Spellchecker always causing SEGFAULT

Bug #651771 reported by Stuart Bishop on 2010-09-30
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Medium
Chris Coulson

Bug Description

Binary package hint: firefox

Firefix barely gets started before it segfaults. After installing debug symbols and running with --debug with no addons in a guest session, I can get the following stack trace pointing to the spell checker. Turning off the 'check my spelling' option stops the crashes.

guest@xxxx:~$ firefox --debug
/usr/lib/firefox-3.6.10/run-mozilla.sh -g /usr/lib/firefox-3.6.10/firefox-bin
MOZILLA_FIVE_HOME=/usr/lib/firefox-3.6.10
  LD_LIBRARY_PATH=/usr/lib/firefox-3.6.10:/usr/lib/firefox-3.6.10/plugins:/usr/lib/firefox-3.6.10
DISPLAY=:3.0
DYLD_LIBRARY_PATH=/usr/lib/firefox-3.6.10:/usr/lib/firefox-3.6.10
     LIBRARY_PATH=/usr/lib/firefox-3.6.10:/usr/lib/firefox-3.6.10/components:/usr/lib/firefox-3.6.10
       SHLIB_PATH=/usr/lib/firefox-3.6.10:/usr/lib/firefox-3.6.10
          LIBPATH=/usr/lib/firefox-3.6.10:/usr/lib/firefox-3.6.10
       ADDON_PATH=/usr/lib/firefox-3.6.10
      MOZ_PROGRAM=/usr/lib/firefox-3.6.10/firefox-bin
      MOZ_TOOLKIT=
        moz_debug=1
     moz_debugger=
/usr/bin/gdb /usr/lib/firefox-3.6.10/firefox-bin -x /tmp/mozargs.SapGeZ
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/firefox-3.6.10/firefox-bin...Reading symbols from /usr/lib/debug/usr/lib/firefox-3.6.10/firefox-bin...done.
done.
(gdb) run
Starting program: /usr/lib/firefox-3.6.10/firefox-bin
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe79ff710 (LWP 6323)]
[New Thread 0x7fffe71fe710 (LWP 6324)]
[New Thread 0x7fffe66ff710 (LWP 6325)]
[New Thread 0x7fffe5efe710 (LWP 6326)]
[New Thread 0x7fffe56fd710 (LWP 6327)]
[Thread 0x7fffe56fd710 (LWP 6327) exited]
[Thread 0x7fffe66ff710 (LWP 6325) exited]
[Thread 0x7fffe5efe710 (LWP 6326) exited]
[Thread 0x7fffe71fe710 (LWP 6324) exited]
[Thread 0x7fffe79ff710 (LWP 6323) exited]
process 6320 is executing new program: /usr/lib/firefox-3.6.10/firefox-bin
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe79ff710 (LWP 6328)]
[New Thread 0x7fffe6ffa710 (LWP 6329)]
[New Thread 0x7fffe64ff710 (LWP 6330)]
[New Thread 0x7fffe5cfe710 (LWP 6331)]
[New Thread 0x7fffe54fd710 (LWP 6332)]
[New Thread 0x7fffe4cfc710 (LWP 6333)]
[New Thread 0x7fffe29f6710 (LWP 6334)]
[Thread 0x7fffe29f6710 (LWP 6334) exited]
[New Thread 0x7fffe29f6710 (LWP 6335)]
[Thread 0x7fffe54fd710 (LWP 6332) exited]
[Thread 0x7fffe29f6710 (LWP 6335) exited]
[Thread 0x7fffe4cfc710 (LWP 6333) exited]
[Thread 0x7fffe5cfe710 (LWP 6331) exited]
[Thread 0x7fffe64ff710 (LWP 6330) exited]
[Thread 0x7fffe6ffa710 (LWP 6329) exited]
[Thread 0x7fffe79ff710 (LWP 6328) exited]
process 6320 is executing new program: /usr/lib/firefox-3.6.10/firefox-bin
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe79ff710 (LWP 6336)]
[New Thread 0x7fffe6ffa710 (LWP 6337)]
[New Thread 0x7fffe64ff710 (LWP 6338)]
[New Thread 0x7fffe5cfe710 (LWP 6339)]
[New Thread 0x7fffe54fd710 (LWP 6340)]
[New Thread 0x7fffe4cfc710 (LWP 6341)]
[New Thread 0x7fffe26ff710 (LWP 6342)]
[Thread 0x7fffe26ff710 (LWP 6342) exited]
[New Thread 0x7fffe26ff710 (LWP 6343)]
[New Thread 0x7fffe15ff710 (LWP 6344)]
[New Thread 0x7fffdecff710 (LWP 6345)]
[New Thread 0x7fffdd7b9710 (LWP 6346)]
[New Thread 0x7fffdcfb8710 (LWP 6347)]
[New Thread 0x7fffdc5ff710 (LWP 6348)]
[New Thread 0x7fffdbbff710 (LWP 6349)]
*** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue()
*** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue()

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff71c8fe1 in AffixMgr::parse_file (this=0x7fffd61bf000,
    affpath=<value optimised out>, key=<value optimised out>)
    at affixmgr.cpp:759
759 affixmgr.cpp: No such file or directory.
 in affixmgr.cpp
(gdb) bt
#0 0x00007ffff71c8fe1 in AffixMgr::parse_file (this=0x7fffd61bf000,
    affpath=<value optimised out>, key=<value optimised out>)
    at affixmgr.cpp:759
#1 0x00007ffff71c9417 in AffixMgr::AffixMgr (this=0x7fffd61bf000,
    affpath=0x0, ptr=<value optimised out>, md=0x0, key=0x7ffff7eb1040 "")
    at affixmgr.cpp:168
#2 0x00007ffff71d22d2 in Hunspell::Hunspell (this=0x7fffe1751b70,
    affpath=0x7fffdab6ba68 "/usr/lib/firefox-3.6.10/dictionaries/th.aff",
    dpath=0x7fffffffb140 "/usr/lib/firefox-3.6.10/dictionaries/th.dic",
    key=0x0) at hunspell.cpp:92
#3 0x00007ffff71bda44 in mozHunspell::SetDictionary (this=0x7fffd6459ba0,
    aDictionary=<value optimised out>) at mozHunspell.cpp:168
#4 0x00007ffff71b492c in mozSpellChecker::SetCurrentDictionary (
    this=0x7fffd7c4b470, aDictionary=...) at mozSpellChecker.cpp:385
#5 0x00007ffff70bf22a in nsEditorSpellCheck::SetCurrentDictionary (
    this=<value optimised out>, aDictionary=<value optimised out>)
    at nsEditorSpellCheck.cpp:464
#6 0x00007ffff70c006e in nsEditorSpellCheck::InitSpellChecker (
    this=0x7fffda586840, aEditor=<value optimised out>,
    aEnableSelectionChecking=<value optimised out>)
    at nsEditorSpellCheck.cpp:241
#7 0x00007ffff71b9252 in mozInlineSpellChecker::SetEnableRealTimeSpell (
    this=0x7fffd7c4b3e0, aEnabled=<value optimised out>)
    at mozInlineSpellChecker.cpp:733
#8 0x00007ffff6deb626 in nsEditor::SyncRealTimeSpell (this=0x7fffd9f877a0)
    at nsEditor.cpp:1383
#9 0x00007ffff6de5045 in nsEditor::PostCreate (this=0x7ffff7eb1040)
    at nsEditor.cpp:292
#10 0x00007ffff6b872f1 in nsTextControlFrame::InitEditor (this=0x7fffd7e834a8)
    at nsTextControlFrame.cpp:1585
#11 0x00007ffff6b877d6 in nsTextControlFrame::DelayedEditorInit (
    this=0x7fffd7e834a8) at nsTextControlFrame.cpp:1358
#12 0x00007ffff6b894ff in nsTextControlFrame::EditorInitializer::Run() ()
   from /usr/lib/firefox-3.6.10/libxul.so
#13 0x00007ffff6c31345 in nsContentUtils::RemoveScriptBlocker ()
    at nsContentUtils.cpp:4495
---Type <return> to continue, or q <return> to quit---
#14 0x00007ffff6b1cc6e in ~nsAutoScriptBlocker (this=0x7fffda580800,
    aType=Flush_Style) at ../../dist/include/nsContentUtils.h:1676
#15 PresShell::FlushPendingNotifications (this=0x7fffda580800,
    aType=Flush_Style) at nsPresShell.cpp:4880
#16 0x00007ffff6bbe0e5 in nsComputedDOMStyle::GetStyleContextForContent (
    aContent=0x7fffdad8e900, aPseudo=0x0, aPresShell=0x7fffda580800)
    at nsComputedDOMStyle.cpp:324
#17 0x00007ffff6de7c25 in nsEditor::IsPreformatted (
    this=<value optimised out>, aNode=<value optimised out>,
    aResult=0x7fffffffba64) at nsEditor.cpp:4155
#18 0x00007ffff6dde8b2 in nsTextEditRules::WillInsertText (
    this=0x7fffdb2bc300, aAction=2000, aSelection=0x7fffda821cc0,
    aCancel=<value optimised out>, aHandled=<value optimised out>,
    inString=<value optimised out>, outString=0x7fffffffbaf0, aMaxLength=-1)
    at nsTextEditRules.cpp:760
#19 0x00007ffff6ddef6f in nsTextEditRules::WillDoAction (this=0x7ffff7eb1040,
    aSelection=<value optimised out>, aInfo=0x7ffffffe8a60,
    aCancel=<value optimised out>, aHandled=0x7ffff7eb1040)
    at nsTextEditRules.cpp:338
#20 0x00007ffff6dd8b85 in nsPlaintextEditor::InsertText (this=0x7fffd9f87940,
    aStringToInsert=...) at nsPlaintextEditor.cpp:797
#21 0x00007ffff6b86324 in nsTextControlFrame::SetValue (this=0x7fffd9a802d0,
    aValue=<value optimised out>) at nsTextControlFrame.cpp:2693
#22 0x00007ffff6b86cda in nsTextControlFrame::SetFormProperty (
    this=0x7fffd9a802d0, aName=<value optimised out>, aValue=...)
    at nsTextControlFrame.cpp:1897
#23 0x00007ffff6cd1bf8 in nsHTMLInputElement::SetValueInternal (
    this=<value optimised out>, aValue=..., aFrame=<value optimised out>,
    aUserInput=0) at nsHTMLInputElement.cpp:1116
#24 0x00007ffff6cd2e50 in nsHTMLInputElement::SetValue (this=0x7ffff7eb1040,
    aValue=...) at nsHTMLInputElement.cpp:927
#25 0x00007ffff69d1774 in nsIDOMHTMLInputElement_SetValue (cx=0x7fffe1747800,
    obj=<value optimised out>, id=140737057797412, vp=0x7fffffffc118)
    at dom_quickstubs.cpp:8617
#26 0x00007ffff6217c6a in js_SetSprop (cx=0x7fffe1747800, obj=0x7fffd7f40740,
    id=140737057797412, cacheResult=1, vp=<value optimised out>)
---Type <return> to continue, or q <return> to quit---
    at jsscope.h:636
#27 js_SetPropertyHelper (cx=0x7fffe1747800, obj=0x7fffd7f40740,
    id=140737057797412, cacheResult=1, vp=<value optimised out>)
    at jsobj.cpp:4456
#28 0x00007ffff61f708a in js_Interpret (cx=0x7fffe1747800) at jsops.cpp:1854
#29 0x00007ffff6206645 in js_Invoke (cx=0x7fffe1747800, argc=6320,
    vp=0x7fffda64b110, flags=<value optimised out>) at jsinterp.cpp:1368
#30 0x00007ffff61ed97a in js_fun_apply (cx=0x7fffe1747800, argc=1,
    vp=0x7fffda64b0e0) at jsfun.cpp:2046
#31 0x00007ffff61fdc8b in js_Interpret (cx=0x7fffe1747800) at jsops.cpp:2208
#32 0x00007ffff6206645 in js_Invoke (cx=0x7fffe1747800, argc=6320,
    vp=0x7fffda64b0c8, flags=<value optimised out>) at jsinterp.cpp:1368
#33 0x00007ffff61ed97a in js_fun_apply (cx=0x7fffe1747800, argc=1,
    vp=0x7fffda64b098) at jsfun.cpp:2046
#34 0x00007ffff61fdc8b in js_Interpret (cx=0x7fffe1747800) at jsops.cpp:2208
#35 0x00007ffff6206645 in js_Invoke (cx=0x7fffe1747800, argc=6320,
    vp=0x7fffda64b080, flags=<value optimised out>) at jsinterp.cpp:1368
#36 0x00007ffff61ed97a in js_fun_apply (cx=0x7fffe1747800, argc=1,
    vp=0x7fffda64b050) at jsfun.cpp:2046
#37 0x00007ffff61fdc8b in js_Interpret (cx=0x7fffe1747800) at jsops.cpp:2208
#38 0x00007ffff6206645 in js_Invoke (cx=0x7fffe1747800, argc=6320,
    vp=0x7fffda64b038, flags=<value optimised out>) at jsinterp.cpp:1368
#39 0x00007ffff6206eb0 in js_InternalInvoke (cx=0x7fffe1747800,
    obj=0x7fffdb277b80, fval=140736816497280, flags=<value optimised out>,
    argc=1, argv=<value optimised out>, rval=0x7fffffffd0d0)
    at jsinterp.cpp:1423
#40 0x00007ffff61b02ba in JS_CallFunctionValue (cx=0x7ffff7eb1040, obj=0x0,
    fval=140737352765504, argc=<value optimised out>,
    argv=<value optimised out>, rval=<value optimised out>) at jsapi.cpp:5114
#41 0x00007ffff6d7a61f in nsJSContext::CallEventHandler (this=0x7fffda899d00,
    aTarget=<value optimised out>, aScope=<value optimised out>,
    aHandler=0x7fffd7f44280, aargv=<value optimised out>, arv=0x7fffffffd270)
    at nsJSEnvironment.cpp:2177
#42 0x00007ffff6d952d9 in nsGlobalWindow::RunTimeout (this=0x7fffda5da000,
    aTimeout=0x7fffda90c400) at nsGlobalWindow.cpp:8164
#43 0x00007ffff6d95574 in nsGlobalWindow::TimerCallback (
---Type <return> to continue, or q <return> to quit---
    aTimer=<value optimised out>, aClosure=0x0) at nsGlobalWindow.cpp:8498
#44 0x00007ffff7290db5 in nsTimerImpl::Fire (this=0x7fffd7fe7ce0)
    at nsTimerImpl.cpp:427
#45 0x00007ffff7290e7f in nsTimerEvent::Run (this=<value optimised out>)
    at nsTimerImpl.cpp:519
#46 0x00007ffff728e8df in nsThread::ProcessNextEvent (this=0x7fffecf28e50,
    mayWait=0, result=0x7fffffffd3ac) at nsThread.cpp:527
#47 0x00007ffff72622ed in NS_ProcessNextEvent_P (thread=0x7ffff7eb1040,
    mayWait=0) at nsThreadUtils.cpp:250
#48 0x00007ffff71eb2ee in mozilla::ipc::MessagePump::Run (this=0x7fffe7a299c0,
    aDelegate=0x7fffecfb7360) at MessagePump.cpp:118
#49 0x00007ffff7236c94 in MessageLoop::Run (this=0x7fffecfb7360)
    at ./src/base/message_loop.cc:173
#50 0x00007ffff714b9ed in nsBaseAppShell::Run (this=0x7fffe667d1c0)
    at nsBaseAppShell.cpp:174
#51 0x00007ffff7018f3a in nsAppStartup::Run (this=0x7fffe2d42fc0)
    at nsAppStartup.cpp:183
#52 0x00007ffff6979b87 in XRE_main (argc=<value optimised out>,
    argv=<value optimised out>, aAppData=<value optimised out>)
    at nsAppRunner.cpp:3483
#53 0x00007ffff7ff3fa1 in main (argc=1, argv=0x7fffffffdd98)
    at nsBrowserApp.cpp:158
(gdb)

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: firefox 3.6.10+build1+nobinonly-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.35-22.33-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic x86_64
Architecture: amd64
Date: Thu Sep 30 11:35:59 2010
EcryptfsInUse: Yes
FirefoxPackages:
 firefox 3.6.10+build1+nobinonly-0ubuntu3
 firefox-gnome-support 3.6.10+build1+nobinonly-0ubuntu3
 firefox-branding 3.6.10+build1+nobinonly-0ubuntu3
 abroswer N/A
 abrowser-branding N/A
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
 LANGUAGE=en_AU:en_GB:en
 PATH=(custom, user)
 LANG=en_AU.utf8
 SHELL=/bin/bash
SourcePackage: firefox

Stuart Bishop (stub) wrote :
Chris Coulson (chrisccoulson) wrote :

Thank you for your bug report. However, starting in Maverick, we no longer track Firefox crashes in Launchpad, unless they are a platform issue. Please submit the crash report directly to Mozilla, using the upstream crash reporter (this will appear when Firefox crashes).

Feel free to post the crash ID from about:crashes once you have done so

Changed in firefox (Ubuntu):
status: New → Invalid
Chris Coulson (chrisccoulson) wrote :

Oh, actually, this might be a platform issue specific with that dictionary

Changed in firefox (Ubuntu):
status: Invalid → New
Chris Coulson (chrisccoulson) wrote :

Confirmed with the Thai dictionary on FF4 also

Changed in firefox (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
assignee: nobody → Chris Coulson (chrisccoulson)
Chris Coulson (chrisccoulson) wrote :

Will assign to me so it doesn't drop off my radar

madbiologist (me-again) wrote :

Official support for Ubuntu 10.10 "Maverick Meerkat" has ended. Does this still occur on Ubuntu 17.04 "Zesty Zapus"?

Changed in firefox (Ubuntu):
status: Confirmed → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers