Bug 477110 - firefox crash at trying flash full screen
firefox crash at trying flash full screen
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
10
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Warren Togami
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-19 00:39 EST by cornel panceac
Modified: 2009-09-19 18:41 EDT (History)
7 users (show)

See Also:
Fixed In Version: Firefox 3.5.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-19 18:41:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gdb output (10.32 KB, text/plain)
2008-12-19 12:13 EST, cornel panceac
no flags Details
Backtrace of firefox crash, note malloc blowing up (13.84 KB, text/plain)
2009-04-12 12:48 EDT, Brian Vuyk
no flags Details

  None (edit)
Description cornel panceac 2008-12-19 00:39:36 EST
Description of problem:
while watching a video clip on youtube, when i try to see it full screen firefox crashes.


Version-Release number of selected component (if applicable):

# rpm -qa | grep xulrun 
xulrunner-1.9.0.4-1.fc10.i386

# rpm -qa | grep firefox
firefox-3.0.4-1.fc10.i386

# rpm -qa | grep mozilla
mozilla-vlc-0.9.8a-1.fc10.i386
mozilla-filesystem-1.9-2.fc10.i386

# rpm -qa | grep flash
flashrom-0-0.14.20081103svn3723.fc9.i386
libflashsupport-000-0.5.svn20070904.i386
flash-plugin-9.0.124.0-release.i386



How reproducible:


Steps to Reproduce:
1.go to youtube.com
2.open one vide clip
3.after it starts playing, make it full screen
  
Actual results:
firefox crashes

Expected results:
the clip becomes full screen


Additional info:

at running firefox from terminal i got this:

$ firefox

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

(firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadLength (poly request too large or internal Xlib length erro'.
  (Details: serial 30874 error_code 16 request_code 144 minor_code 17)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
/usr/lib/firefox-3.0.4/run-mozilla.sh: line 131:  5905 Segmentation fault      "$prog" ${1+"$@"}

then i've searched bugzilla and found this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=470780

but it was for rhel x86_64 so i decided to open another bug for f10 x86 :)

additional info requested there:

# rpm -qa | grep plugin
audacious-plugins-freeworld-wma-1.4.5-2.fc10.i386
mail-notification-evolution-plugin-5.4-4.fc10.i386
audacious-plugins-amidi-1.5.1-2.fc10.i386
plymouth-plugin-pulser-0.6.0-0.2008.11.17.3.fc10.i386
PackageKit-gstreamer-plugin-0.3.12-1.fc10.i386
gstreamer-plugins-good-0.10.11-1.fc10.i386
gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.i386
gutenprint-plugin-5.0.2-3.fc10.i386
plymouth-system-plugin-0.6.0-0.2008.11.17.3.fc10.i386
audacious-plugins-wavpack-1.5.1-2.fc10.i386
gstreamer-plugins-schroedinger-1.0.5-3.fc10.i386
plymouth-plugin-solar-0.6.0-0.2008.11.17.3.fc10.i386
PackageKit-yum-plugin-0.3.12-1.fc10.i386
gstreamer-plugins-bad-0.10.9-1.fc10.i386
purple-plugin_pack-pidgin-xmms-2.4.0-1.fc10.i386
audacious-plugins-freeworld-mp3-1.4.5-2.fc10.i386
audacious-plugins-freeworld-alac-1.4.5-2.fc10.i386
anaconda-yum-plugins-1.0-3.fc10.noarch
gstreamer-plugins-farsight-0.12.9-3.fc10.i386
gstreamer-plugins-base-0.10.21-2.fc10.i386
mythplugins-0.21-14.fc10.i386
p7zip-plugins-4.58-1.fc10.i386
gstreamer-plugins-ugly-0.10.9-2.fc10.i386
plymouth-plugin-spinfinity-0.6.0-0.2008.11.17.3.fc10.i386
setroubleshoot-plugins-2.0.12-1.fc10.noarch
audacious-plugins-1.5.1-2.fc10.i386
audacious-plugins-freeworld-mms-1.4.5-2.fc10.i386
alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.i386
audacious-plugins-vortex-1.5.1-2.fc10.i386
plymouth-plugin-fade-in-0.6.0-0.2008.11.17.3.fc10.i386
purple-plugin_pack-2.4.0-1.fc10.i386
audacious-plugins-freeworld-tta-1.4.5-2.fc10.i386
purple-plugin_pack-pidgin-2.4.0-1.fc10.i386
flash-plugin-9.0.124.0-release.i386
gstreamer-plugins-bad-extras-0.10.9-1.fc10.i386
audacious-plugins-freeworld-aac-1.4.5-2.fc10.i386
libextractor-plugins-flac-0.5.20b-2.fc10.i386
plymouth-plugin-label-0.6.0-0.2008.11.17.3.fc10.i386

i'll be back with debuginfo asap.
Comment 1 Matěj Cepl 2008-12-19 09:34:34 EST
Thanks for the bug report.  We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue.

First of all, could we get output of the command

	rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*

Please also install firefox-debuginfo (debuginfo-install is from
yum-utils package).

	debuginfo-install firefox

Then run firefox with a parameter -g. That will start firefox running inside of gdb debugger. Then use command run and do whatever you did to make firefox crash. When it happens, you should go back to the gdb and run

	(gdb) thread apply all backtrace

This produces usually many screens of the text. Copy all of them into a text editor and attach the file to the bug as an uncompressed attachment.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.
Comment 2 cornel panceac 2008-12-19 12:13:16 EST
Created attachment 327465 [details]
gdb output
Comment 3 cornel panceac 2008-12-19 12:14:44 EST
strange: the output is different as user or as root :)

$ rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*
xulrunner-1.9.0.4-1.fc10.i386
xulrunner-debuginfo-1.9.0.4-1.fc10.i386
mozilla-vlc-0.9.8a-1.fc10.i386
mozilla-filesystem-1.9-2.fc10.i386

# rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*
audacious-plugins-freeworld-wma-1.4.5-2.fc10.i386
mail-notification-evolution-plugin-5.4-4.fc10.i386
audacious-plugins-amidi-1.5.1-2.fc10.i386
xulrunner-1.9.0.4-1.fc10.i386
plymouth-plugin-pulser-0.6.0-0.2008.11.17.3.fc10.i386
PackageKit-gstreamer-plugin-0.3.12-1.fc10.i386
gstreamer-plugins-good-0.10.11-1.fc10.i386
gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.i386
gutenprint-plugin-5.0.2-3.fc10.i386
plymouth-system-plugin-0.6.0-0.2008.11.17.3.fc10.i386
xulrunner-debuginfo-1.9.0.4-1.fc10.i386
flashrom-0-0.14.20081103svn3723.fc9.i386
firefox-debuginfo-3.0.4-1.fc10.i386
audacious-plugins-wavpack-1.5.1-2.fc10.i386
gstreamer-plugins-schroedinger-1.0.5-3.fc10.i386
plymouth-plugin-solar-0.6.0-0.2008.11.17.3.fc10.i386
mozilla-vlc-0.9.8a-1.fc10.i386
PackageKit-yum-plugin-0.3.12-1.fc10.i386
gstreamer-plugins-bad-0.10.9-1.fc10.i386
purple-plugin_pack-pidgin-xmms-2.4.0-1.fc10.i386
libflashsupport-000-0.5.svn20070904.i386
audacious-plugins-freeworld-mp3-1.4.5-2.fc10.i386
audacious-plugins-freeworld-alac-1.4.5-2.fc10.i386
anaconda-yum-plugins-1.0-3.fc10.noarch
gstreamer-plugins-farsight-0.12.9-3.fc10.i386
gstreamer-plugins-base-0.10.21-2.fc10.i386
mythplugins-0.21-14.fc10.i386
p7zip-plugins-4.58-1.fc10.i386
gstreamer-plugins-ugly-0.10.9-2.fc10.i386
plymouth-plugin-spinfinity-0.6.0-0.2008.11.17.3.fc10.i386
setroubleshoot-plugins-2.0.12-1.fc10.noarch
audacious-plugins-1.5.1-2.fc10.i386
audacious-plugins-freeworld-mms-1.4.5-2.fc10.i386
alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.i386
audacious-plugins-vortex-1.5.1-2.fc10.i386
firefox-3.0.4-1.fc10.i386
plymouth-plugin-fade-in-0.6.0-0.2008.11.17.3.fc10.i386
purple-plugin_pack-2.4.0-1.fc10.i386
audacious-plugins-freeworld-tta-1.4.5-2.fc10.i386
mozilla-filesystem-1.9-2.fc10.i386
purple-plugin_pack-pidgin-2.4.0-1.fc10.i386
flash-plugin-9.0.124.0-release.i386
gstreamer-plugins-bad-extras-0.10.9-1.fc10.i386
audacious-plugins-freeworld-aac-1.4.5-2.fc10.i386
libextractor-plugins-flac-0.5.20b-2.fc10.i386
plymouth-plugin-label-0.6.0-0.2008.11.17.3.fc10.i386
Comment 4 Matěj Cepl 2008-12-20 16:46:48 EST
Warren, any thoughts? The backtrace confuses me completely.
Comment 5 Brian Vuyk 2009-04-12 12:47:40 EDT
Since this crash is very repeatable for me, I am adding some info.

I am including my gdb backtrace. Looks like the experimental malloc code in the newer glibc is crashing out here.

$ rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*
gstreamer-plugins-ugly-0.10.11-1.fc11.i586
konq-plugins-4.2.2-1.fc11.i586
PackageKit-yum-plugin-0.4.6-2.fc11.i586
xulrunner-debuginfo-1.9.1-0.11.beta3.fc11.i586
alsa-plugins-pulseaudio-1.0.18-3.fc11.i586
xulrunner-1.9.1-0.11.beta3.fc11.i586
plymouth-plugin-label-0.7.0-0.2009.03.10.3.fc11.i586
gstreamer-plugins-base-0.10.22-2.fc11.i586
anaconda-yum-plugins-1.0-4.fc11.noarch
firefox-debuginfo-3.1-0.11.beta3.fc11.i586
firefox-3.1-0.11.beta3.fc11.i586
flash-plugin-10.0.22.87-release.i386
setroubleshoot-plugins-2.0.15-1.fc11.noarch
mozilla-filesystem-1.9-4.fc11.i586
plymouth-plugin-spinfinity-0.7.0-0.2009.03.10.3.fc11.i586
$
Comment 6 Brian Vuyk 2009-04-12 12:48:25 EDT
Created attachment 339247 [details]
Backtrace of firefox crash, note malloc blowing up
Comment 7 Brian Vuyk 2009-04-12 12:50:06 EDT
additionally, this has been repeated by several others in #fedora-qa
Comment 8 Brian Vuyk 2009-04-12 12:53:19 EDT
I also would like to suggest increasing the priority of this bug, as many, many users use flash.
Comment 9 Riku Seppala 2009-07-24 08:31:47 EDT
Yes firefox 3.5.1 still crashes.
Program received signal SIGSEGV, Segmentation fault.
_int_free (av=<value optimized out>, p=0xa95f2b38, have_lock=0) at malloc.c:4854
4854                              >= ((char *) av->top + chunksize(av->top)), 0))


https://bugzilla.mozilla.org/show_bug.cgi?id=493541
Comment 10 Jacob 2009-08-25 12:53:25 EDT
FYI - looks like there is an mozilla fix in the pipeline: https://bugzilla.mozilla.org/show_bug.cgi?id=493541 

Until then, their is a workaround: http://webupd8.blogspot.com/2009/07/how-to-fix-full-screen-flash-videos-in.html
Comment 11 Riku Seppala 2009-09-12 07:06:32 EDT
Firefox 3.5.3 works for me!
Comment 12 Matěj Cepl 2009-09-19 18:41:35 EDT
Glad to hear it! Thanks for letting us know.

Note You need to log in before you can comment on or make changes to this bug.