Ubuntu
firefox package

MASTER firefox-bin crashed with crux theme [@moz_gtk_widget_paint] at #10

Bug #129007 reported by Bryan Quigley
106
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GTK-engines
Invalid
Undecided
Unassigned
Mozilla Firefox
Fix Released
Medium
firefox (Ubuntu)
Fix Released
High
Alexander Sack
Ubuntu ubuntu-7.10-beta
gtk2-engines (Ubuntu)
Invalid
Undecided
Unassigned
thunderbird (Ubuntu)
Fix Released
High
Alexander Sack
Ubuntu ubuntu-7.10-beta

Bug Description

Binary package hint: firefox

I was attempting to download the torrent of fluxbuntu.org and Firefox crashed. It crashed with Both Firefox2 and Firefox 3 alpha. It works fine in Epiphany. This is on Gutsy.

Torrent off of this page: http://modzer0.cs.uaf.edu/~hardwarehank/fluxbuntu/rev2/

I'll provide more when I'm willing to crash Firefox again.

It appears the Crux theme might be the cause as it only happens with it turned on.

Steps to reproduce.
1. Change to theme Crux.
2. Open Firefox.
3. Go to site. (Above)
4. Try to download torrent.

ProblemType: Crash
Architecture: i386
Date: Sun Jul 29 00:10:17 2007
Disassembly: 0xffffe410:
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/lib/firefox/firefox-bin
NonfreeKernelModules: cdrom
Package: firefox 2.0.0.5+2-0ubuntu2
PackageArchitecture: i386
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/bryan
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: firefox
Stacktrace: #0 0xffffe410 in ?? ()
StacktraceTop: ?? ()
ThreadStacktrace:

Title: firefox-bin crashed with SIGSEGV
Uname: Linux moe 2.6.22-8-generic #1 SMP Thu Jul 12 15:59:45 GMT 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin mythtv netdev plugdev powerdev scanner video

Extracted from symbolized stacktrace:
(file: http://launchpadlibrarian.net/8611030/gdb-firefox.log)
...
#9 g_free () from /usr/lib/libglib-2.0.so.0
#10 moz_gtk_widget_paint (widget=MOZ_GTK_DROPDOWN,
#11 nsNativeThemeGTK::DrawWidgetBackground (this=0x8488d58,
#12 nsCSSRendering::PaintBackgroundWithSC (
#13 nsCSSRendering::PaintBackground (aPresContext=0x8e80128,
#14 nsFrame::PaintSelf (this=0x8ed35f4, aPresContext=0x8e80128,
#15 nsBoxFrame::Paint (this=0x8ed35f4, aPresContext=0x8e80128,
#16 nsBoxFrame::PaintChild (this=0x8edd104,
...

See original description
Tags: mt-eval
Revision history for this message
Bryan Quigley (bryanquigley) wrote : firefox-bin crashed with SIGSEGV crashed downloading torrent

Binary package hint: firefox

I was attempting to download the torrent of fluxbuntu.org and Firefox crashed. It crashed with Both Firefox2 and Firefox 3 alpha. It works fine in Epiphany. This is on Gutsy.

Torrent off of this page: http://modzer0.cs.uaf.edu/~hardwarehank/fluxbuntu/rev2/

I'll provide more when I'm willing to crash Firefox again.

ProblemType: Crash
Architecture: i386
Date: Sun Jul 29 00:10:17 2007
Disassembly: 0xffffe410:
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/lib/firefox/firefox-bin
NonfreeKernelModules: cdrom
Package: firefox 2.0.0.5+2-0ubuntu2
PackageArchitecture: i386
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/bryan
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: firefox
Stacktrace: #0 0xffffe410 in ?? ()
StacktraceTop: ?? ()
ThreadStacktrace:

Title: firefox-bin crashed with SIGSEGV
Uname: Linux moe 2.6.22-8-generic #1 SMP Thu Jul 12 15:59:45 GMT 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin mythtv netdev plugdev powerdev scanner video

Revision history for this message
Bryan Quigley (bryanquigley) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stack trace with source code
Revision history for this message
Bryan Quigley (bryanquigley) wrote : Re: firefox-bin crashed with SIGSEGV crashed downloading torrent

It appears the Crux theme might be the cause as it only happens with it turned on.

Steps to reproduce.
1. Change to theme Crux.
2. Open Firefox.
3. Go to site. (Above)
4. Try to download torrent.

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

Thank you gQuigs for your report,

Unfortunately this report lacks information we need to investigate it further. Of course this is not your fault, but the coredump attached to your report doesn't provide useful information for us.

Could you please try to obtain a backtrace by following the instructions on [1] and upload it to [2].

Thanks in advance.

H. Montoliu

[1] https://wiki.ubuntu.com/MozillaTeam/Bugs
[2] https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/129007/+addcomment

Changed in firefox:
assignee: nobody → mozilla-bugs
importance: Undecided → High
status: New → Incomplete
description: updated
Revision history for this message
Bryan Quigley (bryanquigley) wrote : Re: firefox-bin crashed with SIGSEGV crashed downloading torrent with crux theme

Not sure if I did this right... This was with Firefox 2.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

UUID 66f1830f-3b7d-11dc-a9e1-001a4bd43ed6
Time 2007-07-26 06:37:49.840000-07:00
Build ID 2007072604
OS Linux
OS Version 0.0.0 Linux 2.6.22-8-generic #1 SMP Thu Jul 12 15:59:45 GMT 2007 i686 GNU/Linux
CPU x86
CPU Info GenuineIntel family 2 model 2 stepping 4
Crash Reason SIGABRT
Crash Address 0xffffe410
Stack of Crashing Thread

frame signature
0 @0xffffe410
1 libc-2.6.so@0x2c1f0
2 libc-2.6.so@0x61e2b
3 libc-2.6.so@0x6d8fa
4 libglib-2.0.so.0.1307.0@0x36960
5 moz_gtk_option_menu_get_metrics
6 moz_gtk_widget_paint
7 ThemeRenderer::NativeDraw(_XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int)
8 NativeRendering(void*, _XDisplay*, unsigned long, Visual*, short, short, XRectangle*, unsigned int)
9 cairo_draw_with_xlib

Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

565 GtkBorder *tmp_indicator_spacing;
566
567 gtk_widget_style_get(gOptionMenuWidget,
[...]
570 "indicator_spacing", &tmp_indicator_spacing,
[...]
585 g_free(tmp_indicator_spacing);

You have to use gtk_border_free() to free a GtkBorder* obtained with gtk_widget_style_get, not g_free().

Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

And similarly you need to use gtk_requisition_free to free the GtkRequisition* tmp_indicator_size.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

Created attachment 274406
like this?

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

Created attachment 274408
more like this?

Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

Comment on attachment 274408
more like this?

You need to null-check, since neither they don't accept null, in contrast to g_free.

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

Created attachment 274410
details...

Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

Comment on attachment 274410
details...

You mixed them up, used gtk_border_free in the if() of the GtkRequisition, and likewise for the other one too ;)

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

Created attachment 274430
ok, patching whlie sleepy is bad?

Revision history for this message
In , Timeless-bemail (timeless-bemail) wrote :

Comment on attachment 274430
ok, patching whlie sleepy is bad?

roc: could you please approve this for 1.9?

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote : Re: firefox-bin crashed with SIGSEGV crashed downloading torrent with crux theme

Thank you gQuigs, this crash may be related to bug 127383.

What are those unreadable symbols on stacks 6-8 from your gdb.log?

Revision history for this message
Bryan Quigley (bryanquigley) wrote :

I have no idea. How would I find out?

Hilario J. Montoliu (hjmf) (hmontoliu)
description: updated
Changed in firefox:
status: Incomplete → Confirmed
Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) wrote :

For all the subscribers of this report:

Could you (if possible all of you) confirm what theme were you using when firefox crashed? We already know that some of you were using the crux theme. But we need a confirmation.

Thank you in advance.

H. Montoliu

Revision history for this message
Jörgen Lidholm (jorgen-lidholm) wrote :

I was not using crux, I don't remember which theme I was using, but I will track this down later.

Revision history for this message
erekose (erekose) wrote :

This happens to me when using the crux theme, the default human theme works fine

Hilario J. Montoliu (hjmf) (hmontoliu)
Changed in firefox:
status: Confirmed → In Progress
Changed in gtk2-engines:
status: New → Invalid
Hilario J. Montoliu (hjmf) (hmontoliu)
Changed in gtk-engines:
status: New → Invalid
Revision history for this message
Jörgen Lidholm (jorgen-lidholm) wrote :

I've now tested with several different themes and the following causes firefox when the download dialog opens:
Gray
Neutrino
Redmond
ThinIce

And to clarify, it is enough to change the controls. Buttons and frame has nothing to do with this bug.

regards,
Jörgen

Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

*** Bug 394876 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Roc-ocallahan (roc-ocallahan) wrote :

I'd like to but I technically I can't.

Revision history for this message
In , Roc-ocallahan (roc-ocallahan) wrote :

Comment on attachment 274430
ok, patching whlie sleepy is bad?

okay, now I can.

Revision history for this message
In , Frédéric Crozat (fcrozat) wrote :

attachment 274430 is buggy :
-there is a typo in gtk_requistion_free(tmp_indicator_size); and from checking gtk code, I'm not sure there is a need to use gtk_requisition_free, since it is just a call to g_free. Anyway, it is not needed to check for null when calling gtk_requisition_free
-gtk_requisition_free on gtk+ 2.11.x is calling g_slide_free which does accept NULL as a parameter (it just doesn't do anything).

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → Invalid
Revision history for this message
In , c7d2f5c8667d26fffd5e7772d632c76d (c7d2f5c8667d26fffd5e7772d632c76d-deactivatedaccount) wrote :

You're right, I read the gslice macros wrongly and thought they didn't accept NULL on free.

gtk_requisition_free is the right function to call, NOT g_free.

Revision history for this message
In , Frédéric Crozat (fcrozat) wrote :

Created attachment 279879
better patch

Revision history for this message
Alexander Sack (asac) wrote :

there is a patch available in upstream bug, which we definitly want before beta.

Changed in firefox:
status: In Progress → Triaged
Revision history for this message
Alexander Sack (asac) wrote :

taking.

Changed in firefox:
assignee: mozilla-bugs → asac
Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: Unknown → In Progress
Revision history for this message
turox (tuxturox) wrote :

so i changed the theme, bevore i uesed the crux theme on ubuntu and xubuntu, and now after changing the theme firefox works fine without any crashes.

Alexander Sack (asac)
Changed in firefox:
status: Triaged → In Progress
Alexander Sack (asac)
Changed in firefox:
status: In Progress → Fix Committed
Alexander Sack (asac)
Changed in thunderbird:
assignee: nobody → asac
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Alexander Sack (asac) wrote :

firefox (2.0.0.6+2-0ubuntu4) gutsy; urgency=low

  * patch shaping: rename patches and include there bugzilla id
    where available; document bzXXX-dont-reset-user-prefs-on-upgrade and
    force-no-pragma-visibility-for-gcc-4.2_4.3 patches.
  * debian/patches/bz389801-theme-crash-with-GtkOptionMenu-indicator_size-and-indicator_spacing.patch:
    prefetch latest patch from bugzilla 389801 to fix top-crasher
    (LP: #129007).
  * debian/firefox-gnome-support.install: properly install gnome support files
    previously missing in firefox-gnome-support package (LP: #131743).

 -- Alexander Sack <email address hidden> Wed, 19 Sep 2007 18:16:37 +0200

Changed in firefox:
status: Fix Committed → Fix Released
Revision history for this message
Alexander Sack (asac) wrote :

thunderbird (2.0.0.6-0ubuntu3) gutsy; urgency=low

  * debian/patches/bz389801-theme-crash-with-GtkOptionMenu-indicator_size-and-indicator_spacing.patch,
    series: prefetch latest patch from bugzilla 389801 to theme dependent
    top-crash. (LP: #129007)
  * debian/thunderbird.desktop: add finish and swedish translations to
    .desktop file (LP: #126112).

 -- Alexander Sack <email address hidden> Wed, 19 Sep 2007 18:21:22 +0200

Changed in thunderbird:
status: Fix Committed → Fix Released
Revision history for this message
In , Reed Loden (reed) wrote :

Comment on attachment 279879
better patch

Requesting review on this patch... the patch says it's for gfx/src/gtk/gtk2drawing.c, but that file doesn't exist on trunk, as it seems it was moved to widget/src/gtk2/gtk2drawing.c.

Revision history for this message
In , Reed Loden (reed) wrote :

According to https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/129007, this is a top-crasher for Ubuntu.

Revision history for this message
In , Reed Loden (reed) wrote :

Checking in widget/src/gtk2/gtk2drawing.c;
/cvsroot/mozilla/widget/src/gtk2/gtk2drawing.c,v <-- gtk2drawing.c
new revision: 1.32; previous revision: 1.31
done

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
status: In Progress → Fix Released
Revision history for this message
In , Dveditz (dveditz) wrote :

Comment on attachment 279879
better patch

approved for 1.8.1.8 and 1.8.0.14, a=dveditz for release-drivers

Revision history for this message
In , Reed Loden (reed) wrote :

MOZILLA_1_8_BRANCH:

Checking in gfx/src/gtk/gtk2drawing.c;
/cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v <-- gtk2drawing.c
new revision: 1.15.8.3; previous revision: 1.15.8.2
done

MOZILLA_1_8_0_BRANCH:

Checking in gfx/src/gtk/gtk2drawing.c;
/cvsroot/mozilla/gfx/src/gtk/Attic/gtk2drawing.c,v <-- gtk2drawing.c
new revision: 1.15.8.2.4.1; previous revision: 1.15.8.2
done

Bug Watch Updater (bug-watch-updater)
Changed in firefox:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.