Bug#608358: iceweasel crashes with segmentation fault loading http://www.rideuta.com
Wayne Rossberg
mach1 at xmission.com
Wed Dec 29 22:24:17 UTC 2010
Package: iceweasel
Version: 3.0.6-3
Severity: important
The program fails with Segmentation fault when run with the following
command:
iceweasel http://www.rideuta.com
A similar failure happens when linking to the above URL from some other
page. The URL http://www.slashdot.org also fails, but only after loading
some of the page header graphics.
The program behaves the same whether in safe mode or not.
Here is the backtrace for the command:
iceweasel -g http://www.rideuta.com 2>&1 | tee trace.tmp
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "alpha-linux-gnu"...
(no debugging symbols found)
(gdb) set pagination off
(gdb) run
Starting program: /usr/lib/iceweasel/firefox-bin -a iceweasel http://www.rideuta.com
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
Error while reading shared library symbols:
Cannot find new threads: generic error
Cannot find new threads: generic error
(gdb) continue
Continuing.
[New Thread 0x20000025d40 (LWP 2806)]
[New Thread 0x200043df250 (LWP 2809)]
[New Thread 0x20004c21250 (LWP 2811)]
[New Thread 0x200054bf250 (LWP 2812)]
[Thread 0x200054bf250 (LWP 2812) exited]
[New Thread 0x20005cbf250 (LWP 2813)]
[Thread 0x20005cbf250 (LWP 2813) exited]
[New Thread 0x20005cbf250 (LWP 2814)]
[New Thread 0x200054bf250 (LWP 2815)]
[New Thread 0x20006579250 (LWP 2816)]
[New Thread 0x20006d79250 (LWP 2817)]
[Thread 0x200054bf250 (LWP 2815) exited]
[Thread 0x20005cbf250 (LWP 2814) exited]
[Thread 0x20006579250 (LWP 2816) exited]
[New Thread 0x200054bf250 (LWP 2818)]
[Thread 0x200054bf250 (LWP 2818) exited]
[New Thread 0x20005cbf250 (LWP 2819)]
[New Thread 0x200054bf250 (LWP 2820)]
[New Thread 0x20006579250 (LWP 2821)]
[New Thread 0x20007957250 (LWP 2822)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x20000025d40 (LWP 2806)]
0x0000020001468268 in nsCOMPtr_base::assign_with_AddRef (this=0x11ff10d90, rawPtr=0x0) at ./../glue/nsCOMPtr.h:531
531 ./../glue/nsCOMPtr.h: No such file or directory.
in ./../glue/nsCOMPtr.h
Current language: auto; currently c++
(gdb) bt full
#0 0x0000020001468268 in nsCOMPtr_base::assign_with_AddRef (this=0x11ff10d90, rawPtr=0x0) at ./../glue/nsCOMPtr.h:531
No locals.
#1 0x0000020000a44a14 in nsConverterInputStream::Close (this=0x11ff10d78) at ../../../dist/include/xpcom/nsCOMPtr.h:713
rv = 555487184
#2 0x0000020000dba480 in nsHTMLFormElement::WalkRadioGroup (this=0x1213692a0, aName=@0x11ff10df0, aVisitor=0x12138dd10, aFlushContent=0) at ../../../../dist/include/xpcom/nsCOMPtr.h:950
item = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
stopIterating = 0
#3 0x0000020000dce68c in nsHTMLInputElement::VisitGroup (this=0x1211c0fd0, aVisitor=0x12138dd10, aFlushContent=0) at nsHTMLInputElement.cpp:2976
name = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff10e10, mLength = 16, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff10e10}, mStorage = {99, 116, 108, 48, 48, 36, 116, 105, 109, 101, 82, 97, 100, 105, 111, 115, 0, 8476, 1, 0, 3800, 8177, 1, 0, 4096, 8476, 1, 0, 37536, 8502, 1, 0, 0, 0, 0, 0, 35952, 52, 512, 0, 40756, 220, 512, 0, 3796, 8177, 1, 0, 4096, 8476, 1, 0, 416, 8476, 1, 0, 2360, 221, 512, 0, 12, 0, 0, 0}}
rv = <value optimized out>
container = {<nsCOMPtr_base> = {mRawPtr = 0x1213692f0}, <No data fields>}
#4 0x0000020000dd0950 in nsHTMLInputElement::AddedToRadioGroup (this=0x1211c0fd0, aNotify=580878554) at nsHTMLInputElement.cpp:2833
checked = <value optimized out>
checkedChanged = 0
visitor = {<nsCOMPtr_base> = {mRawPtr = 0x12138dd10}, <No data fields>}
rv = 0
container = {<nsCOMPtr_base> = {mRawPtr = 0x20000d2885c}, <No data fields>}
#5 0x0000020000db9bd4 in nsHTMLFormElement::AddElement (this=0x1213692a0, aChild=0x1211c1000, aNotify=0) at nsHTMLFormElement.cpp:1363
radio = {<nsCOMPtr_base> = {mRawPtr = 0x1211c1060}, <No data fields>}
childInElements = 1
controlList = <value optimized out>
count = <value optimized out>
element = {<nsCOMPtr_base> = {mRawPtr = 0x1211c0390}, <No data fields>}
lastElement = 1
position = <value optimized out>
type = 12
#6 0x0000020000d9ac64 in nsGenericHTMLFormElement::BindToTree (this=0x1211c0fd0, aDocument=<value optimized out>, aParent=<value optimized out>, aBindingParent=<value optimized out>, aCompileEventHandlers=<value optimized out>) at nsGenericHTMLElement.cpp:2680
nameVal = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff11060, mLength = 16, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11060}, mStorage = {99, 116, 108, 48, 48, 36, 116, 105, 109, 101, 82, 97, 100, 105, 111, 115, 0, 8254, 1, 0 <repeats 17 times>, 2, 0, 0, 0, 13596, 225, 512, 0, 4312, 8177, 1, 0, 0, 0, 17, 1, 63, 0, 1, 0, 4312, 8177, 1, 0, 0, 0, 0, 0}}
idVal = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff11100, mLength = 20, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11100}, mStorage = {99, 116, 108, 48, 48, 95, 100, 101, 112, 97, 114, 116, 117, 114, 101, 82, 97, 100, 105, 111, 0, 8476, 1, 0, 31800, 327, 512, 0, 49320, 434, 512, 0, 4664, 8177, 1, 0, 2, 0, 0, 0, 4048, 8476, 1, 0, 4632, 8177, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13784, 225, 512, 0, 7521, 354, 512, 0}}
rv = <value optimized out>
#7 0x0000020000dcdf54 in nsHTMLInputElement::BindToTree (this=0x20000d22900, aDocument=0x0, aParent=0x229f80da, aBindingParent=0x0, aCompileEventHandlers=8) at nsHTMLInputElement.cpp:1931
rv = <value optimized out>
#8 0x0000020000d257c4 in nsGenericElement::doInsertChildAt (aKid=0x1211c0fd0, aIndex=<value optimized out>, aNotify=0, aParent=0x1211c0570, aDocument=0x1210de010, aChildArray=@0x1211c0598) at nsGenericElement.cpp:2729
rv = 0
container = (nsINode *) 0x1211c0570
updateBatch = {mDocument = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mUpdateType = 1}
childCount = 3
#9 0x0000020000b00948 in nsINode::AppendChildTo (this=0x1211c0570, aKid=0x1211c0fd0, aNotify=0) at ../../../dist/include/content/nsINode.h:321
No locals.
#10 0x0000020000e10ed8 in SinkContext::Node::Add (this=0x1040, child=0x1211c0fd0) at nsHTMLContentSink.cpp:912
No locals.
#11 0x0000020000e128f8 in SinkContext::AddLeaf (this=0x12118c2a0, aContent=0x0) at nsHTMLContentSink.cpp:1171
No locals.
#12 0x0000020000e16e84 in SinkContext::AddLeaf (this=0x12118c2a0, aNode=@0x1211c09c0) at nsHTMLContentSink.cpp:1102
nodeType = <value optimized out>
#13 0x0000020000aaac00 in CNavDTD::AddLeaf (this=0x1211ccc20, aNode=0x1211c09c0) at CNavDTD.cpp:3054
result = <value optimized out>
#14 0x0000020000aab93c in CNavDTD::HandleDefaultStartToken (this=0x1211ccc20, aToken=0x1212b81c0, aChildTag=eHTMLTag_input, aNode=0x1211c09c0) at CNavDTD.cpp:1084
result = <value optimized out>
theChildIsContainer = 0
sTableElements = {eHTMLTag_table, eHTMLTag_thead, eHTMLTag_tbody, eHTMLTag_tr, eHTMLTag_tfoot}
#15 0x0000020000aabe78 in CNavDTD::HandleStartToken (this=0x1211ccc20, aToken=0x1212b81c0) at CNavDTD.cpp:1436
isTokenHandled = 0
theHeadIsParent = 0
isExclusive = 1
theNode = (class nsCParserNode *) 0x1211c09c0
theChildTag = eHTMLTag_input
attrCount = <value optimized out>
theParent = <value optimized out>
result = 0
#16 0x0000020000aac270 in CNavDTD::HandleToken (this=0x1211ccc20, aToken=0x1212b81c0, aParser=0x12118c100) at CNavDTD.cpp:760
result = 0
theTag = <value optimized out>
gLegalElements = {eHTMLTag_table, eHTMLTag_thead, eHTMLTag_tbody, eHTMLTag_tr, eHTMLTag_td, eHTMLTag_th, eHTMLTag_tfoot}
#17 0x0000020000aa77b0 in CNavDTD::BuildModel (this=0x1211ccc20, aParser=0x229f80da, aTokenizer=<value optimized out>, anObserver=<value optimized out>, aSink=<value optimized out>) at CNavDTD.cpp:336
theToken = (class CToken *) 0x2
result = <value optimized out>
oldTokenizer = (class nsITokenizer *) 0x1211ccd90
#18 0x0000020000ab58a4 in nsParser::BuildModel (this=0x12118c100) at nsParser.cpp:1790
theRootContext = (CParserContext *) 0x12118c2f0
theTokenizer = (class nsITokenizer *) 0x1211ccd90
result = 2
#19 0x0000020000ab85e4 in nsParser::ResumeParse (this=0x12118c100, allowIteration=<value optimized out>, aIsFinalChunk=1, aCanInterrupt=1) at nsParser.cpp:1667
theTokenizerResult = 0
theIterationIsOk = <value optimized out>
result = <value optimized out>
#20 0x0000020000ab61fc in nsParser::ContinueInterruptedParsing (this=0x12118c100) at nsParser.cpp:1183
result = 0
kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x12118c100}, <No data fields>}
#21 0x0000020000ce38e4 in nsContentSink::ContinueInterruptedParsingIfEnabled (this=0x12118c420) at nsContentSink.cpp:1496
No locals.
#22 0x0000020000ce7510 in nsRunnableMethod<nsContentSink>::Run (this=<value optimized out>) at ../../../dist/include/xpcom/nsThreadUtils.h:261
No locals.
#23 0x00000200014ba960 in nsThread::ProcessNextEvent (this=0x12008e150, mayWait=1, result=0x11ff11a10) at nsThread.cpp:510
notifyGlobalObserver = 1
obs = {<nsCOMPtr_base> = {mRawPtr = 0x120136bf8}, <No data fields>}
event = {<nsCOMPtr_base> = {mRawPtr = 0x1212a40d0}, <No data fields>}
rv = 0
#24 0x000002000146fe94 in NS_ProcessNextEvent_P (thread=0x20000d22900, mayWait=1) at nsThreadUtils.cpp:230
val = <value optimized out>
#25 0x00000200013ae990 in nsBaseAppShell::Run (this=0x120136bf0) at nsBaseAppShell.cpp:170
thread = (class nsIThread *) 0x20000d22900
#26 0x00000200011dc1d4 in nsAppStartup::Run (this=0x1201c4080) at nsAppStartup.cpp:181
rv = <value optimized out>
#27 0x000002000092c3e8 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3232
obsService = {<nsCOMPtr_base> = {mRawPtr = 0x120125a30}, <No data fields>}
remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x120347790}, <No data fields>}
appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x1201c4080}, <No data fields>}
workingDir = {<nsCOMPtr_base> = {mRawPtr = 0x1203dc290}, <No data fields>}
chromeObserver = {<nsCOMPtr_base> = {mRawPtr = 0x120122290}, <No data fields>}
cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0x1203dc250}, <No data fields>}
noEMRestart = <value optimized out>
xpcom = {mServiceManager = 0x120097ed8}
desktopStartupIDEnv = <value optimized out>
updRoot = {<nsCOMPtr_base> = {mRawPtr = 0x1200395f0}, <No data fields>}
persistent = 1
profLD = {<nsCOMPtr_base> = {mRawPtr = 0x12008df10}, <No data fields>}
dirProvider = {<nsIDirectoryServiceProvider2> = {<nsIDirectoryServiceProvider> = {<nsISupports> = {_vptr$nsISupports = 0x2000194ae40}, <No data fields>}, <No data fields>}, <nsIProfileStartup> = {<nsISupports> = {_vptr$nsISupports = 0x2000194ae88}, <No data fields>}, mAppProvider = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mGREDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200396e0}, <No data fields>}, mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200395f0}, <No data fields>}, mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200986b0}, <No data fields>}, mProfileLocalDir = {<nsCOMPtr_base> = {mRawPtr = 0x12008df10}, <No data fields>}, mProfileNotified = 1 '\001', mExtensionsLoaded = 1 '\001', mAppBundleDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x0}}, <No data fields>}, mExtensionDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x0}}, <No data fields>}, mThemeDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x1200c7fd0}}, <No data fields>}}
nativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x1200433c0}, <No data fields>}
desktopStartupIDPtr = <value optimized out>
startOffline = 0
profileName = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x12008d968 "default", mLength = 7, mFlags = 65541}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11e58 ""}, mStorage = "\000\226\003 \001\000\000\000x\032N\001\000\002\000\000\200\227\003 \001\000\000\000\035\000\000\000\000\000\000\000\b\037ñ\037\001\000\000\000\004\037ñ\037\001\000\000\000(Cñ\037\001\000\000\000\001\000\000\000\000\000\000"}
upgraded = 0
versionOK = <value optimized out>
appInitiatedRestart = 535894944
desktopStartupID = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x11ff11df8 "", mLength = 0, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11df8 ""}, mStorage = "\000c\002\000\000\002\000\000\001\000\000\000\000\000\000\000p¯±\001\000\002\000\000\224\036ñ\037\001\000\000\000X ñ\037\001\000\000\000\001", '\0' <repeats 15 times>, "¬\035N\001\000\002\000"}
canRun = <value optimized out>
xremotearg = <value optimized out>
profileLock = {<nsCOMPtr_base> = {mRawPtr = 0x12008ebe0}, <No data fields>}
profD = {<nsCOMPtr_base> = {mRawPtr = 0x1200986b0}, <No data fields>}
version = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x11ff11eb8 "3.0.6_2009082121/2010120923", mLength = 27, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11eb8 "3.0.6_2009082121/2010120923"}, mStorage = "3.0.6_2009082121/2010120923\000\000\000\000\000° ñ\037\001\000\000\000à\226\003 \001\000\000\000\034\000\000\000\000\000\000\000`\034N\001\000\002\000"}
needsRestart = <value optimized out>
display = (GdkDisplay *) 0x12005e000
osABI = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x2000154656f "Linux_Alpha-gcc3", mLength = 16, mFlags = 1}, <No data fields>}, <No data fields>}
rv = 0
ar = <value optimized out>
gtkModules = <value optimized out>
override = 0x0
appData = {<nsXREAppData> = {size = 112, directory = 0x1200395f0, vendor = 0x12003a0f0 "Mozilla", name = 0x12003a0b0 "Iceweasel", version = 0x12003a0d0 "3.0.6", buildID = 0x120039f90 "2009082121", ID = 0x120039910 "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", copyright = 0x120039940 "Copyright (c) 1998 - 2009 mozilla.org", flags = 6, xreDirectory = 0x1200396e0, minVersion = 0x120039fd0 "1.9", maxVersion = 0x120039ff0 "1.9", crashReporterURL = 0x120039560 "https://crash-reports.mozilla.com/submit", profile = 0x120039fb0 "mozilla/firefox"}, <No data fields>}
iniFile = {<nsCOMPtr_base> = {mRawPtr = 0x120039970}, <No data fields>}
localIniFile = {<nsCOMPtr_base> = {mRawPtr = 0x120039970}, <No data fields>}
parser = {mSections = {<nsBaseHashtable<nsDepCharHashKey,nsAutoPtr<nsINIParser_internal::INIValue>,nsINIParser_internal::INIValue*>> = {<nsTHashtable<nsBaseHashtableET<nsDepCharHashKey, nsAutoPtr<nsINIParser_internal::INIValue> > >> = {mTable = {ops = 0x20001ad3630, data = 0x0, hashShift = 28, maxAlphaFrac = 192 'À', minAlphaFrac = 64 '@', entrySize = 24, entryCount = 1, removedCount = 0, generation = 0, entryStore = 0x120039cb0 ""}}, <No data fields>}, <No data fields>}, mFileContents = {mRawPtr = 0x120039e40 "[Build"}}
i = <value optimized out>
#28 0x0000000120001898 in ?? ()
No symbol table info available.
#29 0x00000200001ddb90 in __libc_start_main () from /lib/libc.so.6.1
No symbol table info available.
#30 0x0000000120001328 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) q
The program is running. Exit anyway? (y or n)
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: alpha
Kernel: Linux 2.6.26-2-alpha-generic
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iceweasel depends on:
ii debianutils 2.30 Miscellaneous utilities specific t
ii fontconfig 2.6.0-3 generic font configuration library
ii libc6.1 2.7-18lenny6 GNU C Library: Shared libraries
ii libglib2.0-0 2.16.6-3 The GLib library of C routines
ii libgtk2.0-0 2.12.12-1~lenny2 The GTK+ graphical user interface
ii libnspr4-0d 4.7.1-5 NetScape Portable Runtime Library
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii procps 1:3.2.7-11 /proc file system utilities
ii psmisc 22.6-1 Utilities that use the proc filesy
ii xulrunner-1.9 1.9.0.19-7 XUL + XPCOM application runner
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
pn latex-xft-fonts <none> (no description available)
ii libkrb53 1.6.dfsg.4~beta1-5lenny6 MIT Kerberos runtime libraries
pn mozplugger <none> (no description available)
pn ttf-mathematica <none> (no description available)
pn xfonts-mathml <none> (no description available)
pn xprint <none> (no description available)
ii xulrunner-1.9-g 1.9.0.19-7 Support for GNOME in xulrunner app
-- no debconf information
More information about the pkg-mozilla-maintainers
mailing list