Description of problem: while watching a video clip on youtube, when i try to see it full screen firefox crashes. Version-Release number of selected component (if applicable): # rpm -qa | grep xulrun xulrunner-1.9.0.4-1.fc10.i386 # rpm -qa | grep firefox firefox-3.0.4-1.fc10.i386 # rpm -qa | grep mozilla mozilla-vlc-0.9.8a-1.fc10.i386 mozilla-filesystem-1.9-2.fc10.i386 # rpm -qa | grep flash flashrom-0-0.14.20081103svn3723.fc9.i386 libflashsupport-000-0.5.svn20070904.i386 flash-plugin-9.0.124.0-release.i386 How reproducible: Steps to Reproduce: 1.go to youtube.com 2.open one vide clip 3.after it starts playing, make it full screen Actual results: firefox crashes Expected results: the clip becomes full screen Additional info: at running firefox from terminal i got this: $ firefox (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed (firefox:5905): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed The program 'firefox' received an X Window System error. This probably reflects a bug in the program. The error was 'BadLength (poly request too large or internal Xlib length erro'. (Details: serial 30874 error_code 16 request_code 144 minor_code 17) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) /usr/lib/firefox-3.0.4/run-mozilla.sh: line 131: 5905 Segmentation fault "$prog" ${1+"$@"} then i've searched bugzilla and found this bug: https://bugzilla.redhat.com/show_bug.cgi?id=470780 but it was for rhel x86_64 so i decided to open another bug for f10 x86 :) additional info requested there: # rpm -qa | grep plugin audacious-plugins-freeworld-wma-1.4.5-2.fc10.i386 mail-notification-evolution-plugin-5.4-4.fc10.i386 audacious-plugins-amidi-1.5.1-2.fc10.i386 plymouth-plugin-pulser-0.6.0-0.2008.11.17.3.fc10.i386 PackageKit-gstreamer-plugin-0.3.12-1.fc10.i386 gstreamer-plugins-good-0.10.11-1.fc10.i386 gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.i386 gutenprint-plugin-5.0.2-3.fc10.i386 plymouth-system-plugin-0.6.0-0.2008.11.17.3.fc10.i386 audacious-plugins-wavpack-1.5.1-2.fc10.i386 gstreamer-plugins-schroedinger-1.0.5-3.fc10.i386 plymouth-plugin-solar-0.6.0-0.2008.11.17.3.fc10.i386 PackageKit-yum-plugin-0.3.12-1.fc10.i386 gstreamer-plugins-bad-0.10.9-1.fc10.i386 purple-plugin_pack-pidgin-xmms-2.4.0-1.fc10.i386 audacious-plugins-freeworld-mp3-1.4.5-2.fc10.i386 audacious-plugins-freeworld-alac-1.4.5-2.fc10.i386 anaconda-yum-plugins-1.0-3.fc10.noarch gstreamer-plugins-farsight-0.12.9-3.fc10.i386 gstreamer-plugins-base-0.10.21-2.fc10.i386 mythplugins-0.21-14.fc10.i386 p7zip-plugins-4.58-1.fc10.i386 gstreamer-plugins-ugly-0.10.9-2.fc10.i386 plymouth-plugin-spinfinity-0.6.0-0.2008.11.17.3.fc10.i386 setroubleshoot-plugins-2.0.12-1.fc10.noarch audacious-plugins-1.5.1-2.fc10.i386 audacious-plugins-freeworld-mms-1.4.5-2.fc10.i386 alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.i386 audacious-plugins-vortex-1.5.1-2.fc10.i386 plymouth-plugin-fade-in-0.6.0-0.2008.11.17.3.fc10.i386 purple-plugin_pack-2.4.0-1.fc10.i386 audacious-plugins-freeworld-tta-1.4.5-2.fc10.i386 purple-plugin_pack-pidgin-2.4.0-1.fc10.i386 flash-plugin-9.0.124.0-release.i386 gstreamer-plugins-bad-extras-0.10.9-1.fc10.i386 audacious-plugins-freeworld-aac-1.4.5-2.fc10.i386 libextractor-plugins-flac-0.5.20b-2.fc10.i386 plymouth-plugin-label-0.6.0-0.2008.11.17.3.fc10.i386 i'll be back with debuginfo asap.
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. First of all, could we get output of the command rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* Please also install firefox-debuginfo (debuginfo-install is from yum-utils package). debuginfo-install firefox Then run firefox with a parameter -g. That will start firefox running inside of gdb debugger. Then use command run and do whatever you did to make firefox crash. When it happens, you should go back to the gdb and run (gdb) thread apply all backtrace This produces usually many screens of the text. Copy all of them into a text editor and attach the file to the bug as an uncompressed attachment. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
Created attachment 327465 [details] gdb output
strange: the output is different as user or as root :) $ rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* xulrunner-1.9.0.4-1.fc10.i386 xulrunner-debuginfo-1.9.0.4-1.fc10.i386 mozilla-vlc-0.9.8a-1.fc10.i386 mozilla-filesystem-1.9-2.fc10.i386 # rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* audacious-plugins-freeworld-wma-1.4.5-2.fc10.i386 mail-notification-evolution-plugin-5.4-4.fc10.i386 audacious-plugins-amidi-1.5.1-2.fc10.i386 xulrunner-1.9.0.4-1.fc10.i386 plymouth-plugin-pulser-0.6.0-0.2008.11.17.3.fc10.i386 PackageKit-gstreamer-plugin-0.3.12-1.fc10.i386 gstreamer-plugins-good-0.10.11-1.fc10.i386 gstreamer-plugins-flumpegdemux-0.10.15-4.fc10.i386 gutenprint-plugin-5.0.2-3.fc10.i386 plymouth-system-plugin-0.6.0-0.2008.11.17.3.fc10.i386 xulrunner-debuginfo-1.9.0.4-1.fc10.i386 flashrom-0-0.14.20081103svn3723.fc9.i386 firefox-debuginfo-3.0.4-1.fc10.i386 audacious-plugins-wavpack-1.5.1-2.fc10.i386 gstreamer-plugins-schroedinger-1.0.5-3.fc10.i386 plymouth-plugin-solar-0.6.0-0.2008.11.17.3.fc10.i386 mozilla-vlc-0.9.8a-1.fc10.i386 PackageKit-yum-plugin-0.3.12-1.fc10.i386 gstreamer-plugins-bad-0.10.9-1.fc10.i386 purple-plugin_pack-pidgin-xmms-2.4.0-1.fc10.i386 libflashsupport-000-0.5.svn20070904.i386 audacious-plugins-freeworld-mp3-1.4.5-2.fc10.i386 audacious-plugins-freeworld-alac-1.4.5-2.fc10.i386 anaconda-yum-plugins-1.0-3.fc10.noarch gstreamer-plugins-farsight-0.12.9-3.fc10.i386 gstreamer-plugins-base-0.10.21-2.fc10.i386 mythplugins-0.21-14.fc10.i386 p7zip-plugins-4.58-1.fc10.i386 gstreamer-plugins-ugly-0.10.9-2.fc10.i386 plymouth-plugin-spinfinity-0.6.0-0.2008.11.17.3.fc10.i386 setroubleshoot-plugins-2.0.12-1.fc10.noarch audacious-plugins-1.5.1-2.fc10.i386 audacious-plugins-freeworld-mms-1.4.5-2.fc10.i386 alsa-plugins-pulseaudio-1.0.18-1.rc3.fc10.i386 audacious-plugins-vortex-1.5.1-2.fc10.i386 firefox-3.0.4-1.fc10.i386 plymouth-plugin-fade-in-0.6.0-0.2008.11.17.3.fc10.i386 purple-plugin_pack-2.4.0-1.fc10.i386 audacious-plugins-freeworld-tta-1.4.5-2.fc10.i386 mozilla-filesystem-1.9-2.fc10.i386 purple-plugin_pack-pidgin-2.4.0-1.fc10.i386 flash-plugin-9.0.124.0-release.i386 gstreamer-plugins-bad-extras-0.10.9-1.fc10.i386 audacious-plugins-freeworld-aac-1.4.5-2.fc10.i386 libextractor-plugins-flac-0.5.20b-2.fc10.i386 plymouth-plugin-label-0.6.0-0.2008.11.17.3.fc10.i386
Warren, any thoughts? The backtrace confuses me completely.
Since this crash is very repeatable for me, I am adding some info. I am including my gdb backtrace. Looks like the experimental malloc code in the newer glibc is crashing out here. $ rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* gstreamer-plugins-ugly-0.10.11-1.fc11.i586 konq-plugins-4.2.2-1.fc11.i586 PackageKit-yum-plugin-0.4.6-2.fc11.i586 xulrunner-debuginfo-1.9.1-0.11.beta3.fc11.i586 alsa-plugins-pulseaudio-1.0.18-3.fc11.i586 xulrunner-1.9.1-0.11.beta3.fc11.i586 plymouth-plugin-label-0.7.0-0.2009.03.10.3.fc11.i586 gstreamer-plugins-base-0.10.22-2.fc11.i586 anaconda-yum-plugins-1.0-4.fc11.noarch firefox-debuginfo-3.1-0.11.beta3.fc11.i586 firefox-3.1-0.11.beta3.fc11.i586 flash-plugin-10.0.22.87-release.i386 setroubleshoot-plugins-2.0.15-1.fc11.noarch mozilla-filesystem-1.9-4.fc11.i586 plymouth-plugin-spinfinity-0.7.0-0.2009.03.10.3.fc11.i586 $
Created attachment 339247 [details] Backtrace of firefox crash, note malloc blowing up
additionally, this has been repeated by several others in #fedora-qa
I also would like to suggest increasing the priority of this bug, as many, many users use flash.
Yes firefox 3.5.1 still crashes. Program received signal SIGSEGV, Segmentation fault. _int_free (av=<value optimized out>, p=0xa95f2b38, have_lock=0) at malloc.c:4854 4854 >= ((char *) av->top + chunksize(av->top)), 0)) https://bugzilla.mozilla.org/show_bug.cgi?id=493541
FYI - looks like there is an mozilla fix in the pipeline: https://bugzilla.mozilla.org/show_bug.cgi?id=493541 Until then, their is a workaround: http://webupd8.blogspot.com/2009/07/how-to-fix-full-screen-flash-videos-in.html
Firefox 3.5.3 works for me!
Glad to hear it! Thanks for letting us know.