Bug 428622 - Invalid free
Invalid free
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
8
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Gecko Maintainer
Fedora Extras Quality Assurance
firefox3INSUFFICIENT_DATAmassClosing
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-14 03:39 EST by Pawel Salek
Modified: 2008-05-13 09:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-13 09:41:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
stack trace when running firefox under gdb with MALLOC_CHECK_ set. (7.17 KB, text/plain)
2008-01-14 03:39 EST, Pawel Salek
no flags Details

  None (edit)
Description Pawel Salek 2008-01-14 03:39:20 EST
Description of problem:
Scrolling down page at the following URL makes firefox crash with a heap
corruption error.

URL: http://blog.rp.pl/haszczynski/2008/01/13/czy-tajwan-bedzie-mniej-tajwanski/

Version-Release number of selected component (if applicable):
firefox-2.0.0.10-3.fc8

How reproducible: Always.

Steps to Reproduce:
1. Visit the URL cited above.
2. Start scrolling the page down, I usually use arrow keys. 
  
Actual results: firefox reports heap corruption and quits.

Expected results:
firefox allows to read the page.

Additional info: running firefox with MALLOC_CHECK_=2 suggests that there is
some invalid free involved.
Comment 1 Pawel Salek 2008-01-14 03:39:20 EST
Created attachment 291575 [details]
stack trace when running firefox under gdb with MALLOC_CHECK_ set.
Comment 3 Matěj Cepl 2008-02-21 17:35:23 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 4 Matěj Cepl 2008-02-21 17:36:41 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 5 Pawel Salek 2008-02-21 18:13:02 EST
The problem is still there in firefox-2.0.0.12-1.fc8 but firefox-3 downloaded
from the location specified above does not display this erroneous behavior.
Comment 6 Matěj Cepl 2008-04-09 10:05:30 EDT
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

[This is a mass-closing request, if you think that this bug shouldn't be closed,
please, reopen with additional information.]
Comment 7 Pawel Salek 2008-04-09 10:12:48 EDT
The bug is still present in the most recent release of this program for F8, that
is firefox-2.0.0.13-1.fc8
Comment 8 Pawel Salek 2008-04-09 10:14:16 EDT
BTW, the bug is trivially reproduced. Please actually do pay attention to the
information provided by the reporters.
Comment 9 Martin Stransky 2008-05-13 09:41:44 EDT
Fixed in F9/FF3 so closing as RAWHIDE.

Note You need to log in before you can comment on or make changes to this bug.