[armhf] segfaults when trying to save a file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Fix Released
|
Critical
|
|||
firefox (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Won't Fix
|
Undecided
|
Unassigned | ||
Vivid |
Invalid
|
High
|
Unassigned | ||
iceweasel (Debian) |
Confirmed
|
Unknown
|
Bug Description
I reproduced by:
1) starting firefox on an armhf system
2) browsing to http://
3) right clicking on the "folder" image, clicking "Save Image As..."
4) then selecting a folder.
ubuntu@
(process:23506): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed
Gtk-Message: Failed to load module "canberra-
(firefox:23506): LIBDBUSMENU-
### THIS IS WHERE I SELECT SAVE IMAGE AS ###
1417625318797 GMPInstallManag
1417625318798 GMPInstallManag
1417625318800 GMPInstallManag
1417625318805 GMPInstallManag
(firefox:23506): Gtk-WARNING **: Attempting to store changes into `/home/
(firefox:23506): Gtk-WARNING **: Attempting to set the permissions of `/home/
ubuntu@
Changed in firefox (Ubuntu): | |
importance: | Undecided → High |
Changed in firefox: | |
importance: | Unknown → Critical |
status: | Unknown → Fix Released |
Changed in iceweasel (Debian): | |
status: | Unknown → Confirmed |
tags: | added: patch |
Changed in firefox (Ubuntu Utopic): | |
status: | New → Won't Fix |
Created attachment 8469247 arm-xpcom. patch
firefox-
This issue was reported on the Debian project: https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 756426
I haven't reproduced this myself, and I don't have a suitable test environment set up at the moment. The attached patch was written and tested by a colleague (Steve Capper), with the following explanation:
======= ======= ======= ======= ======= ======= ======= ======= ======= ===
NS_InvokeByIndex extracts arguments to an XPCOM method and places them
either in registers or on the stack as defined by the ARM calling
convention.
Unfortunately there is a bug when we have a 64-bit quantity passed
to the fourth argument, such as:
NS_IMETHODIMP :AddDownload( nsIURI* aSource, nsIURI* aReferrer,
PRTime aStartTime, nsIURI* aDestination)
History:
The function expects arguments 0 (this), 1 (aSource) and 2 (aReferrer)
to be in r0, r1, r2 and arguments 3 (aStartTime) and 4 (aDestination)
to be on the stack.
Due to a counting bug in copy_dword, we get aDestination passed in
r3 rather than the stack, leading to data corruption and a crash.
This patch adjusts the logic in copy_dword s.t. any failed attempts
to fit a parameter in registers prevents further parameters being
placed in registers.
I have tested this patch on Iceweasel 30.0 (FireFox 30.0) on Jessie,
and it appears to be stable.