Debian Bug report logs - #324344
mozilla-firefox: segfault on closing tabs

version graph

Package: mozilla-firefox; Maintainer for mozilla-firefox is (unknown);

Reported by: Simon Waters <simon@wretched.demon.co.uk>

Date: Sun, 21 Aug 2005 16:48:01 UTC

Severity: important

Found in version mozilla-firefox/1.0.4-2sarge2

Fixed in version mozilla-firefox/1.0.4-2sarge3

Done: Eric Dorland <eric@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#324344; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Simon Waters <simon@wretched.demon.co.uk>:
New Bug report received and forwarded. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon Waters <simon@wretched.demon.co.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mozilla-firefox: segfault on closing tabs
Date: Sun, 21 Aug 2005 17:35:06 +0100
Package: mozilla-firefox
Version: 1.0.4-2sarge2
Severity: important


Quite simply mozilla-firefox segfaults on closing a tab. This seems to
occur whether I use the close tab menu option, or the "X".

This appears to have occurred with the latest security fixed for this
package in Sarge, which I installed as a single package update this
morning.

Extensions
Web developer 0.9.3
BugMeNot 0.6.2
Bookmark Synchroniser 1.0.1
Image Zoom 0.1.7

There is a patch mentioned in the BTS for this problem with GTK 2.7,
which might be a duplicate. I will go try and find more information.
However the maintainer might want to check reproducibility, in case this
one slipped through testing.

I will go try the usual - remove my bespoke config files etc.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11.6
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages mozilla-firefox depends on:
ii  debianutils            2.8.4             Miscellaneous utilities specific t
ii  fontconfig             2.3.1-2           generic font configuration library
ii  libatk1.0-0            1.8.0-4           The ATK accessibility toolkit
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libfontconfig1         2.3.1-2           generic font configuration library
ii  libfreetype6           2.1.7-2.4         FreeType 2 font engine, shared lib
ii  libgcc1                1:3.4.3-13        GCC support library
ii  libglib2.0-0           2.6.4-1           The GLib library of C routines
ii  libgtk2.0-0            2.6.4-3           The GTK+ graphical user interface 
ii  libidl0                0.8.5-1           library for parsing CORBA IDL file
ii  libjpeg62              6b-10             The Independent JPEG Group's JPEG 
ii  libkrb53               1.3.6-2sarge2     MIT Kerberos runtime libraries
ii  libpango1.0-0          1.8.1-1           Layout and rendering of internatio
ii  libpng12-0             1.2.8rel-1        PNG library - runtime
ii  libstdc++5             1:3.3.5-13        The GNU Standard C++ Library v3
ii  libx11-6               4.3.0.dfsg.1-14   X Window System protocol client li
ii  libxext6               4.3.0.dfsg.1-14   X Window System miscellaneous exte
ii  libxft2                2.1.7-1           FreeType-based font drawing librar
ii  libxp6                 4.3.0.dfsg.1-14   X Window System printing extension
ii  libxt6                 4.3.0.dfsg.1-14   X Toolkit Intrinsics
ii  psmisc                 21.5-1            Utilities that use the proc filesy
ii  xlibs                  4.3.0.dfsg.1-14   X Keyboard Extension (XKB) configu
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#324344; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Simon Waters <simon@technocool.net>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #10 received at 324344@bugs.debian.org (full text, mbox):

From: Simon Waters <simon@technocool.net>
To: 324344@bugs.debian.org
Subject: Problem reproduced by installation of Web Developer Plugin 0.9.3
Date: Sun, 21 Aug 2005 17:59:39 +0100
Removed ".mozilla" (briefly confused when .firefox replaced it!)

Firefox started fine, bug not apparent.

Installed Webdeveloper 0.9.3 extension fine (there is a bug pending on
installing this).

Restarted firefox to activate the extension, and closing a tab causes a
segfault again.

Removed the extension, installed "Image Zoom 0.1.7" and the problem
doesn't recur.

Unclear if it is this extension, or some extensions, but clearly not all
extensions.



Information forwarded to debian-bugs-dist@lists.debian.org, Eric Dorland <eric@debian.org>:
Bug#324344; Package mozilla-firefox. Full text and rfc822 format available.

Acknowledgement sent to Maurits van Rees <maurits@vanrees.org>:
Extra info received and forwarded to list. Copy sent to Eric Dorland <eric@debian.org>. Full text and rfc822 format available.

Message #15 received at 324344@bugs.debian.org (full text, mbox):

From: Maurits van Rees <maurits@vanrees.org>
To: Debian Bug Tracking System <324344@bugs.debian.org>
Subject: mozilla-firefox: segfaults on many actions
Date: Mon, 22 Aug 2005 10:08:34 +0200
Package: mozilla-firefox
Version: 1.0.4-2sarge2
Followup-For: Bug #324344


My shiny new firefox in sarge lives up to its name and comes crashing
down in flames. ;) I did some testing and found that extensions cause
problems.  I could enter the Tools->Extensions menu at first after
this update, but currently that results in a segfault:

maurits@mauritsvanrees:~$ firefox -safe-mode -P default &
[5] 29930
maurits@mauritsvanrees:~$ *** loading the extensions datasource

[5]-  Segmentatie fout        (core dumped) firefox -safe-mode -P default

I'm not sure why it needs to load the extensions datasource when in
safe-mode.  Anyway, I ran it through gdb and made a backtrace.  I did
it like this:

$ gdb /usr/lib/mozilla-firefox/firefox-bin  core.29930  -x gdb-bt -batch > gdb-output

with the gdb-bt file having just 'bt' for backtrace as its contents.
This resulted in a warning:

warning: current_sos: Can't read pathname for load map: Invoer-/uitvoerfout

Not sure what that is about, but here is the resulting backtrace:

------------------------------------
(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
Core was generated by `/usr/lib/mozilla-firefox/firefox-bin -a firefox -safe-mode -P default'.
Program terminated with signal 11, Segmentation fault.
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
#0  0x401b3852 in raise () from /lib/tls/libpthread.so.0
#0  0x401b3852 in raise () from /lib/tls/libpthread.so.0
#1  0x08c1abfa in nsProfileLock::FatalSignalHandler ()
#2  <signal handler called>
#3  0x40038022 in JS_GetClass () from /usr/lib/mozilla-firefox/libmozjs.so
#4  0x08463a54 in nsScriptSecurityManager::CheckObjectAccess ()
#5  0x400588a8 in js_ErrorFromException () from /usr/lib/mozilla-firefox/libmozjs.so
#6  0x400597a1 in js_ErrorToException () from /usr/lib/mozilla-firefox/libmozjs.so
#7  0x400429a0 in js_ContextIterator () from /usr/lib/mozilla-firefox/libmozjs.so
#8  0x40043109 in js_ReportErrorNumberVA () from /usr/lib/mozilla-firefox/libmozjs.so
#9  0x4003c66a in JS_ReportErrorNumber () from /usr/lib/mozilla-firefox/libmozjs.so
#10 0x4007951d in js_ValueToNonNullObject () from /usr/lib/mozilla-firefox/libmozjs.so
#11 0x400663a6 in js_Interpret () from /usr/lib/mozilla-firefox/libmozjs.so
#12 0x40060617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#13 0x0836d5be in nsXPCWrappedJSClass::CheckForException ()
#14 0x0836af8b in nsXPCWrappedJS::FindInherited ()
#15 0x40141743 in XPTC_InvokeByIndex () from /usr/lib/mozilla-firefox/libxpcom.so
#16 0x0846dfe4 in CompositeDataSourceImpl::CompositeDataSourceImpl ()
#17 0x088cd244 in nsTemplateRule::ComputeAssignmentFor ()
#18 0x088cc031 in nsTemplateMatch::GetAssignmentFor ()
#19 0x087c3e12 in nsXULTemplateBuilder::SubstituteTextReplaceVariable ()
#20 0x087c3bd6 in nsXULTemplateBuilder::ParseAttribute ()
#21 0x087c3d4f in nsXULTemplateBuilder::SubstituteText ()
#22 0x087b067f in nsXULContentBuilder::BuildContentFromTemplate ()
#23 0x087b2344 in nsXULContentBuilder::CreateContainerContents ()
#24 0x087b2005 in nsXULContentBuilder::CreateTemplateAndContainerContents ()
#25 0x087b3dbe in nsXULContentBuilder::RebuildAll ()
#26 0x087c1b07 in nsXULTemplateBuilder::Init ()
#27 0x087c1da5 in nsXULTemplateBuilder::AttributeChanged ()
#28 0x087b33c6 in nsXULContentBuilder::AttributeChanged ()
#29 0x087378db in nsXULDocument::AttributeChanged ()
#30 0x087a612e in nsXULElement::SetAttrAndNotify ()
#31 0x087a5df2 in nsXULElement::SetAttr ()
#32 0x087a349a in nsXULElement::GetNodeInfo ()
#33 0x401415e5 in XPTC_InvokeByIndex () from /usr/lib/mozilla-firefox/libxpcom.so
#34 0x083721de in XPCWrappedNative::CallMethod ()
#35 0x08379701 in XPC_WN_CallMethod ()
#36 0x40060546 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#37 0x4006a5c9 in js_Interpret () from /usr/lib/mozilla-firefox/libmozjs.so
#38 0x40060617 in js_Invoke () from /usr/lib/mozilla-firefox/libmozjs.so
#39 0x400608f3 in js_InternalInvoke () from /usr/lib/mozilla-firefox/libmozjs.so
#40 0x4003bebb in JS_CallFunctionValue () from /usr/lib/mozilla-firefox/libmozjs.so
#41 0x088c03cf in nsJSContext::CallEventHandler ()
#42 0x087863e6 in nsJSEventListener::SetEventName ()
#43 0x0869fb07 in nsEventListenerManager::HandleEventSubType ()
#44 0x0869ffaa in nsEventListenerManager::HandleEventSubType ()
#45 0x0875a656 in GlobalWindowImpl::HandleDOMEvent ()
#46 0x08646879 in DocumentViewerImpl::InitInternal ()
#47 0x0892f577 in nsDocShell::EndPageLoad ()
#48 0x08905d49 in nsWebShell::EndPageLoad ()
#49 0x0892f2d7 in nsDocShell::IsPrintingOrPP ()
#50 0x0890ec1e in nsDocLoaderImpl::FireOnStateChange ()
#51 0x0890e288 in nsDocLoaderImpl::doStopDocumentLoad ()
#52 0x0890e151 in nsDocLoaderImpl::DocLoaderIsEmpty ()
#53 0x0890ded8 in nsDocLoaderImpl::~nsDocLoaderImpl ()
#54 0x083cc15e in nsLoadGroup::Create ()
#55 0x0852e168 in imgRequestProxy::RemoveFromLoadGroup ()
#56 0x0852d7b8 in imgRequest::RemoveFromCache ()
#57 0x0852b9f2 in ProxyListener::~ProxyListener ()
#58 0x0842d640 in nsJARChannel::EnsureJarInput ()
#59 0x083c849d in nsInputStreamPump::OnStateStop ()
#60 0x083c8225 in nsInputStreamPump::EnsureWaiting ()
#61 0x4010fc11 in nsInputStreamReadyEvent::EventHandler () from /usr/lib/mozilla-firefox/libxpcom.so
#62 0x40126237 in PL_HandleEvent () from /usr/lib/mozilla-firefox/libxpcom.so
#63 0x40126164 in PL_ProcessPendingEvents () from /usr/lib/mozilla-firefox/libxpcom.so
#64 0x40127df9 in nsEventQueueImpl::NotifyObservers () from /usr/lib/mozilla-firefox/libxpcom.so
#65 0x08569c05 in nsBaseWidget::FreeNativeData ()
#66 0x40616dbf in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#67 0x405f1582 in g_main_depth () from /usr/lib/libglib-2.0.so.0
#68 0x405f25f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#69 0x405f2930 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#70 0x405f2ed3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#71 0x402d7bb3 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#72 0x08569f48 in nsAppShell::ReleaseGlobals ()
#73 0x08a112d4 in nsAppShellService::AttemptingQuit ()
#74 0x08c163d0 in xre_main ()
#75 0x0834b864 in main ()
------------------------------------

Maybe this is usual for core dumps, but I find the size of the dump
strange.  Note the quite different sizes here:

maurits@mauritsvanrees:~/tmp$ ls -sh core.29930
11M core.29930
maurits@mauritsvanrees:~/tmp$ ls -lh core.29930
-rw-------  1 maurits maurits 59M 2005-08-22 09:44 core.29930

It's probably unrelated, but I mentioned it just in case.

BTW, I see that mozilla-firefox uses the .mozilla/firefox directory
for new profiles.  My old profile is still in .firefox.  I wonder if
that mixes it up more.  But I can get new profiles to crash as well.

Well, starting firefox with -safe-mode is my current workaround.  This
discourages most of the crashes.

For the record: there is a discussion on the debian-user mailing list
about this and related problems:
http://lists.debian.org/debian-user/2005/08/msg02391.html

A list of my extensions:

DOM Inspector 1.0
Checky 2.5
ContextMenu Extensions 3.1.2005012901
Diggler 0.9
Live HTTP Headers 0.10
Nederlands (=Dutch) (NL) Language Pack 1.0.4

I hope this bug report helps.  Good luck in solving this and thanks
for your time.

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=nl_NL@euro, LC_CTYPE=nl_NL@euro (charmap=ISO-8859-15)

Versions of packages mozilla-firefox depends on:
ii  debianutils            2.8.4             Miscellaneous utilities specific t
ii  fontconfig             2.3.1-2           generic font configuration library
ii  libatk1.0-0            1.8.0-4           The ATK accessibility toolkit
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libfontconfig1         2.3.1-2           generic font configuration library
ii  libfreetype6           2.1.7-2.4         FreeType 2 font engine, shared lib
ii  libgcc1                1:3.4.3-13        GCC support library
ii  libglib2.0-0           2.6.4-1           The GLib library of C routines
ii  libgtk2.0-0            2.6.4-3           The GTK+ graphical user interface 
ii  libidl0                0.8.5-1           library for parsing CORBA IDL file
ii  libjpeg62              6b-10             The Independent JPEG Group's JPEG 
ii  libkrb53               1.3.6-2sarge2     MIT Kerberos runtime libraries
ii  libpango1.0-0          1.8.1-1           Layout and rendering of internatio
ii  libpng12-0             1.2.8rel-1        PNG library - runtime
ii  libstdc++5             1:3.3.5-13        The GNU Standard C++ Library v3
ii  libx11-6               4.3.0.dfsg.1-14   X Window System protocol client li
ii  libxext6               4.3.0.dfsg.1-14   X Window System miscellaneous exte
ii  libxft2                2.1.7-1           FreeType-based font drawing librar
ii  libxp6                 4.3.0.dfsg.1-14   X Window System printing extension
ii  libxt6                 4.3.0.dfsg.1-14   X Toolkit Intrinsics
ii  psmisc                 21.5-1            Utilities that use the proc filesy
ii  xlibs                  4.3.0.dfsg.1-14   X Keyboard Extension (XKB) configu
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

-- no debconf information



Reply sent to Eric Dorland <eric@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Simon Waters <simon@wretched.demon.co.uk>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 324344-done@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 324473-done@bugs.debian.org, 324516-done@bugs.debian.org, 324617-done@bugs.debian.org, 324173-done@bugs.debian.org, 324186-done@bugs.debian.org, 324311-done@bugs.debian.org, 324344-done@bugs.debian.org, 324544-done@bugs.debian.org, 324609-done@bugs.debian.org, 324657-done@bugs.debian.org, 324747-done@bugs.debian.org, 324752-done@bugs.debian.org, 324873-done@bugs.debian.org, 324876-done@bugs.debian.org, 324184-done@bugs.debian.org, 324204-done@bugs.debian.org, 324328-done@bugs.debian.org, 324345-done@bugs.debian.org, 324363-done@bugs.debian.org, 324366-done@bugs.debian.org, 324686-done@bugs.debian.org, 324689-done@bugs.debian.org, 325388-done@bugs.debian.org, 325454-done@bugs.debian.org, 325458-done@bugs.debian.org, 325612-done@bugs.debian.org
Subject: Fixed in mozilla-firefox 1.0.4-2sarge3
Date: Sun, 4 Sep 2005 00:49:25 -0400
[Message part 1 (text/plain, inline)]
Package: mozilla-firefox
Version: 1.0.4-2sarge3

Hello submitters,

Security update 1.0.4-2sarge2 was an extremely bug ridden release, it
generated a lot of bug reports. Instead of going through them all and
making sure they're all fixed, I'm going to assume 1.0.4-2sarge3 fixed
things and close them. If you're still experiencing problems under
1.0.4-2sarge3, please reopen.

Sorry for the trouble.

-- 
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
------END GEEK CODE BLOCK------
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 10:12:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 13:26:18 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.