Bug 445199 - firefox segfaults in plone kupu editor
firefox segfaults in plone kupu editor
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: xulrunner (Show other bugs)
rawhide
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Gecko Maintainer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-05 09:15 EDT by Harald Hoyer
Modified: 2008-05-06 13:24 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 13:24:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 432467 None None None Never

  None (edit)
Description Harald Hoyer 2008-05-05 09:15:15 EDT
more information can be provided...

$ rpm -q firefox xulrunner
firefox-3.0-0.60.beta5.fc9.x86_64
xulrunner-1.9-0.60.beta5.fc9.x86_64


Core was generated by `/usr/lib64/firefox-3.0b5/firefox'.
Program terminated with signal 11, Segmentation fault.

#4  0x000000335b3e68f0 in nsVoidArray::EnumerateForwards (this=<value optimized
out>, aFunc=<value optimized out>, aData=<value optimized out>) at
nsVoidArray.cpp:678
678	      running = (*aFunc)(mImpl->mArray[index], aData);
(gdb) list
673	
674	  if (mImpl)
675	  {
676	    while (running && (++index < mImpl->mCount))
677	    {
678	      running = (*aFunc)(mImpl->mArray[index], aData);
679	    }
680	  }
681	  return running;
682	}
#3  0x000000335b3e3e80 in ReleaseObjects (aElement=<value optimized out>) at
nsCOMArray.cpp:151
151	    NS_IF_RELEASE(element);
Current language:  auto; currently c++
(gdb) list
146	// useful for destructors
147	PRBool
148	ReleaseObjects(void* aElement, void*)
149	{
150	    nsISupports* element = static_cast<nsISupports*>(aElement);
151	    NS_IF_RELEASE(element);
152	    return PR_TRUE;
153	}
154	
155	void
(gdb) down
#2  <signal handler called>
Current language:  auto; currently c
(gdb) list
156	nsCOMArray_base::Clear()
157	{
158	    mArray.EnumerateForwards(ReleaseObjects, nsnull);
159	    mArray.Clear();
160	}
161	
(gdb) down
#1  0x000000335ac268cd in nsProfileLock::FatalSignalHandler (signo=<value
optimized out>) at nsProfileLock.cpp:212
212	            raise(signo);
Comment 1 Martin Stransky 2008-05-05 09:26:07 EDT
Can you please attach steps how to reproduce it?
Comment 2 Harald Hoyer 2008-05-05 10:20:55 EDT
1. create a new article in plone using the internal kupu editor.
2. write some text
3. click on ["html"]
4. boom
Comment 3 Matěj Cepl 2008-05-05 16:19:36 EDT
(In reply to comment #2)
> 1. create a new article in plone using the internal kupu editor.
> 2. write some text
> 3. click on ["html"]
> 4. boom

Is there some internal (or publicly accessible external) instance of plone?
Comment 4 Harald Hoyer 2008-05-05 22:25:01 EDT
if you ping me on IRC, I can give you temporary access to my instance.
Comment 6 Martin Stransky 2008-05-06 04:11:20 EDT
Hm, the provided testcase works fine for me (no crash). I have FF3 Beta5 with
internal cairo.
Comment 7 Martin Stransky 2008-05-06 04:11:44 EDT
on x86_64.
Comment 8 Harald Hoyer 2008-05-06 04:36:40 EDT
I'll retry with no plugins, fresh user. maybe I can pin it down to s.th.
Comment 9 Harald Hoyer 2008-05-06 04:45:46 EDT
hmm, as a fresh user, no problem.

moving away .mozilla with my main user does not change anything. still segfault.
Comment 10 Martin Stransky 2008-05-06 04:47:18 EDT
Try the safe mode (firefox -safe-mode)
Comment 11 Harald Hoyer 2008-05-06 05:02:38 EDT
$ firefox -safe-mode
/usr/lib64/firefox-3.0b5/run-mozilla.sh: line 131: 27408 Segmentation fault    
 "$prog" ${1+"$@"}
Comment 12 Harald Hoyer 2008-05-06 05:27:09 EDT
#0  0x000000334ec0ebeb in raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
42				 sig);
Missing separate debuginfos, use: debuginfo-install keyutils.x86_64
(gdb) bt
#0  0x000000334ec0ebeb in raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1  0x000000335ac268cd in nsProfileLock::FatalSignalHandler (signo=<value
optimized out>) at nsProfileLock.cpp:212
#2  <signal handler called>
#3  0x00000000046644f0 in ?? ()
#4  0x000000335b386870 in nsDocAccessible::FlushPendingEvents (this=<value
optimized out>) at nsDocAccessible.cpp:1640
#5  0x000000335b418ee2 in nsTimerImpl::Fire (this=<value optimized out>) at
nsTimerImpl.cpp:400
#6  0x000000335b418f49 in nsTimerEvent::Run (this=<value optimized out>) at
nsTimerImpl.cpp:490
#7  0x000000335b416a9e in nsThread::ProcessNextEvent (this=<value optimized
out>, mayWait=<value optimized out>, result=<value optimized out>) at
nsThread.cpp:510
#8  0x000000335b3e82f6 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=<value optimized out>) at nsThreadUtils.cpp:227
#9  0x000000335b36010d in nsBaseAppShell::Run (this=<value optimized out>) at
nsBaseAppShell.cpp:170
#10 0x000000335b2235bd in nsAppStartup::Run (this=<value optimized out>) at
nsAppStartup.cpp:181
#11 0x000000335ac1f73b in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3154
#12 0x0000000000401665 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363
#13 0x000000334e01e32a in __libc_start_main (main=<value optimized out>,
argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized
out>, fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=Could not find the frame base for "__libc_start_main".
) at libc-start.c:220
#14 0x0000000000401159 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363
Comment 13 Harald Hoyer 2008-05-06 05:29:41 EDT
(gdb) up
#4  0x000000335b386870 in nsDocAccessible::FlushPendingEvents (this=<value
optimized out>) at nsDocAccessible.cpp:1640
1640	  NS_RELEASE_THIS(); // Release kung fu death grip
Current language:  auto; currently c++
(gdb) up
#5  0x000000335b418ee2 in nsTimerImpl::Fire (this=<value optimized out>) at
nsTimerImpl.cpp:400
400	      callback.c(this, mClosure);
(gdb) up
#6  0x000000335b418f49 in nsTimerEvent::Run (this=<value optimized out>) at
nsTimerImpl.cpp:490
490	  timer->Fire();
(gdb) up
#7  0x000000335b416a9e in nsThread::ProcessNextEvent (this=<value optimized
out>, mayWait=<value optimized out>, result=<value optimized out>) at
nsThread.cpp:510
510	    event->Run();
(gdb) up
#8  0x000000335b3e82f6 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=<value optimized out>) at nsThreadUtils.cpp:227
227	  return NS_SUCCEEDED(thread->ProcessNextEvent(mayWait, &val)) && val;
(gdb) up
#9  0x000000335b36010d in nsBaseAppShell::Run (this=<value optimized out>) at
nsBaseAppShell.cpp:170
170	    NS_ProcessNextEvent(thread);
(gdb) up
#10 0x000000335b2235bd in nsAppStartup::Run (this=<value optimized out>) at
nsAppStartup.cpp:181
181	    nsresult rv = mAppShell->Run();
(gdb) up
#11 0x000000335ac1f73b in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3154
3154	          rv = appStartup->Run();
(gdb) up
#12 0x0000000000401665 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363
363			      struct _Unwind_Context *context)
Comment 14 Martin Stransky 2008-05-06 05:49:52 EDT
Try to turn off gnome accesibility. Does it help?
Comment 15 Harald Hoyer 2008-05-06 06:09:37 EDT
rofl.. yes :)
Comment 16 Matěj Cepl 2008-05-06 13:24:45 EDT
We found that this bug has been already registered in the upstream database
(https://bugzilla.mozilla.org/show_bug.cgi?id=432467) and believe that it is
more appropriate to let it be resolved upstream.

Red Hat will continue to track the issue in the centralized upstream bug
tracker, and will review any bug fixes that become available for consideration
in future updates.

Thank you for the bug report.

Note You need to log in before you can comment on or make changes to this bug.