Red Hat Bugzilla – Bug 501632
Embedded Ogg Theora crashes Firefox.
Last modified: 2018-04-11 04:31:25 EDT
Description of problem: Visiting http://proyectofedora.org/mexico/2009/05/18/8-por-que-cambiara-fedora-11/ crashes Firefox ~70% of the time. This is particularly unfortunate 'cause the videos it embeds are embedded on Planet Fedora at the moment. Version-Release number of selected component (if applicable): Daily rawhide. t60p:cjb~ % rpm -q xulrunner xulrunner-1.9.1-0.20.beta4.fc11.i586 t60p:cjb~ % rpm -q firefox firefox-3.5-0.20.beta4.fc11.i586 Additional info: Here's a gdb backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xaccffb70 (LWP 3252)] 0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, buffer=0xaccff07c) at /usr/include/bits/string3.h:52 warning: Source file is more recent than executable. 52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); Current language: auto; currently c (gdb) bt #0 0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, buffer=0xaccff07c) at /usr/include/bits/string3.h:52 #1 0x06361162 in oggplay_callback_theora (oggz=0xae0dbc00, op=0xaccff0f0, serialno=1513264028, user_data=0xadff5e10) at oggplay_callback.c:178 #2 0x06367a06 in oggz_read_sync (oggz=0xae0dbc00) at oggz_read.c:478 #3 0x06367e25 in oggz_read (oggz=0xae0dbc00, n=8192) at oggz_read.c:597 #4 0x063604c4 in oggplay_step_decoding (me=0xae65fd60) at oggplay.c:662 #5 0x063594d7 in nsOggDecodeStateMachine::DecodeFrame ( this=<value optimized out>, this=<value optimized out>) at nsOggDecoder.cpp:535 #6 nsOggDecodeStateMachine::Run (this=<value optimized out>, this=<value optimized out>) at nsOggDecoder.cpp:921 #7 0x0677bf58 in nsThread::ProcessNextEvent (this=0xae1caba0, mayWait=1, result=0xaccff2ec) at nsThread.cpp:510 #8 0x067484c3 in NS_ProcessNextEvent_P (thread=0xadf4b028, mayWait=1) at nsThreadUtils.cpp:227 #9 0x0677c7b6 in nsThread::ThreadFunc (arg=0xae1caba0) at nsThread.cpp:254 #10 0x056e87e1 in ?? () from /lib/libnspr4.so #11 0x00500935 in start_thread () from /lib/libpthread.so.0 #12 0x0043582e in clone () from /lib/libc.so.6 (gdb) f 0 #0 0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, buffer=0xaccff07c) at /usr/include/bits/string3.h:52 52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); (gdb)
The page seems to have moved this is the video in question http://proyectofedora.org/mexico/wp-content/uploads/2009/05/boot.ogg
Thanks for the bug report. Tried twice and no crash, so we need some additional information that will be helpful in our diagnosis of this issue. First of all, could we get output of the command rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin* Please also install firefox-debuginfo (debuginfo-install is from yum-utils package). debuginfo-install firefox Then run firefox with a parameter -g. That will start firefox running inside of gdb debugger. Then use command run and do whatever you did to make firefox crash. When it happens, you should go back to the gdb and run (gdb) thread apply all backtrace This produces usually many screens of the text. Copy all of them into a text editor and attach the file to the bug as an uncompressed attachment. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
Silly me, of course, you pasted backtrace. Passing to developers for further inspection.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Hmm, with xulrunner-1.9.1-2.fc12.x86_64 firefox-3.5-1.fc12.x86_64 the video no longer crashes the browser, but it also doesn't play , showing only the controls and length 0:00.
OK, I tend to blame this example for being somehow broken. I have played many (probably too many) OGG files with Firefox these days and I have never had a one crash, and all of them played well. Try for example http://tinyvid.tv/show/htd35nqig0m2 (BTW, very good song) if that works for you. Closing as WORKSFORME and you can of course persuade me otherwise.
After discussion with Chris Blizzard on IRC I concluded that there might be a real bug here (https://bugzilla.mozilla.org/show_bug.cgi?id=496684) so I have asked for further investigation upstream and believe that it is more appropriate to let it be resolved there. We will continue to track the issue in the centralized upstream bug tracker, and will review any bug fixes that become available for consideration in future updates. Thank you for the bug report.