Bug 501632 - Embedded Ogg Theora crashes Firefox.
Embedded Ogg Theora crashes Firefox.
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Gecko Maintainer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-20 01:11 EDT by Chris Ball
Modified: 2018-04-11 04:31 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-01 11:44:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 496684 None None None Never

  None (edit)
Description Chris Ball 2009-05-20 01:11:54 EDT
Description of problem:

Visiting http://proyectofedora.org/mexico/2009/05/18/8-por-que-cambiara-fedora-11/ crashes Firefox ~70% of the time.  This is particularly unfortunate 'cause the videos it embeds are embedded on Planet Fedora at the moment.

Version-Release number of selected component (if applicable):

Daily rawhide.

t60p:cjb~ % rpm -q xulrunner    
xulrunner-1.9.1-0.20.beta4.fc11.i586
t60p:cjb~ % rpm -q firefox 
firefox-3.5-0.20.beta4.fc11.i586

Additional info:

Here's a gdb backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaccffb70 (LWP 3252)]
0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
warning: Source file is more recent than executable.
52	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
Current language:  auto; currently c
(gdb) bt
#0  0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
#1  0x06361162 in oggplay_callback_theora (oggz=0xae0dbc00, op=0xaccff0f0, 
    serialno=1513264028, user_data=0xadff5e10) at oggplay_callback.c:178
#2  0x06367a06 in oggz_read_sync (oggz=0xae0dbc00) at oggz_read.c:478
#3  0x06367e25 in oggz_read (oggz=0xae0dbc00, n=8192) at oggz_read.c:597
#4  0x063604c4 in oggplay_step_decoding (me=0xae65fd60) at oggplay.c:662
#5  0x063594d7 in nsOggDecodeStateMachine::DecodeFrame (
    this=<value optimized out>, this=<value optimized out>)
    at nsOggDecoder.cpp:535
#6  nsOggDecodeStateMachine::Run (this=<value optimized out>, 
    this=<value optimized out>) at nsOggDecoder.cpp:921
#7  0x0677bf58 in nsThread::ProcessNextEvent (this=0xae1caba0, mayWait=1, 
    result=0xaccff2ec) at nsThread.cpp:510
#8  0x067484c3 in NS_ProcessNextEvent_P (thread=0xadf4b028, mayWait=1)
    at nsThreadUtils.cpp:227
#9  0x0677c7b6 in nsThread::ThreadFunc (arg=0xae1caba0) at nsThread.cpp:254
#10 0x056e87e1 in ?? () from /lib/libnspr4.so
#11 0x00500935 in start_thread () from /lib/libpthread.so.0
#12 0x0043582e in clone () from /lib/libc.so.6
(gdb) f 0
#0  0x063617b2 in oggplay_data_handle_theora_frame (decode=0xadff5e10, 
    buffer=0xaccff07c) at /usr/include/bits/string3.h:52
52	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb)
Comment 1 Yanko Kaneti 2009-05-20 05:34:07 EDT
The page seems to have moved
this is the video in question

http://proyectofedora.org/mexico/wp-content/uploads/2009/05/boot.ogg
Comment 2 Matěj Cepl 2009-05-25 19:04:43 EDT
Thanks for the bug report.  Tried twice and no crash, so we need some additional information that will be helpful in our diagnosis of this issue.

First of all, could we get output of the command

	rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*

Please also install firefox-debuginfo (debuginfo-install is from
yum-utils package).

	debuginfo-install firefox

Then run firefox with a parameter -g. That will start firefox running inside of gdb debugger. Then use command run and do whatever you did to make firefox crash. When it happens, you should go back to the gdb and run

	(gdb) thread apply all backtrace

This produces usually many screens of the text. Copy all of them into a text editor and attach the file to the bug as an uncompressed attachment.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.
Comment 3 Matěj Cepl 2009-06-03 11:57:09 EDT
Silly me, of course, you pasted backtrace. Passing to developers for further inspection.
Comment 4 Bug Zapper 2009-06-09 12:08:50 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Yanko Kaneti 2009-06-30 18:57:51 EDT
Hmm, with 
xulrunner-1.9.1-2.fc12.x86_64
firefox-3.5-1.fc12.x86_64
the video no longer crashes the browser, but it also doesn't play , showing only the controls and length 0:00.
Comment 6 Matěj Cepl 2009-07-01 11:44:23 EDT
OK, I tend to blame this example for being somehow broken. I have played many (probably too many) OGG files with Firefox these days and I have never had a one crash, and all of them played well.

Try for example
http://tinyvid.tv/show/htd35nqig0m2 (BTW, very good song)
if that works for you.

Closing as WORKSFORME and you can of course persuade me otherwise.
Comment 7 Matěj Cepl 2009-07-01 12:57:24 EDT
After discussion with Chris Blizzard on IRC I concluded that there might be a real bug here (https://bugzilla.mozilla.org/show_bug.cgi?id=496684) so I have asked for further investigation upstream and believe that it is more appropriate to let it be resolved there.

We will continue to track the issue in the centralized upstream bug tracker, and will review any bug fixes that become available for consideration in future updates.

Thank you for the bug report.

Note You need to log in before you can comment on or make changes to this bug.