Bug#770490: iceweasel: WebM loading crashes iceweasel

Nils Dagsson Moskopp nils+debian-reportbug at dieweltistgarnichtso.net
Fri Nov 21 19:05:57 UTC 2014 

Package: iceweasel
Version: 31.2.0esr-3
Followup-For: Bug #770490

Dear Maintainer,

the bug has done goofed.
Because I backtraced it.
And it's been reported to cyber police.

--- 𝐬𝐧𝐢𝐛 ---
(gdb) continue
Continuing.
[New Thread 0x932fcb40 (LWP 13657)]
[New Thread 0x92afbb40 (LWP 13658)]
[Thread 0x9cfffb40 (LWP 13610) exited]
[Thread 0x9eb9fb40 (LWP 13606) exited]
[New Thread 0x9eb9fb40 (LWP 13659)]
[New Thread 0x9cfffb40 (LWP 13660)]
[Thread 0x932fcb40 (LWP 13657) exited]
[New Thread 0x925ffb40 (LWP 13661)]
[New Thread 0x91dfeb40 (LWP 13662)]
[New Thread 0x915fdb40 (LWP 13663)]
[New Thread 0x90dfcb40 (LWP 13664)]
[New Thread 0x905fbb40 (LWP 13665)]
[New Thread 0x9a26fb40 (LWP 13666)]
[New Thread 0x9a22cb40 (LWP 13667)]
[New Thread 0x932fcb40 (LWP 13668)]
[New Thread 0x9793cb40 (LWP 13669)]
[New Thread 0x96e65b40 (LWP 13670)]
[New Thread 0x96e44b40 (LWP 13671)]
[New Thread 0x8f3ffb40 (LWP 13672)]
[New Thread 0x8ebfeb40 (LWP 13673)]
[New Thread 0x8e3fdb40 (LWP 13674)]
[Thread 0x932fcb40 (LWP 13668) exited]
[New Thread 0x96e23b40 (LWP 13675)]
[New Thread 0x8d4ffb40 (LWP 13676)]
[Thread 0x8ebfeb40 (LWP 13673) exited]
[Thread 0x9eb9fb40 (LWP 13659) exited]
[New Thread 0x932fcb40 (LWP 13677)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x96e65b40 (LWP 13670)]
mozalloc_abort (msg=0x96e64eba "out of memory: 0x00000000FFFFFFFF bytes requested")
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/memory/mozalloc/mozalloc_abort.cpp:30
30	/build/iceweasel-JlTf0H/iceweasel-31.2.0esr/memory/mozalloc/mozalloc_abort.cpp: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  mozalloc_abort (
    msg=0x96e64eba "out of memory: 0x00000000FFFFFFFF bytes requested")
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/memory/mozalloc/mozalloc_abort.cpp:30
#1  0xb77a028c in mozalloc_handle_oom (size=0)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/memory/mozalloc/mozalloc_oom.cpp:50
#2  0xb779fecd in moz_xmalloc (size=4294967295)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/memory/mozalloc/mozalloc.cpp:54
#3  0xb431af26 in operator new [] (size=<optimized out>)
    at ../../../dist/include/mozilla/mozalloc.h:213
#4  mozilla::WebMReader::DecodeAudioPacket (this=0x9e0c5000, aPacket=0x98acd7f0, 
    aOffset=68757)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/content/media/webm/WebMReader.cpp:690
#5  0xb431b3ef in mozilla::WebMReader::DecodeAudioData (this=0x9e0c5000)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/content/media/webm/WebMReader.cpp:826
#6  0xb42d1f83 in mozilla::MediaDecoderStateMachine::DecodeAudio (this=0xab69ecc0)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/content/media/MediaDecoderStateMachine.cpp:680
#7  0xb42cbc50 in nsRunnableMethodImpl<void (mozilla::MediaDecoderStateMachine::*)(), void, true>::Run (this=0x9e066820) at ../../dist/include/nsThreadUtils.h:387
#8  0xb42e1271 in mozilla::MediaTaskQueue::Runner::Run (this=0x98da0750)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/content/media/MediaTaskQueue.cpp:127
#9  0xb35ab1dd in nsThreadPool::Run (this=0x9d3b18d0)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/xpcom/threads/nsThreadPool.cpp:211
#10 0xb35a8ab0 in nsThread::ProcessNextEvent (this=0xab1f7ef0, mayWait=true, 
    result=0x96e651fb)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/xpcom/threads/nsThread.cpp:715
#11 0xb355d196 in NS_ProcessNextEvent (thread=<optimized out>, mayWait=true)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/xpcom/glue/nsThreadUtils.cpp:263
#12 0xb376f918 in mozilla::ipc::MessagePumpForNonMainThreads::Run (this=0x9a175d90, 
    aDelegate=0x9d43a860)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/ipc/glue/MessagePump.cpp:336
#13 0xb375f445 in MessageLoop::RunInternal (this=0x9d43a860)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/ipc/chromium/src/base/message_loop.cc:229
#14 0xb375f594 in RunHandler (this=0x9d43a860)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/ipc/chromium/src/base/message_loop.cc:222
#15 MessageLoop::Run (this=0x9d43a860)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/ipc/chromium/src/base/message_loop.cc:196
#16 0xb35a95e4 in nsThread::ThreadFunc (arg=0xab1f7ef0)
    at /build/iceweasel-JlTf0H/iceweasel-31.2.0esr/xpcom/threads/nsThread.cpp:316
#17 0xb2b62ba5 in _pt_root (arg=0x98ecc800) at ptthread.c:212
#18 0xb7769efb in start_thread () from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
#19 0xb7546d4e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) 
--- 𝐬𝐧𝐚𝐛 ---

A friend told me “I debugged this this morning and Gentoo has a patch”:
<http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-client/firefox/files/firefox-31.0-webm-disallow-negative-samples.patch?view=markup>

Gentoo Bug: <https://bugs.gentoo.org/show_bug.cgi?id=527010>

Said friend also wrote “I debugged with mbox and it is not writing strange files.”
<http://pdos.csail.mit.edu/mbox/>

-- Package-specific info:

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.13-1-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iceweasel depends on:
ii  debianutils               4.4
ii  fontconfig                2.11.0-6.1
ii  libasound2                1.0.28-1
ii  libatk1.0-0               2.14.0-1
ii  libc6                     2.19-11
ii  libcairo2                 1.12.16-2
ii  libdbus-1-3               1.8.8-1+b1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-1.1
ii  libffi6                   3.1-2
ii  libfontconfig1            2.11.0-6.1
ii  libfreetype6              2.5.2-2
ii  libgcc1                   1:4.9.1-16
ii  libgdk-pixbuf2.0-0        2.30.8-1
ii  libglib2.0-0              2.42.0-2
ii  libgtk2.0-0               2.24.24-1
ii  libhunspell-1.3-0         1.3.3-2
ii  libnspr4                  2:4.10.7-1
ii  libnss3                   2:3.17.2-1
ii  libpango-1.0-0            1.36.8-2
ii  libsqlite3-0              3.8.6-1
ii  libstartup-notification0  0.12-4
ii  libstdc++6                4.9.1-16
ii  libvpx1                   1.3.0-2.1
ii  libx11-6                  2:1.6.2-3
ii  libxext6                  2:1.3.2-1
ii  libxrender1               1:0.9.8-1
ii  libxt6                    1:1.1.4-1
ii  procps                    2:3.3.9-8
ii  zlib1g                    1:1.2.8.dfsg-2

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  fonts-mathjax          <none>
pn  fonts-oflb-asana-math  <none>
pn  fonts-stix | otf-stix  <none>
ii  libcanberra0           0.30-2.1
ii  libgnomeui-0           2.24.5-3
ii  libgssapi-krb5-2       1.12.1+dfsg-10
pn  mozplugger             <none>

-- no debconf information

More information about the pkg-mozilla-maintainers mailing list