Bug 501632 - Embedded Ogg Theora crashes Firefox.
Summary: Embedded Ogg Theora crashes Firefox.
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-20 05:11 UTC by Chris Ball
Modified: 2018-04-11 08:31 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-07-01 15:44:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 496684 0 None None None Never

Description Chris Ball 2009-05-20 05:11:54 UTC 
Description of problem:

Visiting http://proyectofedora.org/mexico/2009/05/18/8-por-que-cambiara-fedora-11/ crashes Firefox ~70% of the time.  This is particularly unfortunate 'cause the videos it embeds are embedded on Planet Fedora at the moment.

Version-Release number of selected component (if applicable):

Daily rawhide.

t60p:cjb~ % rpm -q xulrunner    
xulrunner-1.9.1-0.20.beta4.fc11.i586
t60p:cjb~ % rpm -q firefox 
firefox-3.5-0.20.beta4.fc11.i586

Additional info:

Here's a gdb backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaccffb70 (LWP 3252)]
0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
warning: Source file is more recent than executable.
52	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
Current language:  auto; currently c
(gdb) bt
#0  0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
#1  0x06361162 in oggplay_callback_theora (oggz=0xae0dbc00, op=0xaccff0f0, 
    serialno=1513264028, user_data=0xadff5e10) at oggplay_callback.c:178
#2  0x06367a06 in oggz_read_sync (oggz=0xae0dbc00) at oggz_read.c:478
#3  0x06367e25 in oggz_read (oggz=0xae0dbc00, n=8192) at oggz_read.c:597
#4  0x063604c4 in oggplay_step_decoding (me=0xae65fd60) at oggplay.c:662
#5  0x063594d7 in nsOggDecodeStateMachine::DecodeFrame (
    this=<value optimized out>, this=<value optimized out>)
    at nsOggDecoder.cpp:535
#6  nsOggDecodeStateMachine::Run (this=<value optimized out>, 
    this=<value optimized out>) at nsOggDecoder.cpp:921
#7  0x0677bf58 in nsThread::ProcessNextEvent (this=0xae1caba0, mayWait=1, 
    result=0xaccff2ec) at nsThread.cpp:510
#8  0x067484c3 in NS_ProcessNextEvent_P (thread=0xadf4b028, mayWait=1)
    at nsThreadUtils.cpp:227
#9  0x0677c7b6 in nsThread::ThreadFunc (arg=0xae1caba0) at nsThread.cpp:254
#10 0x056e87e1 in ?? () from /lib/libnspr4.so
#11 0x00500935 in start_thread () from /lib/libpthread.so.0
#12 0x0043582e in clone () from /lib/libc.so.6
(gdb) f 0
#0  0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
52	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb)
Comment 1 Yanko Kaneti 2009-05-20 09:34:07 UTC 
The page seems to have moved
this is the video in question

http://proyectofedora.org/mexico/wp-content/uploads/2009/05/boot.ogg
Comment 2 Matěj Cepl 2009-05-25 23:04:43 UTC 
Thanks for the bug report.  Tried twice and no crash, so we need some additional information that will be helpful in our diagnosis of this issue.

First of all, could we get output of the command

	rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*

Please also install firefox-debuginfo (debuginfo-install is from
yum-utils package).

	debuginfo-install firefox

Then run firefox with a parameter -g. That will start firefox running inside of gdb debugger. Then use command run and do whatever you did to make firefox crash. When it happens, you should go back to the gdb and run

	(gdb) thread apply all backtrace

This produces usually many screens of the text. Copy all of them into a text editor and attach the file to the bug as an uncompressed attachment.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.
Comment 3 Matěj Cepl 2009-06-03 15:57:09 UTC 
Silly me, of course, you pasted backtrace. Passing to developers for further inspection.
Comment 4 Bug Zapper 2009-06-09 16:08:50 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Yanko Kaneti 2009-06-30 22:57:51 UTC 
Hmm, with 
xulrunner-1.9.1-2.fc12.x86_64
firefox-3.5-1.fc12.x86_64
the video no longer crashes the browser, but it also doesn't play , showing only the controls and length 0:00.
Comment 6 Matěj Cepl 2009-07-01 15:44:23 UTC 
OK, I tend to blame this example for being somehow broken. I have played many (probably too many) OGG files with Firefox these days and I have never had a one crash, and all of them played well.

Try for example
http://tinyvid.tv/show/htd35nqig0m2 (BTW, very good song)
if that works for you.

Closing as WORKSFORME and you can of course persuade me otherwise.
Comment 7 Matěj Cepl 2009-07-01 16:57:24 UTC 
After discussion with Chris Blizzard on IRC I concluded that there might be a real bug here (https://bugzilla.mozilla.org/show_bug.cgi?id=496684) so I have asked for further investigation upstream and believe that it is more appropriate to let it be resolved there.

We will continue to track the issue in the centralized upstream bug tracker, and will review any bug fixes that become available for consideration in future updates.

Thank you for the bug report.
Note You need to log in before you can comment on or make changes to this bug.