Ubuntu
firefox-3.0 package

  1. Bug #212092
  2. Comment #7

Comment 7 for bug 212092

Revision history for this message
In , Matěj Cepl (mcepl) wrote :

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9b5) Gecko/2008043010 Fedora/3.0-0.60.beta5.fc9 Firefox/3.0b5
Build Identifier: firefox-3.0-0.60.beta5.fc9.x86_64 xulrunner-1.9-0.60.beta5.fc9.x86_64

(originally filed as Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=445199)

Core was generated by `/usr/lib64/firefox-3.0b5/firefox'.
Program terminated with signal 11, Segmentation fault.

#4 0x000000335b3e68f0 in nsVoidArray::EnumerateForwards (this=<value optimized
out>, aFunc=<value optimized out>, aData=<value optimized out>) at
nsVoidArray.cpp:678
678 running = (*aFunc)(mImpl->mArray[index], aData);
(gdb) list
673
674 if (mImpl)
675 {
676 while (running && (++index < mImpl->mCount))
677 {
678 running = (*aFunc)(mImpl->mArray[index], aData);
679 }
680 }
681 return running;
682 }
#3 0x000000335b3e3e80 in ReleaseObjects (aElement=<value optimized out>) at
nsCOMArray.cpp:151
151 NS_IF_RELEASE(element);
Current language: auto; currently c++
(gdb) list
146 // useful for destructors
147 PRBool
148 ReleaseObjects(void* aElement, void*)
149 {
150 nsISupports* element = static_cast<nsISupports*>(aElement);
151 NS_IF_RELEASE(element);
152 return PR_TRUE;
153 }
154
155 void
(gdb) down
#2 <signal handler called>
Current language: auto; currently c
(gdb) list
156 nsCOMArray_base::Clear()
157 {
158 mArray.EnumerateForwards(ReleaseObjects, nsnull);
159 mArray.Clear();
160 }
161
(gdb) down
#1 0x000000335ac268cd in nsProfileLock::FatalSignalHandler (signo=<value
optimized out>) at nsProfileLock.cpp:212
212 raise(signo);

Comment #1 From Martin Stransky (<email address hidden>) on 2008-05-05 09:26 EST [reply] Private

Can you please attach steps how to reproduce it?

Comment #2 From Harald Hoyer (<email address hidden>) on 2008-05-05 10:20 EST [reply] Private

1. create a new article in plone using the internal kupu editor.
2. write some text
3. click on ["html"]
4. boom

Comment #3 From Matej Cepl (<email address hidden>) on 2008-05-05 16:19 EST [reply] Private

(In reply to comment #2)
> 1. create a new article in plone using the internal kupu editor.
> 2. write some text
> 3. click on ["html"]
> 4. boom

Is there some internal (or publicly accessible external) instance of plone?

Comment #4 From Harald Hoyer (<email address hidden>) on 2008-05-05 22:25 EST [reply] Private

if you ping me on IRC, I can give you temporary access to my instance.

Comment #5 From Harald Hoyer (<email address hidden>) on 2008-05-06 00:45 EST [reply] Private

start firefox on x86_64:

login on:
https://test.harald-hoyer.de/login_form

User: test
PW: testit

go to:
https://test.harald-hoyer.de/personal/blog/augeas/edit

click in the big editor form. click on "HTML" in the editor toolbar.

Comment #6 From Martin Stransky (<email address hidden>) on 2008-05-06 04:11 EST [reply] Private

Hm, the provided testcase works fine for me (no crash). I have FF3 Beta5 with
internal cairo.

Comment #7 From Martin Stransky (<email address hidden>) on 2008-05-06 04:11 EST [reply] Private

on x86_64.

Comment #8 From Harald Hoyer (<email address hidden>) on 2008-05-06 04:36 EST [reply] Private

I'll retry with no plugins, fresh user. maybe I can pin it down to s.th.

Comment #9 From Harald Hoyer (<email address hidden>) on 2008-05-06 04:45 EST [reply] Private

hmm, as a fresh user, no problem.

moving away .mozilla with my main user does not change anything. still segfault.

Comment #10 From Martin Stransky (<email address hidden>) on 2008-05-06 04:47 EST [reply] Private

Try the safe mode (firefox -safe-mode)

Comment #11 From Harald Hoyer (<email address hidden>) on 2008-05-06 05:02 EST [reply] Private

$ firefox -safe-mode
/usr/lib64/firefox-3.0b5/run-mozilla.sh: line 131: 27408 Segmentation fault
 "$prog" ${1+"$@"}

Comment #12 From Harald Hoyer (<email address hidden>) on 2008-05-06 05:27 EST [reply] Private

#0 0x000000334ec0ebeb in raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
42 sig);
Missing separate debuginfos, use: debuginfo-install keyutils.x86_64
(gdb) bt
#0 0x000000334ec0ebeb in raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#1 0x000000335ac268cd in nsProfileLock::FatalSignalHandler (signo=<value
optimized out>) at nsProfileLock.cpp:212
#2 <signal handler called>
#3 0x00000000046644f0 in ?? ()
#4 0x000000335b386870 in nsDocAccessible::FlushPendingEvents (this=<value
optimized out>) at nsDocAccessible.cpp:1640
#5 0x000000335b418ee2 in nsTimerImpl::Fire (this=<value optimized out>) at
nsTimerImpl.cpp:400
#6 0x000000335b418f49 in nsTimerEvent::Run (this=<value optimized out>) at
nsTimerImpl.cpp:490
#7 0x000000335b416a9e in nsThread::ProcessNextEvent (this=<value optimized
out>, mayWait=<value optimized out>, result=<value optimized out>) at
nsThread.cpp:510
#8 0x000000335b3e82f6 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=<value optimized out>) at nsThreadUtils.cpp:227
#9 0x000000335b36010d in nsBaseAppShell::Run (this=<value optimized out>) at
nsBaseAppShell.cpp:170
#10 0x000000335b2235bd in nsAppStartup::Run (this=<value optimized out>) at
nsAppStartup.cpp:181
#11 0x000000335ac1f73b in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3154
#12 0x0000000000401665 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363
#13 0x000000334e01e32a in __libc_start_main (main=<value optimized out>,
argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized
out>, fini=<value optimized out>, rtld_fini=<value optimized out>,
    stack_end=Could not find the frame base for "__libc_start_main".
) at libc-start.c:220
#14 0x0000000000401159 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363

Comment #13 From Harald Hoyer (<email address hidden>) on 2008-05-06 05:29 EST [reply] Private

(gdb) up
#4 0x000000335b386870 in nsDocAccessible::FlushPendingEvents (this=<value
optimized out>) at nsDocAccessible.cpp:1640
1640 NS_RELEASE_THIS(); // Release kung fu death grip
Current language: auto; currently c++
(gdb) up
#5 0x000000335b418ee2 in nsTimerImpl::Fire (this=<value optimized out>) at
nsTimerImpl.cpp:400
400 callback.c(this, mClosure);
(gdb) up
#6 0x000000335b418f49 in nsTimerEvent::Run (this=<value optimized out>) at
nsTimerImpl.cpp:490
490 timer->Fire();
(gdb) up
#7 0x000000335b416a9e in nsThread::ProcessNextEvent (this=<value optimized
out>, mayWait=<value optimized out>, result=<value optimized out>) at
nsThread.cpp:510
510 event->Run();
(gdb) up
#8 0x000000335b3e82f6 in NS_ProcessNextEvent_P (thread=<value optimized out>,
mayWait=<value optimized out>) at nsThreadUtils.cpp:227
227 return NS_SUCCEEDED(thread->ProcessNextEvent(mayWait, &val)) && val;
(gdb) up
#9 0x000000335b36010d in nsBaseAppShell::Run (this=<value optimized out>) at
nsBaseAppShell.cpp:170
170 NS_ProcessNextEvent(thread);
(gdb) up
#10 0x000000335b2235bd in nsAppStartup::Run (this=<value optimized out>) at
nsAppStartup.cpp:181
181 nsresult rv = mAppShell->Run();
(gdb) up
#11 0x000000335ac1f73b in XRE_main (argc=<value optimized out>, argv=<value
optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3154
3154 rv = appStartup->Run();
(gdb) up
#12 0x0000000000401665 in __gxx_personality_v0 () at
../../../../libstdc++-v3/libsupc++/eh_personality.cc:363
363 struct _Unwind_Context *context)

Comment #14 From Martin Stransky (<email address hidden>) on 2008-05-06 05:49 EST [reply] Private

Try to turn off gnome accesibility. Does it help?

Comment #15 From Harald Hoyer (<email address hidden>) on 2008-05-06 06:09 EST [reply] Private

rofl.. yes :)

Reproducible: Always

Steps to Reproduce:
1.turn the accessibility support on
2. create a new article in plone using the internal kupu editor.
3. write some text
4. click on ["html"]
5. boom
Actual Results:
crash

Expected Results:
no crash