Bug#608358: iceweasel crashes with segmentation fault loading http://www.rideuta.com

Wayne Rossberg mach1 at xmission.com
Wed Dec 29 22:24:17 UTC 2010


Package: iceweasel
Version: 3.0.6-3
Severity: important


The program fails with Segmentation fault when run with the following
command:

   iceweasel http://www.rideuta.com

A similar failure happens when linking to the above URL from some other
page. The URL http://www.slashdot.org also fails, but only after loading
some of the page header graphics.

The program behaves the same whether in safe mode or not.

Here is the backtrace for the command:

   iceweasel -g http://www.rideuta.com 2>&1 | tee trace.tmp

GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "alpha-linux-gnu"...
(no debugging symbols found)
(gdb) set pagination off
(gdb) run
Starting program: /usr/lib/iceweasel/firefox-bin -a iceweasel http://www.rideuta.com
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
Error while reading shared library symbols:
Cannot find new threads: generic error
Cannot find new threads: generic error
(gdb) continue
Continuing.
[New Thread 0x20000025d40 (LWP 2806)]
[New Thread 0x200043df250 (LWP 2809)]
[New Thread 0x20004c21250 (LWP 2811)]
[New Thread 0x200054bf250 (LWP 2812)]
[Thread 0x200054bf250 (LWP 2812) exited]
[New Thread 0x20005cbf250 (LWP 2813)]
[Thread 0x20005cbf250 (LWP 2813) exited]
[New Thread 0x20005cbf250 (LWP 2814)]
[New Thread 0x200054bf250 (LWP 2815)]
[New Thread 0x20006579250 (LWP 2816)]
[New Thread 0x20006d79250 (LWP 2817)]
[Thread 0x200054bf250 (LWP 2815) exited]
[Thread 0x20005cbf250 (LWP 2814) exited]
[Thread 0x20006579250 (LWP 2816) exited]
[New Thread 0x200054bf250 (LWP 2818)]
[Thread 0x200054bf250 (LWP 2818) exited]
[New Thread 0x20005cbf250 (LWP 2819)]
[New Thread 0x200054bf250 (LWP 2820)]
[New Thread 0x20006579250 (LWP 2821)]
[New Thread 0x20007957250 (LWP 2822)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x20000025d40 (LWP 2806)]
0x0000020001468268 in nsCOMPtr_base::assign_with_AddRef (this=0x11ff10d90, rawPtr=0x0) at ./../glue/nsCOMPtr.h:531
531	./../glue/nsCOMPtr.h: No such file or directory.
	in ./../glue/nsCOMPtr.h
Current language:  auto; currently c++
(gdb) bt full
#0  0x0000020001468268 in nsCOMPtr_base::assign_with_AddRef (this=0x11ff10d90, rawPtr=0x0) at ./../glue/nsCOMPtr.h:531
No locals.
#1  0x0000020000a44a14 in nsConverterInputStream::Close (this=0x11ff10d78) at ../../../dist/include/xpcom/nsCOMPtr.h:713
	rv = 555487184
#2  0x0000020000dba480 in nsHTMLFormElement::WalkRadioGroup (this=0x1213692a0, aName=@0x11ff10df0, aVisitor=0x12138dd10, aFlushContent=0) at ../../../../dist/include/xpcom/nsCOMPtr.h:950
	item = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
	stopIterating = 0
#3  0x0000020000dce68c in nsHTMLInputElement::VisitGroup (this=0x1211c0fd0, aVisitor=0x12138dd10, aFlushContent=0) at nsHTMLInputElement.cpp:2976
	name = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff10e10, mLength = 16, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff10e10}, mStorage = {99, 116, 108, 48, 48, 36, 116, 105, 109, 101, 82, 97, 100, 105, 111, 115, 0, 8476, 1, 0, 3800, 8177, 1, 0, 4096, 8476, 1, 0, 37536, 8502, 1, 0, 0, 0, 0, 0, 35952, 52, 512, 0, 40756, 220, 512, 0, 3796, 8177, 1, 0, 4096, 8476, 1, 0, 416, 8476, 1, 0, 2360, 221, 512, 0, 12, 0, 0, 0}}
	rv = <value optimized out>
	container = {<nsCOMPtr_base> = {mRawPtr = 0x1213692f0}, <No data fields>}
#4  0x0000020000dd0950 in nsHTMLInputElement::AddedToRadioGroup (this=0x1211c0fd0, aNotify=580878554) at nsHTMLInputElement.cpp:2833
	checked = <value optimized out>
	checkedChanged = 0
	visitor = {<nsCOMPtr_base> = {mRawPtr = 0x12138dd10}, <No data fields>}
	rv = 0
	container = {<nsCOMPtr_base> = {mRawPtr = 0x20000d2885c}, <No data fields>}
#5  0x0000020000db9bd4 in nsHTMLFormElement::AddElement (this=0x1213692a0, aChild=0x1211c1000, aNotify=0) at nsHTMLFormElement.cpp:1363
	radio = {<nsCOMPtr_base> = {mRawPtr = 0x1211c1060}, <No data fields>}
	childInElements = 1
	controlList = <value optimized out>
	count = <value optimized out>
	element = {<nsCOMPtr_base> = {mRawPtr = 0x1211c0390}, <No data fields>}
	lastElement = 1
	position = <value optimized out>
	type = 12
#6  0x0000020000d9ac64 in nsGenericHTMLFormElement::BindToTree (this=0x1211c0fd0, aDocument=<value optimized out>, aParent=<value optimized out>, aBindingParent=<value optimized out>, aCompileEventHandlers=<value optimized out>) at nsGenericHTMLElement.cpp:2680
	nameVal = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff11060, mLength = 16, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11060}, mStorage = {99, 116, 108, 48, 48, 36, 116, 105, 109, 101, 82, 97, 100, 105, 111, 115, 0, 8254, 1, 0 <repeats 17 times>, 2, 0, 0, 0, 13596, 225, 512, 0, 4312, 8177, 1, 0, 0, 0, 17, 1, 63, 0, 1, 0, 4312, 8177, 1, 0, 0, 0, 0, 0}}
	idVal = {<nsFixedString> = {<nsString> = {<nsAString_internal> = {<nsSubstring_base> = {<No data fields>}, mData = 0x11ff11100, mLength = 20, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11100}, mStorage = {99, 116, 108, 48, 48, 95, 100, 101, 112, 97, 114, 116, 117, 114, 101, 82, 97, 100, 105, 111, 0, 8476, 1, 0, 31800, 327, 512, 0, 49320, 434, 512, 0, 4664, 8177, 1, 0, 2, 0, 0, 0, 4048, 8476, 1, 0, 4632, 8177, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13784, 225, 512, 0, 7521, 354, 512, 0}}
	rv = <value optimized out>
#7  0x0000020000dcdf54 in nsHTMLInputElement::BindToTree (this=0x20000d22900, aDocument=0x0, aParent=0x229f80da, aBindingParent=0x0, aCompileEventHandlers=8) at nsHTMLInputElement.cpp:1931
	rv = <value optimized out>
#8  0x0000020000d257c4 in nsGenericElement::doInsertChildAt (aKid=0x1211c0fd0, aIndex=<value optimized out>, aNotify=0, aParent=0x1211c0570, aDocument=0x1210de010, aChildArray=@0x1211c0598) at nsGenericElement.cpp:2729
	rv = 0
	container = (nsINode *) 0x1211c0570
	updateBatch = {mDocument = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mUpdateType = 1}
	childCount = 3
#9  0x0000020000b00948 in nsINode::AppendChildTo (this=0x1211c0570, aKid=0x1211c0fd0, aNotify=0) at ../../../dist/include/content/nsINode.h:321
No locals.
#10 0x0000020000e10ed8 in SinkContext::Node::Add (this=0x1040, child=0x1211c0fd0) at nsHTMLContentSink.cpp:912
No locals.
#11 0x0000020000e128f8 in SinkContext::AddLeaf (this=0x12118c2a0, aContent=0x0) at nsHTMLContentSink.cpp:1171
No locals.
#12 0x0000020000e16e84 in SinkContext::AddLeaf (this=0x12118c2a0, aNode=@0x1211c09c0) at nsHTMLContentSink.cpp:1102
	nodeType = <value optimized out>
#13 0x0000020000aaac00 in CNavDTD::AddLeaf (this=0x1211ccc20, aNode=0x1211c09c0) at CNavDTD.cpp:3054
	result = <value optimized out>
#14 0x0000020000aab93c in CNavDTD::HandleDefaultStartToken (this=0x1211ccc20, aToken=0x1212b81c0, aChildTag=eHTMLTag_input, aNode=0x1211c09c0) at CNavDTD.cpp:1084
	result = <value optimized out>
	theChildIsContainer = 0
	sTableElements = {eHTMLTag_table, eHTMLTag_thead, eHTMLTag_tbody, eHTMLTag_tr, eHTMLTag_tfoot}
#15 0x0000020000aabe78 in CNavDTD::HandleStartToken (this=0x1211ccc20, aToken=0x1212b81c0) at CNavDTD.cpp:1436
	isTokenHandled = 0
	theHeadIsParent = 0
	isExclusive = 1
	theNode = (class nsCParserNode *) 0x1211c09c0
	theChildTag = eHTMLTag_input
	attrCount = <value optimized out>
	theParent = <value optimized out>
	result = 0
#16 0x0000020000aac270 in CNavDTD::HandleToken (this=0x1211ccc20, aToken=0x1212b81c0, aParser=0x12118c100) at CNavDTD.cpp:760
	result = 0
	theTag = <value optimized out>
	gLegalElements = {eHTMLTag_table, eHTMLTag_thead, eHTMLTag_tbody, eHTMLTag_tr, eHTMLTag_td, eHTMLTag_th, eHTMLTag_tfoot}
#17 0x0000020000aa77b0 in CNavDTD::BuildModel (this=0x1211ccc20, aParser=0x229f80da, aTokenizer=<value optimized out>, anObserver=<value optimized out>, aSink=<value optimized out>) at CNavDTD.cpp:336
	theToken = (class CToken *) 0x2
	result = <value optimized out>
	oldTokenizer = (class nsITokenizer *) 0x1211ccd90
#18 0x0000020000ab58a4 in nsParser::BuildModel (this=0x12118c100) at nsParser.cpp:1790
	theRootContext = (CParserContext *) 0x12118c2f0
	theTokenizer = (class nsITokenizer *) 0x1211ccd90
	result = 2
#19 0x0000020000ab85e4 in nsParser::ResumeParse (this=0x12118c100, allowIteration=<value optimized out>, aIsFinalChunk=1, aCanInterrupt=1) at nsParser.cpp:1667
	theTokenizerResult = 0
	theIterationIsOk = <value optimized out>
	result = <value optimized out>
#20 0x0000020000ab61fc in nsParser::ContinueInterruptedParsing (this=0x12118c100) at nsParser.cpp:1183
	result = 0
	kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x12118c100}, <No data fields>}
#21 0x0000020000ce38e4 in nsContentSink::ContinueInterruptedParsingIfEnabled (this=0x12118c420) at nsContentSink.cpp:1496
No locals.
#22 0x0000020000ce7510 in nsRunnableMethod<nsContentSink>::Run (this=<value optimized out>) at ../../../dist/include/xpcom/nsThreadUtils.h:261
No locals.
#23 0x00000200014ba960 in nsThread::ProcessNextEvent (this=0x12008e150, mayWait=1, result=0x11ff11a10) at nsThread.cpp:510
	notifyGlobalObserver = 1
	obs = {<nsCOMPtr_base> = {mRawPtr = 0x120136bf8}, <No data fields>}
	event = {<nsCOMPtr_base> = {mRawPtr = 0x1212a40d0}, <No data fields>}
	rv = 0
#24 0x000002000146fe94 in NS_ProcessNextEvent_P (thread=0x20000d22900, mayWait=1) at nsThreadUtils.cpp:230
	val = <value optimized out>
#25 0x00000200013ae990 in nsBaseAppShell::Run (this=0x120136bf0) at nsBaseAppShell.cpp:170
	thread = (class nsIThread *) 0x20000d22900
#26 0x00000200011dc1d4 in nsAppStartup::Run (this=0x1201c4080) at nsAppStartup.cpp:181
	rv = <value optimized out>
#27 0x000002000092c3e8 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3232
	obsService = {<nsCOMPtr_base> = {mRawPtr = 0x120125a30}, <No data fields>}
	remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x120347790}, <No data fields>}
	appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x1201c4080}, <No data fields>}
	workingDir = {<nsCOMPtr_base> = {mRawPtr = 0x1203dc290}, <No data fields>}
	chromeObserver = {<nsCOMPtr_base> = {mRawPtr = 0x120122290}, <No data fields>}
	cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0x1203dc250}, <No data fields>}
	noEMRestart = <value optimized out>
	xpcom = {mServiceManager = 0x120097ed8}
	desktopStartupIDEnv = <value optimized out>
	updRoot = {<nsCOMPtr_base> = {mRawPtr = 0x1200395f0}, <No data fields>}
	persistent = 1
	profLD = {<nsCOMPtr_base> = {mRawPtr = 0x12008df10}, <No data fields>}
	dirProvider = {<nsIDirectoryServiceProvider2> = {<nsIDirectoryServiceProvider> = {<nsISupports> = {_vptr$nsISupports = 0x2000194ae40}, <No data fields>}, <No data fields>}, <nsIProfileStartup> = {<nsISupports> = {_vptr$nsISupports = 0x2000194ae88}, <No data fields>}, mAppProvider = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mGREDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200396e0}, <No data fields>}, mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200395f0}, <No data fields>}, mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x1200986b0}, <No data fields>}, mProfileLocalDir = {<nsCOMPtr_base> = {mRawPtr = 0x12008df10}, <No data fields>}, mProfileNotified = 1 '\001', mExtensionsLoaded = 1 '\001', mAppBundleDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x0}}, <No data fields>}, mExtensionDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x0}}, <No data fields>}, mThemeDirectories = {<nsCOMArray_base> = {mArray = {mImpl = 0x1200c7fd0}}, <No data fields>}}
	nativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x1200433c0}, <No data fields>}
	desktopStartupIDPtr = <value optimized out>
	startOffline = 0
	profileName = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x12008d968 "default", mLength = 7, mFlags = 65541}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11e58 ""}, mStorage = "\000\226\003 \001\000\000\000x\032N\001\000\002\000\000\200\227\003 \001\000\000\000\035\000\000\000\000\000\000\000\b\037ñ\037\001\000\000\000\004\037ñ\037\001\000\000\000(Cñ\037\001\000\000\000\001\000\000\000\000\000\000"}
	upgraded = 0
	versionOK = <value optimized out>
	appInitiatedRestart = 535894944
	desktopStartupID = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x11ff11df8 "", mLength = 0, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11df8 ""}, mStorage = "\000c\002\000\000\002\000\000\001\000\000\000\000\000\000\000p¯±\001\000\002\000\000\224\036ñ\037\001\000\000\000X ñ\037\001\000\000\000\001", '\0' <repeats 15 times>, "¬\035N\001\000\002\000"}
	canRun = <value optimized out>
	xremotearg = <value optimized out>
	profileLock = {<nsCOMPtr_base> = {mRawPtr = 0x12008ebe0}, <No data fields>}
	profD = {<nsCOMPtr_base> = {mRawPtr = 0x1200986b0}, <No data fields>}
	version = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x11ff11eb8 "3.0.6_2009082121/2010120923", mLength = 27, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x11ff11eb8 "3.0.6_2009082121/2010120923"}, mStorage = "3.0.6_2009082121/2010120923\000\000\000\000\000° ñ\037\001\000\000\000à\226\003 \001\000\000\000\034\000\000\000\000\000\000\000`\034N\001\000\002\000"}
	needsRestart = <value optimized out>
	display = (GdkDisplay *) 0x12005e000
	osABI = {<nsCString> = {<nsACString_internal> = {<nsCSubstring_base> = {<No data fields>}, mData = 0x2000154656f "Linux_Alpha-gcc3", mLength = 16, mFlags = 1}, <No data fields>}, <No data fields>}
	rv = 0
	ar = <value optimized out>
	gtkModules = <value optimized out>
	override = 0x0
	appData = {<nsXREAppData> = {size = 112, directory = 0x1200395f0, vendor = 0x12003a0f0 "Mozilla", name = 0x12003a0b0 "Iceweasel", version = 0x12003a0d0 "3.0.6", buildID = 0x120039f90 "2009082121", ID = 0x120039910 "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", copyright = 0x120039940 "Copyright (c) 1998 - 2009 mozilla.org", flags = 6, xreDirectory = 0x1200396e0, minVersion = 0x120039fd0 "1.9", maxVersion = 0x120039ff0 "1.9", crashReporterURL = 0x120039560 "https://crash-reports.mozilla.com/submit", profile = 0x120039fb0 "mozilla/firefox"}, <No data fields>}
	iniFile = {<nsCOMPtr_base> = {mRawPtr = 0x120039970}, <No data fields>}
	localIniFile = {<nsCOMPtr_base> = {mRawPtr = 0x120039970}, <No data fields>}
	parser = {mSections = {<nsBaseHashtable<nsDepCharHashKey,nsAutoPtr<nsINIParser_internal::INIValue>,nsINIParser_internal::INIValue*>> = {<nsTHashtable<nsBaseHashtableET<nsDepCharHashKey, nsAutoPtr<nsINIParser_internal::INIValue> > >> = {mTable = {ops = 0x20001ad3630, data = 0x0, hashShift = 28, maxAlphaFrac = 192 'À', minAlphaFrac = 64 '@', entrySize = 24, entryCount = 1, removedCount = 0, generation = 0, entryStore = 0x120039cb0 ""}}, <No data fields>}, <No data fields>}, mFileContents = {mRawPtr = 0x120039e40 "[Build"}}
	i = <value optimized out>
#28 0x0000000120001898 in ?? ()
No symbol table info available.
#29 0x00000200001ddb90 in __libc_start_main () from /lib/libc.so.6.1
No symbol table info available.
#30 0x0000000120001328 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) q
The program is running.  Exit anyway? (y or n) 



-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: alpha

Kernel: Linux 2.6.26-2-alpha-generic
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages iceweasel depends on:
ii  debianutils             2.30             Miscellaneous utilities specific t
ii  fontconfig              2.6.0-3          generic font configuration library
ii  libc6.1                 2.7-18lenny6     GNU C Library: Shared libraries
ii  libglib2.0-0            2.16.6-3         The GLib library of C routines
ii  libgtk2.0-0             2.12.12-1~lenny2 The GTK+ graphical user interface 
ii  libnspr4-0d             4.7.1-5          NetScape Portable Runtime Library
ii  libstdc++6              4.3.2-1.1        The GNU Standard C++ Library v3
ii  procps                  1:3.2.7-11       /proc file system utilities
ii  psmisc                  22.6-1           Utilities that use the proc filesy
ii  xulrunner-1.9           1.9.0.19-7       XUL + XPCOM application runner

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  latex-xft-fonts <none>                   (no description available)
ii  libkrb53        1.6.dfsg.4~beta1-5lenny6 MIT Kerberos runtime libraries
pn  mozplugger      <none>                   (no description available)
pn  ttf-mathematica <none>                   (no description available)
pn  xfonts-mathml   <none>                   (no description available)
pn  xprint          <none>                   (no description available)
ii  xulrunner-1.9-g 1.9.0.19-7               Support for GNOME in xulrunner app

-- no debconf information





More information about the pkg-mozilla-maintainers mailing list