC

This works fine for me, can you test again after udating to the latest firefox:
firefox-2.0.0.4-3.fc8.x86_64

Comment 2 pascal kolijn 2007-08-06 10:37:37 UTC

I've got this too, with firefox-2.0.0.5-3.fc8.i386 and I had it too with 1 or 2
earlier versions ( using epiphany does not trigger it ).

eg: 
so if I go to:
http://torrent.fedoraproject.org/

and click the link:

rawhide-20070801.torrent

the dialog that should appear crashes firefox:

*** glibc detected *** /usr/lib/firefox-2.0.0.5/firefox-bin: double free or
corruption (out): 0x09844280 ***
======= Backtrace: =========
/lib/libc.so.6[0xd49041]
/lib/libc.so.6(cfree+0x90)[0xd4c670]
/lib/libglib-2.0.so.0(g_free+0x31)[0x886921]
/usr/lib/firefox-2.0.0.5/components/libgfx_gtk.so[0x10a57be]
/usr/lib/firefox-2.0.0.5/components/libgfx_gtk.so[0x10c1165]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x129634c]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1296d2d]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x12d90be]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bc455]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bd3c5]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bd067]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x13bc4ff]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x12b84b3]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151cb7e]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151f05b]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1522619]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1522fca]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x1525267]
/usr/lib/firefox-2.0.0.5/components/libgklayout.so[0x151c921]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa7c28]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa2baf]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa2c33]
/usr/lib/libgtk-x11-2.0.so.0[0x44b042]
/lib/libgobject-2.0.so.0(g_closure_invoke+0x123)[0x815f73]
/lib/libgobject-2.0.so.0[0x827acd]
/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d6)[0x828de6]
/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x8291d9]
/usr/lib/libgtk-x11-2.0.so.0[0x584848]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x42f)[0x44438f]
/usr/lib/libgdk-x11-2.0.so.0[0x71a301]
/usr/lib/libgdk-x11-2.0.so.0(gdk_window_process_all_updates+0x97)[0x71a527]
/usr/lib/libgtk-x11-2.0.so.0[0x39af6d]
/usr/lib/libgdk-x11-2.0.so.0[0x700588]
/lib/libglib-2.0.so.0[0x87d621]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x17c)[0x87f1ec]
/lib/libglib-2.0.so.0[0x88262f]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9)[0x8829d9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x4447b4]
/usr/lib/firefox-2.0.0.5/components/libwidget_gtk2.so[0x4aa66b7]
/usr/lib/firefox-2.0.0.5/components/libtoolkitcomps.so[0x32a42d6]
/usr/lib/firefox-2.0.0.5/firefox-bin[0x804fa9d]
/usr/lib/firefox-2.0.0.5/firefox-bin(__gxx_personality_v0+0x2c0)[0x804ac30]
/lib/libc.so.6(__libc_start_main+0xe0)[0xcf70b0]
/usr/lib/firefox-2.0.0.5/firefox-bin(__gxx_personality_v0+0x1e1)[0x804ab51]
======= Memory map: ========

Comment 3 Hans de Goede 2007-08-06 10:55:09 UTC

I just tried clicking that link in my i386 rawhide firefox, no prolem. So it
seems that this is not 64 bit related, as you have it with the i386 version, and
that some special condition is needed to trigger it. Can you think of anything
special with your system, plugins, non default gtk theme, anything?

Comment 4 pascal kolijn 2007-08-06 11:19:58 UTC

If I login with a new user, firefox-2.0.0.5-3.fc8.i386 the 'download' window
works...

even moving my original ~/.mozilla/firefox aside does not help, so it must be
something else..

But as Hans suggests (mid-air collision :o) ) :

Changing my gtk-theme back to the default fixes the crash !

Thanx, for the suggestion, I know now where to look (although with a less
exiting desktop ;o) ) I hope this might also be some help for the Original Poster.

Comment 5 Christopher Aillon 2007-08-07 17:22:37 UTC

What was the bad gtk theme?

Comment 6 pascal kolijn 2007-08-09 08:03:10 UTC

Reuben ( http://gnome-look.org/content/show.php/Reuben?content=56098 or
http://gnome-look.org/content/show.php/Fawn?content=58426, but I noticed that it
is a theme by the same creator (!), so I guess she must be doing something wrong
:o) )

Comment 7 Christopher Aillon 2007-08-11 04:06:45 UTC

Okay, its not one of ours, so closing out.  Might want to send a note to the
theme author.

Note You need to log in before you can comment on or make changes to this bug.