Ubuntu
firefox package

Firefox crashes when accessing some URLs

Bug #78916 reported by Colin Leroy-Mira
2
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: firefox

My Firefox on Dapper (1.5.dfsg+1.5.0.9-0ubuntu0.6.06, latest updates applied) crashes when accessing
http://seanodes.co.fr.clara.net/cgi-bin/mailman/admindb/itc

Here's a gdb backtrace:
cleroy@colin:~$ firefox -debug
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run http://seanodes.co.fr.clara.net/cgi-bin/mailman/admindb/itc
Starting program: /usr/lib/firefox/firefox-bin http://seanodes.co.fr.clara.net/cgi-bin/mailman/admindb/itc
[Thread debugging using libthread_db enabled]
[New Thread -1220180288 (LWP 20705)]
[New Thread -1221936208 (LWP 20708)]
[New Thread -1240589392 (LWP 20712)]
[New Thread -1256571984 (LWP 20716)]
[New Thread -1264964688 (LWP 20717)]
[Thread -1264964688 (LWP 20717) exited]
[New Thread -1273357392 (LWP 20718)]
[Thread -1273357392 (LWP 20718) exited]
[New Thread -1273357392 (LWP 20719)]
[New Thread -1264964688 (LWP 20720)]
[New Thread -1283675216 (LWP 20724)]
[New Thread -1294042192 (LWP 20725)]
[New Thread -1303667792 (LWP 20726)]
[Thread -1303667792 (LWP 20726) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1220180288 (LWP 20705)]
0xb68a85cc in nsPasswordManager::AttachToInput (this=0x8da6720, aElement=0x0) at nsPasswordManager.cpp:1962
1962 nsPasswordManager.cpp: No such file or directory.
        in nsPasswordManager.cpp
(gdb) bt full
#0 0xb68a85cc in nsPasswordManager::AttachToInput (this=0x8da6720, aElement=0x0) at nsPasswordManager.cpp:1962
        targ = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        listener = (nsIDOMEventListener *) 0x8da6734
#1 0xb68a9724 in nsPasswordManager::OnStateChange (this=0x8da6720, aWebProgress=0x89ce874, aRequest=0x89953dc, aStateFlags=131088, aStatus=0)
    at nsPasswordManager.cpp:948
        count = 3045956620
        i = 144500832
        passField = {<nsCOMPtr_base> = {mRawPtr = 0x84a5748}, <No data fields>}
        fc = {<nsCOMPtr_base> = {mRawPtr = 0xb7e2432e}, <No data fields>}
        index = -1075530424
        e = (nsPasswordManager::SignonDataEntry *) 0x0
        formNode = {<nsCOMPtr_base> = {mRawPtr = 0x8da1eb0}, <No data fields>}
        form = {<nsCOMPtr_base> = {mRawPtr = 0x8da1ebc}, <No data fields>}
        attachedToInput = 0
        userField = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
        passField = {<nsCOMPtr_base> = {mRawPtr = 0x8da6604}, <No data fields>}
        temp = {<nsCOMPtr_base> = {mRawPtr = 0x8da6604}, <No data fields>}
        firstMatch = (nsPasswordManager::SignonDataEntry *) 0x8dabfc8
        fieldType = {<nsFixedString> = {<nsString> = {<nsSubstring> = {<nsAString_internal> = {mVTable = 0xb7e98828, mData = 0xbfe4b418, mLength = 8,
          mFlags = 65553}, <No data fields>}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0xbfe4b418}, mStorage = {112, 97, 115, 115, 119,
    111, 114, 100, 0, 49124, 59490, 47067, 22384, 2122, 55644, 46477, 46152, 49124, 63360, 46475, 22384, 2122, 55644, 46477, 46168, 49124, 5643,
    46474, 22344, 2122, 0, 0, 46184, 49124, 22739, 46475, 22344, 2122, 0, 0, 46216, 49124, 2408, 46476, 22344, 2122, 55644, 46477, 46216, 49124,
    55644, 46477, 39932, 46477, 22344, 2122, 46264, 49124, 17947, 46474, 22344, 2122, 39932, 46477}}
#2 0xb58c0e62 in nsDocLoader::FireOnStateChange (this=0x82ace50, aProgress=0x89ce874, aRequest=0x89953dc, aStateFlags=131088, aStatus=0)
    at nsDocLoader.cpp:1210
        listener = {<nsCOMPtr_base> = {mRawPtr = 0x8da6730}, <No data fields>}
        count = 1
#3 0xb58c0ea0 in nsDocLoader::FireOnStateChange (this=0x84a5748, aProgress=0x89ce874, aRequest=0x89953dc, aStateFlags=131088, aStatus=0)
    at nsDocLoader.cpp:1217
        listener = {<nsCOMPtr_base> = {mRawPtr = 0x84a580c}, <No data fields>}
        count = -1
#4 0xb58c0ea0 in nsDocLoader::FireOnStateChange (this=0x89ce860, aProgress=0x89ce874, aRequest=0x89953dc, aStateFlags=131088, aStatus=0)
    at nsDocLoader.cpp:1217
        listener = {<nsCOMPtr_base> = {mRawPtr = 0x89ce924}, <No data fields>}
        count = -1
#5 0xb58c123b in nsDocLoader::doStopDocumentLoad (this=0x89ce860, request=0x89953dc, aStatus=0) at nsDocLoader.cpp:833
No locals.
---Type <return> to continue, or q <return> to quit---
#6 0xb58c1313 in nsDocLoader::DocLoaderIsEmpty (this=0x89ce860) at nsDocLoader.cpp:739
        docRequest = {<nsCOMPtr_base> = {mRawPtr = 0x89953dc}, <No data fields>}
        loadGroupStatus = 0
        kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x89ce860}, <No data fields>}
#7 0xb58c15df in nsDocLoader::OnStopRequest (this=0x89ce860, aRequest=0x8c4f7f0, aCtxt=0x0, aStatus=0) at nsDocLoader.cpp:662
        count = 0
        bFireTransferring = 0
        info = <value optimized out>
        rv = 0
#8 0xb72cde35 in nsLoadGroup::RemoveRequest (this=0x89ce290, request=0x8c4f7f0, ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:732
        observer = {<nsCOMPtr_base> = {mRawPtr = 0x89ce864}, <No data fields>}
#9 0xb6464c6e in nsDocument::UnblockOnload (this=0x8cc23b0) at nsDocument.cpp:5015
        loadGroup = {<nsCOMPtr_base> = {mRawPtr = 0x89ce290}, <No data fields>}
#10 0xb648656a in DestroyImagePLEvent (aEvent=0xb571f2e8) at nsImageLoadingContent.cpp:668
No locals.
#11 0xb7e63351 in PL_DestroyEvent (self=0xb571f2e8) at plevent.c:727
No locals.
#12 0xb7e633bd in PL_HandleEvent (self=0xb571f2e8) at plevent.c:699
        result = (void *) 0x0
#13 0xb7e63b2e in PL_ProcessPendingEvents (self=0x8116a20) at plevent.c:623
        event = (PLEvent *) 0x0
        count = 0
#14 0xb7e64ed0 in nsEventQueueImpl::ProcessPendingEvents (this=0x81169d8) at nsEventQueue.cpp:417
        correctThread = <value optimized out>
#15 0xb696f449 in event_processor_callback (source=0x846fec0, condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67
No locals.
#16 0xb77d552c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#17 0xb77ae8d6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#18 0xb77b1996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#19 0xb77b1cb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#20 0xb7be0765 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#21 0xb696f8da in nsAppShell::Run (this=0x82363d8) at nsAppShell.cpp:139
---Type <return> to continue, or q <return> to quit---
No locals.
#22 0xb68853d2 in nsAppStartup::Run (this=0x8239380) at nsAppStartup.cpp:150
        rv = <value optimized out>
#23 0x0804f321 in XRE_main (argc=2, argv=0xbfe4bde4, aAppData=0x80595e0) at nsAppRunner.cpp:2380
        remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x85c43c0}, <No data fields>}
#24 0x0804abe4 in main (argc=0, argv=0x0) at nsBrowserApp.cpp:61
No locals.
#25 0xb7544ea2 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#26 0x0804ab31 in _start () at ../sysdeps/i386/elf/start.S:119
No locals.
(gdb) frame 0
#0 0xb68a85cc in nsPasswordManager::AttachToInput (this=0x8da6720, aElement=0x0) at nsPasswordManager.cpp:1962
1962 in nsPasswordManager.cpp
(gdb) quit
The program is running. Exit anyway? (y or n) y

Revision history for this message
Freddy Martinez (freddymartinez9) wrote :

This bug is a duplicate, let me find the other bug report to link to it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.