Ubuntu

MASTER firefox crashed [@vfprintf] ... -- libvlc.so.0

Reported by RichWolf on 2007-01-10
202
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GLibC
Fix Released
Medium
firefox (Ubuntu)
High
Mozilla Bugs
glibc (Ubuntu)
Undecided
Unassigned
vlc (Ubuntu)
Undecided
Unassigned

Bug Description

... closing webpage

Binary package hint: firefox

Here's the webpage: http://web.mac.com/a_thorkildsen/iWeb/www.andreasthorkildsen.com/Movies.html

Contains Quicktime clips. I have installed plugin VLC for firfox to play these types of files but have not been successful yet. This page just crashes since I added the plugins.

At first I thought it was the page I was going TO, but I found that it was going FROM or closing the page mentioned causes the crash. See attached crash file.

Possible test case (from bug #129080):
I reproduce the crash doing this:
- Open Firefox
- Go to http://www.apple.com/trailers
- Click on The Simpsons Movie trailer
- Select the trailer 2, medium
- Then, firefox crash.

RichWolf (rspeedyw) wrote :
RichWolf (rspeedyw) on 2007-01-10
description: updated
description: updated
RichWolf (rspeedyw) on 2007-01-10
description: updated
David Farning (dfarning) on 2007-01-31
Changed in firefox:
assignee: nobody → mozillateam
importance: Undecided → Medium
Changed in firefox:
status: Unconfirmed → Needs Info
David Farning (dfarning) on 2007-02-24
Changed in firefox:
assignee: mozillateam → mozilla-bugs
Alexander Sack (asac) on 2007-04-20
description: updated
description: updated

This does seem related to the 6.10 distro and/or firefox version that is included. I have upgraded to 7.04(Feisty) and do not have the crash problem now, although I still can't get Quicktime files to play in the browser.

Retrace done.

Extract from retraced stacktrace:
...
#0 vfprintf () from /lib/tls/i686/cmov/libc.so.6
#1 vasprintf () from /lib/tls/i686/cmov/libc.so.6
#2 __msg_Create () from /usr/lib/libvlc.so.0
#3 ?? ()
#4 ?? () from /usr/lib/libvlc.so.0
#5 ?? ()
#6 ?? ()
#7 ?? ()
#8 ?? ()
#9 _nl_default_default_domain ()
#10 ?? ()
#11 ?? () from /lib/tls/i686/cmov/libc.so.6
#12 ?? ()
...

Tagging as mt-confirm for further processing

Retraced Thread Stacktrace

Changed in firefox:
status: Needs Info → Confirmed
importance: Medium → High

After isolating the vlc plugin, my firefox continues to crashes to desktop when attempting to leave the page (either by trying to navigate away or closing the tab) linked to in the bug description.

Currently running KDE (K)Ubuntu 7.04

Firefox 2.0.0.3+1-0ubuntu2

VLC and VLC plugin shown to be version 0.8.6.release-0ubuntu4

Firefox is reporting the VLC plugin as follows:

    File name: libvlcplugin.so
    Version 0.8.6 Janus, copyright 1996-2006 The VideoLAN Team

Johan Walles (walles) wrote :

I'm guessing this bug won't be resolved until the retracer gets some love.

Bug 95504 deals with the problematic retrace.

Alexander Sack (asac) wrote :

we set this bug to invalid for firefox task until there is evidence that this is not a vlc issue. We will still catch duplicates though.

Changed in firefox:
status: Confirmed → Invalid
description: updated

in debian bug http://bugs.debian.org/443660 was reported a crash due to
dgettext in a multi-threaded context.

It was reported that when it crashes (as it seems to be a race, it's hard to)
a valgrind trace looks like that:

==3535== Thread 3:
==3535== Invalid read of size 4
==3535== at 0x4063F0B: _nl_find_msg (dcigettext.c:862)
==3535== by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535== by 0x4063972: dcgettext (dcgettext.c:53)
==3535== by 0x406399F: dgettext (dgettext.c:54)
==3535== by 0x80484DD: run (in /home/remi/a.out)
==3535== by 0x402D2D2: start_thread (pthread_create.c:296)
==3535== by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)
==3535== Address 0x418C91C is 0 bytes after a block of size 12 alloc'd
==3535== at 0x4024862: realloc (vg_replace_malloc.c:306)
==3535== by 0x4063FF1: _nl_find_msg (dcigettext.c:876)
==3535== by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535== by 0x4063972: dcgettext (dcgettext.c:53)
==3535== by 0x406399F: dgettext (dgettext.c:54)
==3535== by 0x80484DD: run (in /home/remi/a.out)
==3535== by 0x402D2D2: start_thread (pthread_create.c:296)
==3535== by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)

THe second block looks indeed fishy, as I seem to understand that the realloc
is perfomed on a shared data, without locking.

Should be fixed in cvs.

Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10 beta?

Changed in vlc:
status: New → Incomplete
Johan Walles (walles) wrote :

Daniel,

this is an intermittent problem, and it is thus hard to tell whether it is fixed.

Getting a proper retrace would help very much in diagnosing the issue.

The stack trace produced by Ubuntu's retracing service is unfortunately broken. This was reported early 2007 (bug 95504), but has not yet been picked up by the retracer developers.

AFAICT, until bug 95504 gets some attention, this one will be un-resolved as well.

I'm using 8.04, Firefox 3.03 and don't have this problem anymore.

On Tue, Oct 7, 2008 at 10:07 PM, Daniel T Chen
>
> Is this symptom still reproducible in 8.10 beta?
>
>
>

Rémi Denis-Courmont (rdenis) wrote :

This is a well known gettext race condition, fixed in glibc 2.7. See also 92868.

This is not a VLC bug (neither Mozilla).

Rémi Denis-Courmont (rdenis) wrote :

This bug is real. But it belongs on libc...

Changed in vlc:
status: Incomplete → Confirmed
Changed in vlc:
status: Confirmed → Invalid
Changed in glibc:
status: Unknown → Fix Released
Rémi Denis-Courmont (rdenis) wrote :

This is all because of races in older versions of glibc. Namely those two (now fixed) bugs are at fault:
http://sourceware.org/bugzilla/show_bug.cgi?id=5058 (a.k.a. http://bugs.debian.org/443660)
http://sourceware.org/bugzilla/show_bug.cgi?id=5443 (a.k.a. http://bugs.debian.org/456531)

In upstream glibc, those bugs are fixed with version 2.8. In Debian, 2.7-11 has the backported fixes. I have not been able to test on Ubuntu yet, but I assume this means the bug is in all versions before Intrepid.

Changed in glibc:
importance: Unknown → Medium
Thomas Hotz (thotz) on 2012-12-03
Changed in glibc (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.