541768 – Firefox crash

Bug 541768 - Firefox crash

Summary: Firefox crash

Keywords:
Status:	CLOSED DUPLICATE of bug 538207
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Gecko Maintainer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-11-27 01:42 UTC by James Livingston
Modified:	2018-04-11 07:38 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-11-27 23:38:35 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description James Livingston 2009-11-27 01:42:22 UTC

Description of problem:
Firefox crashes when trying to display certain images from Fisheye instances. One example is the image on http://fisheye.jboss.org/browse/JBossAS/trunk/connector/src/main/org/jboss/resource/adapter/jdbc/BaseWrapperManagedConnectionFactory.java

Version-Release number of selected component (if applicable):
firefox-3.5.5-1.fc11.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Load the URL in Firefox.
2. Firefox crashes.

Additional Information:
* X driver is xorg-x11-drv-nouveau-0.0.12-40.20090528git0c17b87.fc11.x86_64



Gdk-ERROR **: The program 'firefox' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 422851 error_code 11 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
aborting...

Program received signal SIGABRT, Aborted.
#0  0x00000037c2a332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000037c2a34b20 in *__GI_abort () at abort.c:88
#2  0x0000003217641b27 in IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fff2aa361d0) at gmessages.c:506
#3  0x0000003217641bb3 in IA__g_log (log_domain=0x28b4 <Address 0x28b4 out of bounds>, log_level=10420, format=0x6 <Address 0x6 out of bounds>) at gmessages.c:526
#4  0x0000003ceba5c456 in gdk_x_error (display=<value optimized out>, error=<value optimized out>) at gdkmain-x11.c:641
#5  0x00000037c52460b4 in _XError (dpy=0x7fe51a08c000, rep=0x7fe4fce5d070) at XlibInt.c:2924
#6  0x00000037c524c3fc in process_responses (dpy=0x7fe51a08c000, wait_for_first_event=<value optimized out>, current_error=<value optimized out>, current_request=422854) at xcb_io.c:207
#7  0x00000037c524caa0 in _XReply (dpy=0x7fe51a08c000, rep=0x7fff2aa36510, extra=0, discard=1) at xcb_io.c:457
#8  0x00000037c5240963 in XSync (dpy=0x7fe51a08c000, discard=0) at Sync.c:48
#9  0x00000037c5240b1b in _XSyncFunction (dpy=0x28b4) at Synchro.c:37
#10 0x0000003ceaa42578 in _cairo_xlib_surface_set_picture_clip_rects (surface=0x7fe4fc232b40) at cairo-xlib-surface.c:862
#11 0x0000003ceaa4494b in _cairo_xlib_surface_fill_rectangles (abstract_surface=0x7fe4fc232b40, op=CAIRO_OPERATOR_CLEAR, color=<value optimized out>, rects=0x7fff2aa36f70, num_rects=1)
    at cairo-xlib-surface.c:1951
#12 0x0000003ceaa2bac7 in _cairo_surface_fill_rectangles (surface=0x28b4, op=CAIRO_OPERATOR_CLEAR, color=0x3ceaa5c0e0, rects=0x7fff2aa36f60, num_rects=439025728) at cairo-surface.c:1458
#13 0x0000003ceaa2bcac in _cairo_surface_fill_region (surface=0x7fe4fc232b40, op=CAIRO_OPERATOR_CLEAR, color=0x3ceaa5c0e0, region=0x7fff2aa37960) at cairo-surface.c:1409
#14 0x0000003ceaa2e867 in _clip_and_composite_trapezoids (src=0x7fe4fc16f1a0, op=CAIRO_OPERATOR_CLEAR, dst=0x7fe4fc232b40, traps=0x7fff2aa379e0, clip=0x0, antialias=<value optimized out>)
    at cairo-surface-fallback.c:617
#15 0x0000003ceaa2eebd in _cairo_surface_fallback_paint (surface=0x7fe4fc232b40, op=CAIRO_OPERATOR_CLEAR, source=0x7fe4fc16f1a0) at cairo-surface-fallback.c:705
#16 0x0000003ceaa2b9ff in _cairo_surface_paint (surface=0x7fe4fc232b40, op=CAIRO_OPERATOR_CLEAR, source=<value optimized out>) at cairo-surface.c:1492
#17 0x0000003ceaa1467a in _cairo_gstate_paint (gstate=0x7fe4fc4f6c30) at cairo-gstate.c:878
#18 0x0000003ceaa0ea99 in *INT_cairo_paint (cr=0x7fe4fc4f6c00) at cairo.c:1947
#19 0x0000003ceaa0eb6d in cairo_paint_with_alpha (cr=0x28b4, alpha=0) at cairo.c:1975
#20 0x0000003766d8d358 in gfxPlatformGtk::CreateOffscreenSurface (this=<value optimized out>, size=@0x7fe5017b81d8, imageFormat=gfxASurface::ImageFormatRGB24) at gfxPlatformGtk.cpp:238
#21 0x0000003766d81582 in gfxPlatform::OptimizeImage (this=0x28b4, aSurface=0x7fe5017b81c0, format=6) at gfxPlatform.cpp:280
#22 0x0000003766c9d1ad in nsThebesImage::Optimize (this=0x7fe50211c6d0, aContext=<value optimized out>) at nsThebesImage.cpp:374
#23 0x0000003766d6c638 in gfxImageFrame::SetMutable (this=<value optimized out>, aMutable=<value optimized out>) at gfxImageFrame.cpp:191
#24 0x00000037665d8660 in imgContainer::DecodingComplete (this=<value optimized out>) at imgContainer.cpp:306
#25 0x00000037665e3973 in end_callback (png_ptr=0x7fe5017cb000, info_ptr=0x7fe50172ed00) at nsPNGDecoder.cpp:869
#26 0x0000003766d9e949 in MOZ_PNG_push_read_chunk (png_ptr=0x7fe5017cb000, info_ptr=0x7fe50172ed00) at pngpread.c:348
#27 0x0000003766d9eda0 in MOZ_PNG_process_data (png_ptr=0x7fe5017cb000, info_ptr=0x7fe50172ed00, buffer=0x6 <Address 0x6 out of bounds>, buffer_size=<value optimized out>) at pngpread.c:35
#28 0x00000037665e3250 in ReadDataOut(struct nsIInputStream *, void *, const char *, PRUint32, PRUint32, PRUint32 *) (in=<value optimized out>, closure=<value optimized out>, 
    fromRawSegment=<value optimized out>, toOffset=<value optimized out>, count=4294967295, writeCount=<value optimized out>) at nsPNGDecoder.cpp:351
#29 0x0000003766d2eb58 in nsInputStreamTee::WriteSegmentFun (in=0x28b4, closure=0x7fe5017d0d00, fromSegment=0x6 <Address 0x6 out of bounds>, offset=4294967295, count=439025728, writeCount=0x28b4)
    at nsInputStreamTee.cpp:102
#30 0x0000003766d321e6 in nsPipeInputStream::ReadSegments (this=0x7fe50221b910, 
    writer=0x3766d2eb44 <nsInputStreamTee::WriteSegmentFun(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*)>, closure=0x7fe5017d0d00, count=2760, readCount=0x7fff2aa38138)
    at nsPipe3.cpp:799
#31 0x00000037665e313e in nsPNGDecoder::WriteFrom (this=0x7fe501c05660, inStr=0x28b4, count=<value optimized out>, _retval=0x7fff2aa38138) at nsPNGDecoder.cpp:370
#32 0x00000037665e01e5 in imgRequest::OnDataAvailable (this=0x7fe502f12ac0, aRequest=0x7fe50222fc48, ctxt=<value optimized out>, inStr=0x7fe5017d0d00, sourceOffset=439025728, count=39624)
    at imgRequest.cpp:993
#33 0x0000003766d53791 in NS_InvokeByIndex_P (that=0x28b4, methodIndex=10420, paramCount=6, params=0xffffffffffffffff) at xptcinvoke_x86_64_linux.cpp:208
#34 0x000000376649db7d in XPCWrappedNative::CallMethod (ccx=@0x7fff2aa38820, mode=<value optimized out>) at xpcwrappednative.cpp:2456
#35 0x00000037664a63da in XPC_WN_CallMethod (cx=0x7fe5140ebc00, obj=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>, vp=<value optimized out>) at xpcwrappednativejsops.cpp:1590
#36 0x00000037680504c1 in js_Invoke (cx=0x7fe5140ebc00, argc=<value optimized out>, vp=0x7fe5023fb530, flags=<value optimized out>) at jsinterp.cpp:1386
#37 0x0000003768041753 in js_Interpret (cx=0x7fe5140ebc00) at jsinterp.cpp:5179
#38 0x00000037680504cb in js_Invoke (cx=0x7fe5140ebc00, argc=<value optimized out>, vp=0x7fe5023fb4e8, flags=<value optimized out>) at jsinterp.cpp:1394
#39 0x0000003766499dd3 in nsXPCWrappedJSClass::CallMethod (this=0x7fe509079800, wrapper=<value optimized out>, methodIndex=<value optimized out>, info=0x7fe511a35f58, nativeParams=0x7fff2aa39240)
    at xpcwrappedjsclass.cpp:1697
#40 0x0000003766d54371 in PrepareAndDispatch(struct nsXPTCStubBase *, PRUint32, PRUint64 *, PRUint64 *, double *) (self=0x7fe5018c1200, methodIndex=<value optimized out>, args=0x7fff2aa393c0, 
    gpregs=0x7fff2aa39340, fpregs=0x7fff2aa39370) at xptcstubs_x86_64_linux.cpp:151
#41 0x0000003766d53833 in SharedStub () from /usr/lib64/xulrunner-1.9.1/libxul.so
#42 0x00000037664fe6a1 in nsStreamListenerTee::OnDataAvailable (this=0x7fe5017d0cd0, request=<value optimized out>, context=0x0, input=0x7fe50221b910, offset=210794, count=39624)
    at nsStreamListenerTee.cpp:97
#43 0x000000376654ed79 in nsHttpChannel::OnDataAvailable (this=0x7fe50222fc00, request=<value optimized out>, ctxt=<value optimized out>, input=0x7fe50221b910, offset=<value optimized out>, 
    count=<value optimized out>) at nsHttpChannel.cpp:5046
#44 0x00000037664e72ed in nsInputStreamPump::OnStateTransfer (this=0x7fe50da80890) at nsInputStreamPump.cpp:508
#45 0x00000037664e73e9 in nsInputStreamPump::OnInputStreamReady (this=0x7fe50da80890, stream=0x28b4) at nsInputStreamPump.cpp:398
#46 0x0000003766d32f8a in nsInputStreamReadyEvent::Run (this=0x7fe4fc7b3df0) at nsStreamUtils.cpp:111
#47 0x0000003766d47365 in nsThread::ProcessNextEvent (this=0x7fe51a01b790, mayWait=1, result=0x7fff2aa3955c) at nsThread.cpp:521
#48 0x0000003766d18953 in NS_ProcessNextEvent_P (thread=0x28b4, mayWait=10420) at nsThreadUtils.cpp:236
#49 0x0000003766c8c479 in nsBaseAppShell::Run (this=0x7fe514075460) at nsBaseAppShell.cpp:170

Comment 1 James Livingston 2009-11-27 01:44:48 UTC

That image works fine on another machine running Fedora 12 and using xorg-x11-drv-intel-2.9.1-1.fc12.x86_64. I'll boot F12 on the machine it crashes on later, and see if it works there.

Comment 2 Matěj Cepl 2009-11-27 23:38:35 UTC


*** This bug has been marked as a duplicate of bug 538207 ***

Note You need to log in before you can comment on or make changes to this bug.