Bug 430422 - Firefox segfaults unexpected
Firefox segfaults unexpected
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
8
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Martin Stransky
Fedora Extras Quality Assurance
pleaForReproductionFF3
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-27 17:34 EST by Peter Bieringer
Modified: 2008-06-13 17:04 EDT (History)
1 user (show)

See Also:
Fixed In Version: F9 as of 2008-06-13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-13 17:04:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2008-01-27 17:34:48 EST
Description of problem:

More or less often firefox crashes on a VIA EPIA with 800 MHz CentaurHauls CPU.

Version-Release number of selected component (if applicable):

firefox-2.0.0.10-3.fc8
kernel-2.6.23.14-107.fc8

How reproducible:

Often, after loading more complex web sites


Backtrace:

Core was generated by `/usr/lib/firefox-2.0.0.10/firefox-bin -UILocale de'.
Program terminated with signal 11, Segmentation fault.
#0  0x0012d402 in __kernel_vsyscall ()
(gdb) bt
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00319891 in raise () from /lib/libpthread.so.0
#2  0x08059992 in ?? ()
#3  <signal handler called>
#4  0x00160ba5 in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so
#5  0x00179c7b in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so
#6  0x0016383c in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so
#7  0x0016840b in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so
#8  0x00170f1d in ?? () from /usr/lib/firefox-2.0.0.10/libmozjs.so
#9  0x0013bafd in JS_EvaluateUCScriptForPrincipals () from
/usr/lib/firefox-2.0.0.10/libmozjs.so
#10 0x01a2e332 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so
#11 0x01a35113 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so
#12 0x01a455c5 in ?? () from /usr/lib/firefox-2.0.0.10/components/libgklayout.so
#13 0x00255223 in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so
#14 0x002552e4 in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so
#15 0x00250f8d in PL_HandleEvent () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so
#16 0x00251216 in PL_ProcessPendingEvents () from
/usr/lib/firefox-2.0.0.10/libxpcom_core.so
#17 0x00252a6f in ?? () from /usr/lib/firefox-2.0.0.10/libxpcom_core.so
#18 0x07dda452 in ?? () from /usr/lib/firefox-2.0.0.10/components/libwidget_gtk2.so
#19 0x009b38ad in ?? () from /lib/libglib-2.0.so.0
#20 0x0098410c in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#21 0x0098754f in ?? () from /lib/libglib-2.0.so.0
#22 0x009878f9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#23 0x004ba422 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#24 0x07dda83f in ?? () from /usr/lib/firefox-2.0.0.10/components/libwidget_gtk2.so
#25 0x06c19306 in ?? () from /usr/lib/firefox-2.0.0.10/components/libtoolkitcomps.so
#26 0x0804fb7d in __cxa_pure_virtual ()
#27 0x0804aca0 in __cxa_pure_virtual ()
#28 0x00c56390 in __libc_start_main () from /lib/libc.so.6
#29 0x0804abc1 in __cxa_pure_virtual ()

Please request more infos from the core file, if needed.
Comment 1 Martin Stransky 2008-02-20 07:40:18 EST
Can you reproduce it with the latest firefox update? Please install missing
debuginfo packages and attach the back-trace again.
Comment 2 Matěj Cepl 2008-02-21 17:34:20 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 3 Matěj Cepl 2008-02-21 17:35:31 EST
At this point, we're going to only be taking security fixes and major stability
fixes into this release of Fedora.  However, we still want to ensure the bug is
fixed in the next version.  We'd appreciate if you could test Firefox 3,
available at http://www.mozilla.com/en-US/firefox/all-beta.html or now shipping
as the default in Fedora rawhide and provide feedback as to whether it still
exists so we can file a ticket upstream to try to fix it in Firefox 3 before it
is released.
Comment 4 Peter Bieringer 2008-02-22 17:54:49 EST
Here a backtrace:

Core was generated by `/usr/lib/firefox-2.0.0.12/firefox-bin -UILocale de'.
Program terminated with signal 11, Segmentation fault.
#0  0x0012d402 in __kernel_vsyscall ()
(gdb) bt
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x00310891 in raise () from /lib/libpthread.so.0
#2  0x08059f46 in nsProfileLock::FatalSignalHandler (signo=11) at
nsProfileLock.cpp:206
#3  <signal handler called>
#4  0x00ca88aa in memcpy () from /lib/libc.so.6
#5  0x00282732 in nsSubstringTuple::WriteTo (this=0xa5b6394, buf=0xa1b6390,
bufLen=7)
    at /usr/include/bits/string3.h:52
#6  0x00281cad in nsSubstring::Assign (this=0xbfe11f94, tuple=@0xbfe11fc4) at
nsTSubstring.cpp:384
#7  0x002872ca in nsAString_internal::Assign (this=0xbfe11f94,
tuple=@0xbfe11e1c) at nsTAString.cpp:238
#8  0x01385471 in nsEventListenerManager::AddEventListenerByType
(this=0xa1ef920, aListener=0x9e0e188, 
    aType=@0xbfe1209c, aFlags=2, aEvtGrp=0x93e93a8) at
../../../dist/include/string/nsTAString.h:494
#9  0x013834a7 in nsEventListenerManager::AddGroupedEventListener
(this=0xa1ef920, aType=@0xbfe1209c, 
    aListener=0x9e0e188, aUseCapture=0, aEvtGrp=0x93e93a8) at
nsEventListenerManager.cpp:2150
#10 0x01348a17 in nsDOMEventRTTearoff::AddGroupedEventListener (this=0xa1b6370,
aType=@0xbfe1209c, 
    aListener=0x9e0e188, aUseCapture=0, aEvtGrp=0x93e93a8) at
nsGenericElement.cpp:716
#11 0x0120f13c in nsTextControlFrame::SetInitialChildList (this=0xa1b42a0,
aPresContext=0xa191120, aListName=0x0, 
    aChildList=0xa1b4584) at nsTextControlFrame.cpp:3280
#12 0x0114d721 in nsCSSFrameConstructor::ConstructHTMLFrame (this=0xa1a8940,
aState=@0xbfe130c4, 
    aContent=0xa1ef878, aParentFrame=0xa1e8380, aTag=0x8bf0778, aNameSpaceID=0,
aStyleContext=0xa1b41a4, 
    aFrameItems=@0xbfe12458, aHasPseudoParent=0) at nsCSSFrameConstructor.cpp:5708
Comment 5 Martin Stransky 2008-04-24 08:54:44 EDT
Can yoy please check the upcoming Fedora 9? There's a Firefox 3 there with many
bugfixes. 

If it still crashes, can yoy please provide more info about the crash? Seems to
be somewhere in nsSubstringTuple::WriteTo (wrong params?) so can you please
provide info about local variables, pointers and so on?

Comment 6 Matěj Cepl 2008-06-12 09:41:11 EDT
Reporter, could you please reply to the previous question? If you won't reply in
one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.
Comment 7 Peter Bieringer 2008-06-13 14:21:40 EDT
I switched Fedora 9 and Firefox 3 Beta 5 and changed also my system a little
bit. I do no longer see this crashes. Please close this bug for now.
Comment 8 Matěj Cepl 2008-06-13 17:04:48 EDT
Thanks for letting us know.

Note You need to log in before you can comment on or make changes to this bug.