Ubuntu
epiphany-browser package

epiphany-gecko crashed with SIGSEGV while resizing fonts with Ctrl+MouseWheel

Bug #184547 reported by Martijn vdS
74
Affects Status Importance Assigned to Milestone
Epiphany Browser
Won't Fix
High
XULRunner
Invalid
Critical
epiphany-browser (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: epiphany-browser

Epiphany 2.21.* tend to crash on my machine when I resize the font (either with Ctrl+mousewheel or Ctrl++ or Ctrl+-). This is an instance of it crashing while resizing using the mousewheel.

ProblemType: Crash
Architecture: i386
CrashCounter: 1
Date: Sun Jan 20 12:54:00 2008
Disassembly: 0xb7fa7410:
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/epiphany-gecko
NonfreeKernelModules: cdrom
Package: epiphany-gecko 2.21.4-0ubuntu3
PackageArchitecture: i386
ProcCmdline: epiphany-browser
ProcCwd: /home/martijn
ProcEnviron:
 LANGUAGE=nl:en_GB:en
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
 LANG=nl_NL.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: epiphany-browser
Stacktrace: #0 0xb7fa7410 in ?? ()
StacktraceTop: ?? ()
ThreadStacktrace:

Title: epiphany-gecko crashed with SIGSEGV
Uname: Linux hplaptop 2.6.24-4-generic #1 SMP Mon Jan 14 17:30:39 UTC 2008 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin plugdev scanner video

Revision history for this message
Martijn vdS (martijn) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:?? ()

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for your bug report. Please try to obtain a backtrace http://wiki.ubuntu.com/DebuggingProgramCrash and attach the file to the bug report. This will greatly help us in tracking down your problem.

Changed in epiphany-browser:
assignee: nobody → desktop-bugs
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Pedro Villavicencio (pedro) wrote :

Closing this bug report as no further information has been provided. Please feel free to reopen this bug if you can provide the information asked for. Thanks!.

Changed in epiphany-browser:
status: Incomplete → Invalid
Revision history for this message
Victor Osadci (victor-os) wrote :

I see this too, gdb log attached.

Changed in epiphany-browser:
status: Invalid → New
Revision history for this message
Sero (sero4linux) wrote :

This Bug is still there in Hardy with epiphany-browser-2.22.0-0ubuntu5. I can reproduce the crash 100% when I change font size with Ctrl + +/-. Any additional infos needed?

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Sero, can you submit the bug with apport? thanks.

Revision history for this message
Sero (sero4linux) wrote :

Apport never caught the crash an nothing was written to /var/crash. However I got the Epiphany dialog that offers me to load the last "session" that was interrupted due to the crash.

Anyway - I can not reproduce the crash anymore in Hardy. Maybe my installation was not in a consistent state due to some updates that didn't install properly first (Sorry for that). Or maybe it got fixed meanwhile. Actually that's good news - the crash is gone.

Revision history for this message
Victor Osadci (victor-os) wrote :

Still happens here; and apport doesn't catch the crash.

Revision history for this message
Sero (sero4linux) wrote :

This bug drives me crasy. Yes, it is still there. I can reproduce the crash 100% on certain web sites while it does never crash on other web sites. As Victor Osadci said, apport doesn't catch it :-( I suspected it might not be epiphany crashing directly but compiz or something related, so I turned off all desktop effects - it didn't help.

I am planning to dive deeper in this problem tomorrow and maybe get some help debugging on IRC. I hope we manage to get this ugly beast trapped down soon.

Revision history for this message
Sero (sero4linux) wrote :

I did a backtrace for myself but I am not sure whether this is useful - there were no -dbg packages for xulrunner in the main repo so I have only epiphany-browser-dbg installed.

Revision history for this message
Ilya Mezhirov (alih) wrote :

I've saved a bad HTML and narrowed it down, so now I know how to reproduce the bug. Try
   cp /usr/share/icons/application-default-icon.png .
   echo '<html><body background="application%2Ddefault%2Dicon.png"></body></html>' >foo.html
   epiphany foo.html
Hope that helps.

Revision history for this message
Jouni Mettala (jouni-mettala) wrote :

Thanks alih. I am marking it confirmed. Firefox resizes foo.html with [Ctrl and +] so maybe xulrunner isn't right package.

Changed in xulrunner-1.9:
status: New → Confirmed
Revision history for this message
Jouni Mettala (jouni-mettala) wrote :

Here is backtrace of resizing foo.html

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :
Download full text (6.8 KiB)

When going at the given url and modifying zoom level, a crash occurs.
Interestingly, this doesn't happen in iceweasel/firefox, but in gtkmozembed clients, such as galeon and epiphany. I couldn't reproduce with a specially crafted version of TestGtkEmbed, though.

FWIW, I could reproduce the crash with the Ubuntu 8.04.1 i386 livecd.

Here is the stacktrace with an optimized build:
#0 0x00007fa3e57c6ccc in nsRuleNode::GetStyleBackground (this=0x4267cb8, aContext=<value optimized out>, aComputeData=<value optimized out>) at nsRuleNode.h:215
#1 0x00007fa3e57ca0e4 in nsStyleContext::CalcStyleDifference (this=0x4006810, aOther=0x426b278) at nsStyleStructList.h:79
#2 0x00007fa3e5706863 in CaptureChange (aOldContext=0x7fa3eaca19e0, aNewContext=0x7fa3eaa6f870, aFrame=0x41, aContent=0x0, aChangeList=0x41dcae0, aMinChange=nsChangeHint_RepaintFrame, aChangeToAssume=0)
    at nsFrameManager.cpp:1058
#3 0x00007fa3e57075b5 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x40068d0, aParentContent=0x3fac8d0, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1196
#4 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x4006700, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#5 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x40065f0, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#6 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x4006460, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#7 0x00007fa3e57078d9 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x40063e8, aParentContent=0x3fac6c0, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1125
#8 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x4006188, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#9 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x4006078, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#10 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x4011970, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#11 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x40117f0, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFrameManager.cpp:1404
#12 0x00007fa3e5707961 in nsFrameManager::ReResolveStyleContext (this=0x3eede08, aPresContext=0x35a6240, aFrame=0x40115f0, aParentContent=<value optimized out>, aChangeList=0x7ffffb501160, aMinChange=7)
    at nsFra...

Read more...

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :
Download full text (7.9 KiB)

FWIW, in a debug build, it displays these lines:
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043
###!!! ASSERTION: Unmatched begin/end?: '!mOldRuleTree', file nsStyleSet.cpp, line 107
WARNING: Unable to test style tree integrity -- no content node: file nsCSSFrameConstructor.cpp, line 10043

The stacktrace with a non-optimized debug build looks like:
#0 0x00007fe163f420e7 in nsRuleNode::WalkRuleTree (this=0x4193a50, aSID=eStyleStruct_Background, aContext=0x41acec8, aRuleData=0x7fff7a5dd390, aSpecificData=0x7fff7a5dd2f0) at nsRuleNode.cpp:1388
#1 0x00007fe163f44810 in nsRuleNode::GetBackgroundData (this=0x4193a50, aContext=0x41acec8) at nsRuleNode.cpp:1211
#2 0x00007fe163f4490b in nsRuleNode::GetStyleBackground (this=0x4193a50, aContext=0x41acec8, aComputeData=1) at nsStyleStructList.h:79
#3 0x00007fe163f4bb5c in nsStyleContext::GetStyleBackground (this=0x41acec8) at nsStyleStructList.h:79
#4 0x00007fe163f4eed3 in nsStyleContext::CalcStyleDifference (this=0x3b07018, aOther=0x41acec8) at nsStyleContext.cpp:472
#5 0x00007fe163da6dcd in CaptureChange (aOldContext=0x3b07018, aNewContext=0x41acec8, aFrame=0x3b070d8, aContent=0x3a49cc0, aChangeList=0x7fff7a5e11e0, aMinChange=7, aChangeToAssume=0)
    at nsFrameManager.cpp:1058
#6 0x00007fe163da739f in nsFrameManager::ReResolveStyleContext (this=0x268e3a8, aPresContext=0x26b0240, aFrame=0x3b070d8, aParentContent=0x3a49c20, aChangeList=0x7fff7a5e11e0, aMinChange=7)
    at nsFrameManager.cpp:1196
#7 0x00007fe163da7dd3 in nsFrameManager::ReResolveStyleContext (this=0x268e3a8, aPresContext=0x26b0240, aFrame=0x3b06f00, aParentContent=0x3a499f0, aChangeList=0x7fff7a5e11e0, aMinChange=7)
    at nsFrameManager.cpp:1404
#8 0x00007fe163da7dd3 in nsFrameManager::ReResolveStyleContext (this=0x268e3a8, aPresContext=0x26b0240, aFrame=0x3aba088, aParentContent=0x3a49a90, aChangeList=0x7fff7a5e11e0, aMinChange=7)
    at nsFrameManager.cpp:1404
#9 0x00007fe163da7dd3 in nsFrameManager::ReResolveStyleContext (this=0x268e3a8, aPresContext=0x26b0240, aFrame=0x3aab338, aParentContent=0x3a49a90, aChangeList=0x7fff7a5e11e0, aMinChange=7)
    at nsFrameManager.cpp:1404
#10 0x00007fe163da6fdc in nsFrameManager::ReResolveStyleContext (this=0x268e3a8, aPresContext=0x26b0240, aFrame=0x3aab2b8, aParentContent=0x3a499a0, aChangeList=0x7fff7a5e11e0, aMinChange=7)
    at nsFrameManager.cpp:1125
#11 0x00007fe163da7dd3 in ns...

Read more...

Revision history for this message
In , Matti-mversen (matti-mversen) wrote :

*** Bug 444916 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Sam Morris (yrro) wrote :

Also reproducible at http://erlang.org/

Revision history for this message
In , L. David Baron (dbaron) wrote :

See also http://bugzilla.gnome.org/show_bug.cgi?id=525357 .

Does this happen only on certain sites, or does it happen any time you increase text zoom?

It seems surprising that it's specific to Epiphany/Galeon. Are you sure? (You were changing text zoom in the comparison cases, not full zoom?) Do you have a pointer to source code and build instructions for Epiphany/Galeon?

Revision history for this message
In , L. David Baron (dbaron) wrote :

(In reply to comment #4)
> were changing text zoom in the comparison cases, not full zoom?) Do you have a
> pointer to source code and build instructions for Epiphany/Galeon?

Specifically, to whichever one and version thereof you think is easiest to build/test.

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

It only happens on some sites, the url attached to this bug is very reliable to trigger the crash. I never got firefox to crash on it, despite switching between full and text zoom. Epiphany is using nsIMarkupContentViewer->SetTextZoom. At first I thought it could be related to the zoom factors Epiphany was using (Firefox uses 1.1, 1.2, 1.3... epiphany uses some strange values (some square roots, I think)) and changed the factors in epiphany, but that didn't change anything.

I tried adding the relevant code portions to the TestGtkEmbed code, and while zooming works with my hack, it doesn't crash, which is quite disappointing.

Anyways, it looks very much like stack or heap corruption of some sort from where i stand.

I would suggest trying with the latest Epiphany from the 2.22 branch (2.22.3 iirc), and check lib/ephy-zoom.* and embed/mozilla/EphyBrowser.cpp.

Revision history for this message
In , L. David Baron (dbaron) wrote :

Are there instructions somewhere for how to build Epiphany with a Gecko built normally from source and not installed?

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

I don't think there are. The best you can you is to have pkgconfig files pointing at your local version of libxul. You can use PKG_CONFIG_PATH to tell pkg-config where it should look for .pc files.

Bug Watch Updater (bug-watch-updater)
Changed in xulrunner:
status: Unknown → Invalid
Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

Did you manage to reproduce the issue ?

Revision history for this message
jindro (jindror) wrote :

I can confirm the bug.
After today´s updates no change.

Most annoying bug i have.

Revision history for this message
In , Rodja (rodja) wrote :

Created an attachment (id=331438)
simple html file to reproduce the bug

I can always reproduce the crash with the attached html file. If you remove the "#"-symbol in the background attribute the segfault will not occure. Referencing an image in the background attribute produces the same result as the "#".

Revision history for this message
In , Dfloief (dfloief) wrote :

Created an attachment (id=332507)
Full backtrace of epiphany crash

I have same issue

http://bugs.gentoo.org/show_bug.cgi?id=233737

Pedro Villavicencio (pedro)
Changed in xulrunner-1.9:
assignee: desktop-bugs → nobody
status: Confirmed → Triaged
Changed in xulrunner:
status: Invalid → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in xulrunner:
status: Unknown → Confirmed
Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

David (dbaron), did you have a chance to reproduce the issue yet ?

Revision history for this message
In , L. David Baron (dbaron) wrote :

No, I haven't had a chance to attempt getting the necessary builds set up. But I realized I might be able to debug on a Fedora 9 system by installing the appropriate packages + *-debuginfo RPMs.

Revision history for this message
In , L. David Baron (dbaron) wrote :

Er, never mind... I forgot Fedora 9 is using Firefox 2.

Revision history for this message
In , L. David Baron (dbaron) wrote :

So, to somebody who does have the setup to debug this: I'd say the first thing to look at would be this assertion:

> ###!!! ASSERTION: Unmatched begin/end?: '!mOldRuleTree', file nsStyleSet.cpp,
> line 107

Are there in fact unmatched calls to nsStyleSet::BeginReconstruct and nsStyleSet::EndReconstruct? (They should always be matched, and should never be nested... really the assertion text should be complaining about "unmatched or nested begin/end".)

If so, what are the stacks that show how we're ending up with unmatched (the stack of the begin that has no end) or nested (the stack of both begins) calls?

Revision history for this message
In , Braden (braden) wrote :

Er... Fedora 9 uses Firefox 3.

Revision history for this message
In , L. David Baron (dbaron) wrote :

Er, sorry, my Fedora box runs Fedora 8, not 9; Fedora 9 won't boot because of the way Dell set up the partition table back when I bought the machine a number of years ago (though all the previous Fedora releases worked fine), and since one of the main purposes of the machine is backups, I'm not about to repartition the disk.

Revision history for this message
In , Josselin Mouette (joss) wrote :

Created an attachment (id=340534)
Full stack traces of consecutive nsStyleSet::BeginReconstruct calls

(In reply to comment #15)
> Are there in fact unmatched calls to nsStyleSet::BeginReconstruct and
> nsStyleSet::EndReconstruct? (They should always be matched, and should never
> be nested... really the assertion text should be complaining about "unmatched
> or nested begin/end".)

Bingo, it looks like they are either unmatched or nested.

> If so, what are the stacks that show how we're ending up with unmatched (the
> stack of the begin that has no end) or nested (the stack of both begins) calls?

I’m attaching the stacks of the two consecutive begins.

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

Looks like epiphany is to blame here. It appears that during the reconstruct, gecko sends a MOZILLA_EMBED_LOAD_LOADING signal for one background image, and epiphany's handler calls ephy_base_embed_restore_zoom_level, which ends up doing a SetTextZoom because at the time ephy_base_embed_restore_zoom_level is called, GetTextZoom returns the old zoom level, which means ephy_base_embed_restore_zoom_level believes it's different from the new zoom level in which case it fires SetTextZoom. I guess EphyBrowser should keep the zoom level itself instead of relying on GetTextZoom...

Revision history for this message
In , Mh+mozilla (mh+mozilla) wrote :

Actually, on the contrary, GetTextZoom returns the new zoom level, while ephy_base_embed_restore_zoom_level compares to the old one...

Bug Watch Updater (bug-watch-updater)
Changed in epiphany-browser:
status: Unknown → Confirmed
Revision history for this message
Jouni Mettala (jouni-mettala) wrote :

Fixed in 2.24.1

Changed in epiphany-browser:
status: Triaged → Fix Released
Revision history for this message
In , Jruderman (jruderman) wrote :

Based on comment 19, sounds like this is invalid as a Gecko bug.

Bug Watch Updater (bug-watch-updater)
Changed in xulrunner:
status: Confirmed → Invalid
Revision history for this message
In , Jruderman (jruderman) wrote :

*** Bug 447719 has been marked as a duplicate of this bug. ***

Bug Watch Updater (bug-watch-updater)
Changed in epiphany-browser:
importance: Unknown → High
status: Confirmed → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in xulrunner:
importance: Unknown → Critical
Revision history for this message
In , Sumans-factocert (sumans-factocert) wrote :

Missing logo and can't zoom when i try to goto my page https://factocert.com/qatar/iso-certification-in-qatar/ it's not showing properly.

Revision history for this message
In , Kiran-factocert (kiran-factocert) wrote :

I am facing Crash when zooming in and out of a document with different page sizes can anyone give me a suggestion, https://certivatic.com/ng/iso-certification-in-nigeria/

Revision history for this message
In , Barristerbabutv-com (barristerbabutv-com) wrote :

Watch All Star Plus Drama Full Episodes Free Only On Official Website
https://anupamaa.su/

Revision history for this message
In , Nishanth-pickyourprop (nishanth-pickyourprop) wrote :

I am facing this issue only in google chrome.
https://pickyourprop.com/search-properties/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.