Bug 511156 - Firefox segfault in nsEventTargetChainItem::HandleEvent
Summary: Firefox segfault in nsEventTargetChainItem::HandleEvent
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 12
Hardware: x86_64
OS: Linux
low
high
Target Milestone: ---
Assignee: Martin Stransky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 565315 565643 569070 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-13 22:49 UTC by Jerry James
Modified: 2010-12-05 06:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-05 06:43:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Script of a firefox debug session (134.87 KB, text/plain)
2009-07-13 22:49 UTC, Jerry James 		no flags Details
Script from a session in safe mode (21.90 KB, text/plain)
2009-09-25 03:34 UTC, Jerry James 		no flags Details
Crash in safe mode (92.28 KB, text/plain)
2009-09-29 03:02 UTC, Jerry James 		no flags Details
View All

Description Jerry James 2009-07-13 22:49:09 UTC 
Created attachment 351533 [details]
Script of a firefox debug session

Description of problem:
I was trying to catch a NullPointerException in Java that sometimes occurs while visiting http://www.runescape.com/, and caught a segfault instead.  I will attach a copy of the session captured with /usr/bin/script.  Here is the output of rpm -qa *xulrun* *firefox* *mozilla* *flash* *plugin*:

alsa-plugins-pulseaudio-1.0.20-2.fc11.x86_64
anaconda-yum-plugins-1.0-4.fc11.noarch
audacious-plugin-fc-0.3-2.x86_64
audacious-plugins-1.5.1-6.fc11.x86_64
audacious-plugins-amidi-1.5.1-6.fc11.x86_64
audacious-plugins-metronome-1.5.1-6.fc11.x86_64
audacious-plugins-vortex-1.5.1-6.fc11.x86_64
audacious-plugins-wavpack-1.5.1-6.fc11.x86_64
audacious-plugin-xmp-2.5.1-4.fc11.x86_64
firefox-3.5-1.fc11.x86_64
firefox-debuginfo-3.5-1.fc11.x86_64
flashrom-0.9.0-1.fc11.x86_64
gdm-plugin-fingerprint-2.26.1-10.fc11.x86_64
gstreamer-plugins-bad-0.10.13-3.fc11.x86_64
gstreamer-plugins-bad-extras-0.10.13-3.fc11.x86_64
gstreamer-plugins-base-0.10.23-3.fc11.x86_64
gstreamer-plugins-flumpegdemux-0.10.15-6.fc11.x86_64
gstreamer-plugins-good-0.10.15-3.fc11.x86_64
gstreamer-plugins-ugly-0.10.12-1.fc11.x86_64
gutenprint-plugin-5.2.3-5.fc11.x86_64
java-1.6.0-openjdk-plugin-1.6.0.0-22.b16.fc11.x86_64
maven2-plugin-ant-2.0.4-11.19.fc11.x86_64
maven2-plugin-antlr-2.0.4-11.19.fc11.x86_64
maven2-plugin-antrun-2.0.4-11.19.fc11.x86_64
maven2-plugin-assembly-2.0.4-11.19.fc11.x86_64
maven2-plugin-checkstyle-2.0.4-11.19.fc11.x86_64
maven2-plugin-clean-2.0.4-11.19.fc11.x86_64
maven2-plugin-compiler-2.0.4-11.19.fc11.x86_64
maven2-plugin-dependency-2.0.4-11.19.fc11.x86_64
maven2-plugin-deploy-2.0.4-11.19.fc11.x86_64
maven2-plugin-ear-2.0.4-11.19.fc11.x86_64
maven2-plugin-eclipse-2.0.4-11.19.fc11.x86_64
maven2-plugin-ejb-2.0.4-11.19.fc11.x86_64
maven2-plugin-help-2.0.4-11.19.fc11.x86_64
maven2-plugin-idea-2.0.4-11.19.fc11.x86_64
maven2-plugin-install-2.0.4-11.19.fc11.x86_64
maven2-plugin-jar-2.0.4-11.19.fc11.x86_64
maven2-plugin-javadoc-2.0.4-11.19.fc11.x86_64
maven2-plugin-jxr-2.0.4-11.19.fc11.x86_64
maven2-plugin-one-2.0.4-11.19.fc11.x86_64
maven2-plugin-plugin-2.0.4-11.19.fc11.x86_64
maven2-plugin-pmd-2.0.4-11.19.fc11.x86_64
maven2-plugin-project-info-reports-2.0.4-11.19.fc11.x86_64
maven2-plugin-rar-2.0.4-11.19.fc11.x86_64
maven2-plugin-release-2.0.4-11.19.fc11.x86_64
maven2-plugin-repository-2.0.4-11.19.fc11.x86_64
maven2-plugin-resources-2.0.4-11.19.fc11.x86_64
maven2-plugin-site-2.0.4-11.19.fc11.x86_64
maven2-plugin-source-2.0.4-11.19.fc11.x86_64
maven2-plugin-surefire-2.0.4-11.19.fc11.x86_64
maven2-plugin-surefire-report-2.0.4-11.19.fc11.x86_64
maven2-plugin-verifier-2.0.4-11.19.fc11.x86_64
maven2-plugin-war-2.0.4-11.19.fc11.x86_64
maven-shared-plugin-testing-harness-1.0-5.7.fc11.x86_64
mozilla-filesystem-1.9-4.fc11.x86_64
nspluginwrapper-1.3.0-5.fc11.x86_64
nspluginwrapper-debuginfo-1.3.0-5.fc11.x86_64
PackageKit-gstreamer-plugin-0.4.8-1.fc11.x86_64
PackageKit-yum-plugin-0.4.8-1.fc11.x86_64
plexus-maven-plugin-1.2-3.7.fc11.x86_64
plymouth-plugin-label-0.7.0-0.2009.05.15.1.fc11.x86_64
plymouth-plugin-two-step-0.7.0-0.2009.05.15.1.fc11.x86_64
setroubleshoot-plugins-2.0.18-1.fc11.noarch
swfdec-mozilla-0.9.2-2.fc11.x86_64
totem-mozplugin-2.26.2-1.fc11.x86_64
xulrunner-1.9.1-1.fc11.x86_64
xulrunner-debuginfo-1.9.1-1.fc11.x86_64
xulrunner-devel-1.9.1-1.fc11.x86_64

Version-Release number of selected component (if applicable):
firefox-3.5-1.fc11.x86_64

How reproducible:
I have gotten a segfault when vising that web site before, but never under debugger control.  It seems to happen once every 2-3 days.  Of course, I can't be sure it is the same segfault that I just caught.

Steps to Reproduce:
1. Visit http://www.runescape.com/
2. Choose a world to play on.
3. If it doesn't segfault by the time a world is selected, kill the browser and start over.
  
Actual results:
The segfault in the attachment.

Expected results:
No segfault.

Additional info:
Comment 1 Martin Stransky 2009-09-23 13:56:23 UTC 
Can you please try to reproduce it in safe mode? (i.e. without all plugins/addons).
Comment 2 Martin Stransky 2009-09-23 14:02:13 UTC 
nsresult
nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor& aVisitor,
                                    PRUint32 aFlags,
                                    PRBool aMayHaveNewListenerManagers)
{
  [...]

  if (mManager) {
>>   nsPIDOMEventTarget* currentTarget = CurrentTarget()->GetTargetForDOMEvent();

  [...]
}

looks like CurrentTarget() gives us 0x0000000000000001.
Comment 3 Jerry James 2009-09-25 03:34:46 UTC 
Created attachment 362607 [details]
Script from a session in safe mode

Here is my first attempt at running in safe mode.  The applet started up and drew the initial screen, and then firefox abruptly exited (but did not crash).
Comment 4 Martin Stransky 2009-09-25 05:35:58 UTC 
safe mode should disable all plug-ins/addons...
Comment 5 Jerry James 2009-09-25 14:18:59 UTC 
Including the Java plugin, presumably?  Apparently it didn't disable that one.

I haven't been able to trigger the crash in safe mode yet.  I'll keep trying.
Comment 6 Martin Stransky 2009-09-25 14:33:38 UTC 
If the firefox works fine inside safe-mode the crash is caused by some plugin/addon. I assume to activate plug-ins one by one and check if the crash appears again...
Comment 7 Jerry James 2009-09-29 03:02:36 UTC 
Created attachment 362957 [details]
Crash in safe mode

I did get a segfault in safe mode.  But to my untrained eye, this looks like a different crash.  I'll let the experts figure that out, though.
Comment 8 Martin Stransky 2009-09-29 06:49:20 UTC 
I see the icetea plugin is still active. Can you try to remove it for the tests?
Comment 9 Jerry James 2009-10-26 15:37:20 UTC 
Sorry for the slow response.  I don't know what to do here.  Without the icedtea plugin, the only web site I know of that triggers the crash doesn't do anything at all.  How can I tell whether the plugin is responsible for the crash or not?
Comment 10 Chris Campbell 2010-02-15 20:07:55 UTC 
*** Bug 565643 has been marked as a duplicate of this bug. ***
Comment 11 Chris Campbell 2010-02-15 20:11:59 UTC 
*** Bug 565315 has been marked as a duplicate of this bug. ***
Comment 12 nakieb 2010-02-15 22:21:24 UTC 
Can you please add to platform fedora 12 , as it is also affected ?BuG 565643 (Duplicate) platform is Fedora 12 .
Comment 13 nakieb 2010-02-18 11:30:29 UTC 
Thanks
Comment 14 Chris Campbell 2010-02-28 14:24:16 UTC 
*** Bug 569070 has been marked as a duplicate of this bug. ***
Comment 15 Bug Zapper 2010-11-04 10:48:08 UTC 
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 16 Bug Zapper 2010-12-05 06:43:26 UTC 
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.