Red Hat Bugzilla – Bug 428622
Last modified: 2008-05-13 09:41:44 EDT
Description of problem:
Scrolling down page at the following URL makes firefox crash with a heap
Version-Release number of selected component (if applicable):
How reproducible: Always.
Steps to Reproduce:
1. Visit the URL cited above.
2. Start scrolling the page down, I usually use arrow keys.
Actual results: firefox reports heap corruption and quits.
firefox allows to read the page.
Additional info: running firefox with MALLOC_CHECK_=2 suggests that there is
some invalid free involved.
Created attachment 291575 [details]
stack trace when running firefox under gdb with MALLOC_CHECK_ set.
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora. However, we still want to ensure the bug is
fixed in the next version. We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
The problem is still there in firefox-184.108.40.206-1.fc8 but firefox-3 downloaded
from the location specified above does not display this erroneous behavior.
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
Closing as INSUFFICIENT_DATA.
[This is a mass-closing request, if you think that this bug shouldn't be closed,
please, reopen with additional information.]
The bug is still present in the most recent release of this program for F8, that
BTW, the bug is trivially reproduced. Please actually do pay attention to the
information provided by the reporters.
Fixed in F9/FF3 so closing as RAWHIDE.