Buffer overflow associated with libxul in latest Firefox-3.0 package on Kubuntu 9.04/Jaunty -- "Couldn't load XRE functions."

Bug #392268 reported by jdb2 on 2009-06-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Undecided
Unassigned

Bug Description

Ever since I received an update to Firefox-3.0 and/or Xulrunner at or slightly before the Firefox 3.0.10 release, attempting to launch Firefox from the KDE panel or menu results in a bobbing Firefox icon which stops after a few seconds only to leave a Firefox tab in the panel which then disappears. Repeated attempts to launch Firefox always results in Plasma crashing. Attempting to run it from the console produces "Couldn't load XRE functions." and attempting to run GDB with the '--debug' option produces the following output or similar :

'
jdb2@jdb2-Kubuntu-temp:~$ firefox --debug
/usr/bin/gdb /usr/lib/firefox-3.0.10/firefox -x /tmp/mozargs.PaJJIv
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(no debugging symbols found)
(gdb) run
Starting program: /usr/lib/firefox-3.0.10/firefox
[Thread debugging using libthread_db enabled]
[New Thread 0xb7daf6d0 (LWP 15070)]
Couldn't load XRE functions.

Program exited with code 01.
(gdb)
'

( It's interesting to note that the above reports that no debugging symbols were found even though I have the ddebs installed for Firefox 3.0.10/11/5/6 as well as all the components listed here : https://wiki.ubuntu.com/MozillaTeam/Bugs#Obtain%20a%20backtrace%20from%20an%20apport%20crash%20report%20%28using%20gdb%29 )

All the above applies, without any apparent changes, to my current install of Firefox 3.0.11 courtesy of an Ubuntu update.

I've also tried deleting the profile directory ( after having backed it up ) which changes nothing. I've tried launching Firefox 3.5b4pre from the menu and panel which results in the same behavior as described concerning 3.0.10/11. Also, I've installed Firefox 3.6 from the ubuntu-mozilla-daily repository, but attempting to launch it results in the same behavior described above, although trying to run it from the console -- 'firefox-3.6' -- produces no output -- there is only a slight pause upon which it exits back to the shell.

The firefox-3.6 '--debug' output is somewhat different from that of 3.0.10/11 :

'
jdb2@jdb2-Kubuntu-temp:~$ firefox-3.6 --debug
/usr/bin/gdb /usr/lib/firefox-3.6a1pre/firefox-3.6 -x /tmp/mozargs.kQTcZN
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
(gdb) run
Starting program: /usr/lib/firefox-3.6a1pre/firefox-3.6
[Thread debugging using libthread_db enabled]
[New Thread 0xb7c046d0 (LWP 19839)]
[New Thread 0xb52ffb90 (LWP 19842)]
[New Thread 0xb4afeb90 (LWP 19843)]
[New Thread 0xb3fffb90 (LWP 19846)]
[New Thread 0xb35ffb90 (LWP 19847)]
[Thread 0xb35ffb90 (LWP 19847) exited]
[New Thread 0xb35ffb90 (LWP 19848)]
[Thread 0xb52ffb90 (LWP 19842) exited]
[Thread 0xb35ffb90 (LWP 19848) exited]
[Thread 0xb3fffb90 (LWP 19846) exited]
[Thread 0xb4afeb90 (LWP 19843) exited]

Program exited with code 01.
(gdb)
'

Also, I've tried re-installing all of the above. The only thing that *does* work is running Firefox 3.5 from the console.

I was unable to build a debug version of the Firefox 3.0.11+build2+nobinonly-0ubuntu0.9.04.1 source package so I did so with the official Mozilla Project tarball, dynamically linked against my system libxul install. When it is executed either normally or with the '--debug' option it crashes and reports that a buffer overflow/overrun has been detected in or associated with libxul.

Here are the details of my system configuration :

'uname -a' :

Linux jdb2-Kubuntu-temp 2.6.28-12-generic #43-Ubuntu SMP Fri May 1 19:27:06 UTC
2009 i686 GNU/Linux

'lsb_release -idrc' :

Distributor ID: Ubuntu
Description: Ubuntu 9.04
Release: 9.04
Codename: jaunty

'kde4-config --version' :

Qt: 4.5.1
KDE: 4.2.90 (KDE 4.2.90 (KDE 4.3 Beta2))
kde4-config: 1.0

'apt-cache policy firefox-3.0' :

firefox-3.0:
  Installed: 3.0.11+build2+nobinonly-0ubuntu0.9.04.1
  Candidate: 3.0.11+build2+nobinonly-0ubuntu0.9.04.1
  Version table:
 *** 3.0.11+build2+nobinonly-0ubuntu0.9.04.1 0
        500 http://us.archive.ubuntu.com jaunty-updates/main Packages
        500 http://security.ubuntu.com jaunty-security/main Packages
        100 /var/lib/dpkg/status
     3.0.8+nobinonly-0ubuntu3 0
        500 http://us.archive.ubuntu.com jaunty/main Packages

'apt-cache policy xulrunner-1.9' :

xulrunner-1.9:
  Installed: 1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1
  Candidate: 1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1
  Version table:
 *** 1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1 0
        500 http://us.archive.ubuntu.com jaunty-updates/main Packages
        500 http://security.ubuntu.com jaunty-security/main Packages
        100 /var/lib/dpkg/status
     1.9.0.8+nobinonly-0ubuntu2 0
        500 http://us.archive.ubuntu.com jaunty/main Packages

Attached are :

The STDOUT/STDERR output of './firefox' : debug.log

The output of executing './firefox --debug' and issuing 'run' followed by 'bt full' in GDB : bt-full.log

The output of issuing 'thread apply all backtrace full' after the previous command in GDB: thread-apply-all-backtrace-full.log

where 'firefox' is :

~/mozilla/ff-dbg/dist/bin/firefox

jdb2 (jonathanbusby) wrote :
jdb2 (jonathanbusby) wrote :

I just realized that I had overlooked the './libxul.so' line in debug.log which means that this build is *not* being compiled/linked against my system libs, or at least libxul, so the output saved in the attachments may be or probably is invalid. ( possibly related to this bug : https://bugs.launchpad.net/ubuntu/+source/firefox-3.0/+bug/325039 )
Everything else in this bug report is valid though.

If someone could give me some assistance in building the official Ubuntu source package *unstripped* and *unoptimized* with debugging enabled then perhaps more light could be shed on the problems detailed in this bug report. I have posted three times to the ubuntu-mozillateam mailing list asking for assistance in building a debug version of the official Ubuntu source package as all my attempts up to now have failed, but I've received no response.

madbiologist (me-again) wrote :

Official support for Ubuntu 9.04 "Jaunty Jackalope" has ended. Is this still occurring on Ubuntu 13.04 "Raring Ringtail"?

Changed in firefox-3.0 (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for firefox-3.0 (Ubuntu) because there has been no activity for 60 days.]

Changed in firefox-3.0 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers