Bug 5511

Summary: Khronos' WebGL Demos Crash Firefox
Product: Mageia Reporter: Shlomi Fish <shlomif>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: Normal CC: micheelsen
Version: 2   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: firefox CVE:
Status comment:

Description Shlomi Fish 2012-04-20 16:14:21 CEST 
Hi all,

Khronos' WebGL Demos crash the Mageia-shipped firefox:

http://www.khronos.org/webgl/wiki/Demo_Repository

See the "san-angeles" demo (preferably in a new Firefox profile invoked with "firefox -no-remote"). I tried it on two machines - one with an ATI Mobility Radeon HD card and one with an embedded Intel Graphics card, and it happens on both of them. The 10.0.3ESR binary en-US Linux x86-64 release from http://archive.mozilla.org/ (though it is hard to find - try FTPing to the IP 149.20.36.135 ) installed under /opt displays the demos fine and does not crash.

I'll try to get a gdb stacktrace soon.

Regards,

-- Shlomi Fish
Comment 1 Shlomi Fish 2012-04-20 16:52:15 CEST 
OK, here is the gdb backtrace:

shlomif@lap:~$ gdb --command=firefox.gdb /usr/bin/firefox 
GNU gdb (GDB) 7.3.50.20110722-4.mga2 (Mageia release 2)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-mageia-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/firefox...Reading symbols from /usr/lib/debug/usr/lib64/firefox-10.0.3/firefox-bin.debug...done.
done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 12178.
[New Thread 0x7fffe63b3700 (LWP 12181)]
[New Thread 0x7fffe55a9700 (LWP 12182)]
[New Thread 0x7fffe4da8700 (LWP 12183)]
[New Thread 0x7fffe41ff700 (LWP 12184)]
[New Thread 0x7fffe2fc9700 (LWP 12186)]
[New Thread 0x7fffe27c8700 (LWP 12187)]
[New Thread 0x7fffe12ff700 (LWP 12188)]
[New Thread 0x7fffe0afe700 (LWP 12189)]
[Thread 0x7fffe12ff700 (LWP 12188) exited]
[Thread 0x7fffe41ff700 (LWP 12184) exited]
[Thread 0x7fffe0afe700 (LWP 12189) exited]
[Thread 0x7fffe55a9700 (LWP 12182) exited]
[Thread 0x7fffe4da8700 (LWP 12183) exited]
[Thread 0x7fffe27c8700 (LWP 12187) exited]
[Thread 0x7fffe2fc9700 (LWP 12186) exited]
[Thread 0x7fffe63b3700 (LWP 12181) exited]
process 12167 is executing new program: /usr/lib64/firefox-10.0.3/firefox
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 12198.
[New Thread 0x7fffe63b3700 (LWP 12200)]
[New Thread 0x7fffe55a9700 (LWP 12201)]
[New Thread 0x7fffe4da8700 (LWP 12202)]
[New Thread 0x7fffe41ff700 (LWP 12203)]
[New Thread 0x7fffe2fc9700 (LWP 12204)]
[New Thread 0x7fffe27c8700 (LWP 12205)]
[New Thread 0x7fffe0ef9700 (LWP 12206)]
[New Thread 0x7fffe00ff700 (LWP 12207)]
[New Thread 0x7fffdf6ff700 (LWP 12208)]
[New Thread 0x7fffdeefe700 (LWP 12209)]
[Thread 0x7fffdf6ff700 (LWP 12208) exited]
[Thread 0x7fffdeefe700 (LWP 12209) exited]
[New Thread 0x7fffde6fd700 (LWP 12210)]
[Thread 0x7fffe0ef9700 (LWP 12206) exited]
[New Thread 0x7fffe0ef9700 (LWP 12212)]
[New Thread 0x7fffdf6ff700 (LWP 12213)]
[New Thread 0x7fffdeefe700 (LWP 12214)]
[New Thread 0x7fffb2bff700 (LWP 12215)]
[New Thread 0x7fffb1a91700 (LWP 12216)]
[New Thread 0x7fffb108a700 (LWP 12217)]
[New Thread 0x7fffb06ff700 (LWP 12218)]
[New Thread 0x7fffaf592700 (LWP 12219)]
[New Thread 0x7fffaed91700 (LWP 12220)]
[New Thread 0x7fffae590700 (LWP 12221)]
[Thread 0x7fffdeefe700 (LWP 12214) exited]
[New Thread 0x7fffadbff700 (LWP 12222)]
[Thread 0x7fffb2bff700 (LWP 12215) exited]
[Thread 0x7fffadbff700 (LWP 12222) exited]
[New Thread 0x7fffdeefe700 (LWP 12223)]
[New Thread 0x7fffb2bff700 (LWP 12224)]
[Thread 0x7fffdeefe700 (LWP 12223) exited]
[New Thread 0x7fffdeefe700 (LWP 12226)]
[New Thread 0x7fffadbff700 (LWP 12227)]
[New Thread 0x7fffac2ff700 (LWP 12228)]
[New Thread 0x7fffa8aff700 (LWP 12230)]
[Thread 0x7fffde6fd700 (LWP 12210) exited]
[New Thread 0x7fffde6fd700 (LWP 12232)]
[Thread 0x7fffde6fd700 (LWP 12232) exited]
[New Thread 0x7fffde6fd700 (LWP 12233)]
[Thread 0x7fffa8aff700 (LWP 12230) exited]
[New Thread 0x7fffa8aff700 (LWP 12235)]
[Thread 0x7fffde6fd700 (LWP 12233) exited]
[New Thread 0x7fffde6fd700 (LWP 12236)]
[New Thread 0x7fffa010f700 (LWP 12239)]
[New Thread 0x7fff9f90e700 (LWP 12240)]

Program received signal SIGSEGV, Segmentation fault.
0x00007fffb1c09d42 in js::TypedArray::prop_getByteLength(JSContext*, JSObject*, long, js::Value*) () from /usr/lib64/libmozjs185.so.1.0
(gdb) bt
#0  0x00007fffb1c09d42 in js::TypedArray::prop_getByteLength(JSContext*, JSObject*, long, js::Value*) () from /usr/lib64/libmozjs185.so.1.0
#1  0x00007ffff5e45cf9 in CallJSPropertyOp (id=<optimized out>, 
    op=<optimized out>, vp=0x7fffffff93e0, receiver=0x7fffa6be4670, cx=
    0x7fffdd07a260) at /usr/src/debug/mozilla-esr10/js/src/jscntxtinlines.h:347
#2  get (vp=0x7fffffff93e0, pobj=0x7fffa6be43c8, obj=<optimized out>, receiver=
    0x7fffa6be4670, cx=0x7fffdd07a260, this=0x7fffa6be9c40)
    at /usr/src/debug/mozilla-esr10/js/src/jsscopeinlines.h:293
#3  js_NativeGetInline (getHow=0, vp=0x7fffffff93e0, shape=0x7fffa6be9c40, 
    pobj=0x7fffa6be43c8, obj=<optimized out>, receiver=0x7fffa6be4670, cx=
    0x7fffdd07a260) at /usr/src/debug/mozilla-esr10/js/src/jsobj.cpp:5762
#4  js_GetPropertyHelperInline (vp=0x7fffffff93e0, getHow=0, 
    id=<optimized out>, receiver=0x7fffa6be4670, obj=0x7fffa6be43c8, cx=
    0x7fffdd07a260) at /usr/src/debug/mozilla-esr10/js/src/jsobj.cpp:5942
#5  js_GetProperty (cx=0x7fffdd07a260, obj=0x7fffa6be43c8, receiver=
    0x7fffa6be4670, id=<optimized out>, vp=0x7fffffff93e0)
    at /usr/src/debug/mozilla-esr10/js/src/jsobj.cpp:5958
#6  0x00007ffff5e9de35 in JSObject::getGeneric (this=<optimized out>, 
    cx=<optimized out>, receiver=<optimized out>, id=<optimized out>, 
    vp=<optimized out>)
    at /usr/src/debug/mozilla-esr10/js/src/jsobjinlines.h:191
#7  0x00007ffff5e9fcc2 in obj_getGeneric (vp=0x7fffffff93e0, id=
    140736978898432, receiver=0x7fffa6be4670, obj=0x7fffa6be4670, cx=
    0x7fffdd07a260)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/mozilla-esr10/js/src/jstypedarray.cpp:1026
#8  TypedArrayTemplate<float>::obj_getGeneric (cx=0x7fffdd07a260, obj=
    0x7fffa6be4670, receiver=0x7fffa6be4670, id=140736978898432, vp=
    0x7fffffff93e0)
    at /usr/src/debug/mozilla-esr10/js/src/jstypedarray.cpp:1004
#9  0x00007ffff5e309a5 in getGeneric (vp=0x7fffffff93d0, id=<optimized out>, 
    receiver=0x7fffa6be4670, cx=0x7fffdd07a260, this=0x7fffa6be4670)
    at /usr/src/debug/mozilla-esr10/js/src/jsobjinlines.h:188
#10 getGeneric (vp=0x7fffffff93d0, id=<optimized out>, cx=0x7fffdd07a260, this=
    0x7fffa6be4670) at /usr/src/debug/mozilla-esr10/js/src/jsobjinlines.h:206
#11 js::Interpret (cx=0x7fffdd07a260, entryFrame=0x7fffe1bc80a0, interpMode=
    js::JSINTERP_NORMAL)
    at /usr/src/debug/mozilla-esr10/js/src/jsinterp.cpp:3485
#12 0x00007ffff5e313f4 in js::InvokeKernel (cx=0x7fffdd07a260, args=..., 
    construct=<optimized out>)
    at /usr/src/debug/mozilla-esr10/js/src/jsinterp.cpp:647
#13 0x00007ffff5e31bb8 in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=
    0x7fffdd07a260) at /usr/src/debug/mozilla-esr10/js/src/jsinterp.h:148
#14 js::Invoke (cx=0x7fffdd07a260, thisv=..., fval=..., argc=1, argv=
    0x7fffffff99b0, rval=0x7fffffff9960)
    at /usr/src/debug/mozilla-esr10/js/src/jsinterp.cpp:679
#15 0x00007ffff5dbbd0c in JS_CallFunctionValue (cx=<optimized out>, 
    obj=<optimized out>, fval=..., argc=<optimized out>, argv=<optimized out>, 
    rval=<optimized out>) at /usr/src/debug/mozilla-esr10/js/src/jsapi.cpp:5199
---Type <return> to continue, or q <return> to quit---
#16 0x00007ffff54f6659 in nsJSContext::CallEventHandler (this=0x7fffbb8cc880, 
    aTarget=<optimized out>, aScope=<optimized out>, aHandler=<optimized out>, 
    aargv=0x7fffa302daa0, arv=0x7fffffff9c20)
    at /usr/src/debug/mozilla-esr10/dom/base/nsJSEnvironment.cpp:1937
#17 0x00007ffff55507cb in nsJSEventListener::HandleEvent (this=0x7fffa2dfc200, 
    aEvent=0x7fffa309d3a0)
    at /usr/src/debug/mozilla-esr10/dom/src/events/nsJSEventListener.cpp:209
#18 0x00007ffff539888b in nsEventListenerManager::HandleEventInternal (this=
    0x7fffa2af3680, aPresContext=0x7fffa4671000, aEvent=0x7fffffff9ee0, 
    aDOMEvent=0x7fffffff9e30, aCurrentTarget=0x7fffa4671890, aFlags=6, 
    aEventStatus=0x7fffffff9e38, aPusher=0x7fffffff9e50)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventListenerManager.cpp:793
#19 0x00007ffff53b4a94 in HandleEvent (aEventStatus=0x7fffffff9e38, 
    aCurrentTarget=<optimized out>, aDOMEvent=0x7fffffff9e30, 
    aEvent=<optimized out>, aPresContext=<optimized out>, 
    this=<optimized out>, aPusher=0x7fffffff9e50, aFlags=6)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventListenerManager.h:168
#20 HandleEvent (aPusher=0x7fffffff9e50, aFlags=6, aVisitor=..., this=
    0x7fffe147b2a0, aMayHaveNewListenerManagers=<optimized out>)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventDispatcher.cpp:215
#21 HandleEvent (aPusher=0x7fffffff9e50, 
---Type <return> to continue, or q <return> to quit---
    aMayHaveNewListenerManagers=<optimized out>, aFlags=6, aVisitor=..., this=
    0x7fffe147b2a0)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventDispatcher.cpp:297
#22 nsEventTargetChainItem::HandleEventTargetChain (this=0x7fffe147b428, 
    aVisitor=..., aFlags=6, aCallback=0x0, 
    aMayHaveNewListenerManagers=<optimized out>, aPusher=0x7fffffff9e50)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventDispatcher.cpp:347
#23 0x00007ffff53b58cf in nsEventDispatcher::Dispatch (
    aTarget=<optimized out>, aPresContext=0x7fffa4671000, aEvent=
    0x7fffffff9ee0, aDOMEvent=0x0, aEventStatus=0x7fffffff9f28, aCallback=0x0, 
    aTargets=0x0)
    at /usr/src/debug/mozilla-esr10/content/events/src/nsEventDispatcher.cpp:681
#24 0x00007ffff50f65f7 in DocumentViewerImpl::LoadComplete (this=
    0x7fffa4e0da00, aStatus=<optimized out>)
    at /usr/src/debug/mozilla-esr10/layout/base/nsDocumentViewer.cpp:1049
#25 0x00007ffff58d4680 in nsDocShell::EndPageLoad (this=0x7fffb3548800, 
    aChannel=0x7fffa81f1050, aStatus=0, aProgress=<optimized out>)
    at /usr/src/debug/mozilla-esr10/docshell/base/nsDocShell.cpp:6138
#26 0x00007ffff58dd2ee in nsDocShell::OnStateChange (this=0x7fffb3548800, 
    aProgress=0x7fffb3548828, aRequest=0x7fffa81f1050, 
    aStateFlags=<optimized out>, aStatus=0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/mozilla-esr10/docshell/base/nsDocShell.cpp:5977
#27 0x00007ffff58e5474 in nsDocLoader::DoFireOnStateChange (this=
    0x7fffb3548800, aProgress=<optimized out>, aRequest=0x7fffa81f1050, 
    aStateFlags=@0x7fffffffa43c, aStatus=<optimized out>)
    at /usr/src/debug/mozilla-esr10/uriloader/base/nsDocLoader.cpp:1383
#28 0x00007ffff58e649b in nsDocLoader::doStopDocumentLoad (this=
    0x7fffb3548800, request=0x7fffa81f1050, aStatus=0)
    at /usr/src/debug/mozilla-esr10/uriloader/base/nsDocLoader.cpp:963
#29 0x00007ffff58e6695 in DocLoaderIsEmpty (aFlushLayout=<optimized out>, this=
    0x7fffb3548800)
    at /usr/src/debug/mozilla-esr10/uriloader/base/nsDocLoader.cpp:852
#30 nsDocLoader::DocLoaderIsEmpty (this=0x7fffb3548800, 
    aFlushLayout=<optimized out>)
    at /usr/src/debug/mozilla-esr10/uriloader/base/nsDocLoader.cpp:772
#31 0x00007ffff58e6e77 in nsDocLoader::OnStopRequest (this=0x7fffb3548800, 
    aRequest=0x7fffa6539f70, aCtxt=<optimized out>, aStatus=0)
    at /usr/src/debug/mozilla-esr10/uriloader/base/nsDocLoader.cpp:736
#32 0x00007ffff4f57f90 in nsLoadGroup::RemoveRequest (this=0x7fffb354c600, 
    request=0x7fffa6539f70, ctxt=0x0, aStatus=0)
    at /usr/src/debug/mozilla-esr10/netwerk/base/src/nsLoadGroup.cpp:731
#33 0x00007ffff52ea8c5 in DoUnblockOnload (this=0x7fffa4664800)
    at /usr/src/debug/mozilla-esr10/content/base/src/nsDocument.cpp:7189
#34 nsDocument::DoUnblockOnload (this=0x7fffa4664800)
    at /usr/src/debug/mozilla-esr10/content/base/src/nsDocument.cpp:7163
---Type <return> to continue, or q <return> to quit---
#35 0x00007ffff52def7b in nsDocument::DispatchContentLoadedEvents (this=
    0x7fffa4664800)
    at /usr/src/debug/mozilla-esr10/content/base/src/nsDocument.cpp:4237
#36 0x00007ffff52db07e in nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run (this=<optimized out>) at ../../../dist/include/nsThreadUtils.h:345
#37 0x00007ffff5c87fec in nsThread::ProcessNextEvent (this=0x7fffe98273d0, 
    mayWait=<optimized out>, result=0x7fffffffa7cf)
    at /usr/src/debug/mozilla-esr10/xpcom/threads/nsThread.cpp:631
#38 0x00007ffff5c4dcda in NS_ProcessNextEvent_P (thread=<optimized out>, 
    mayWait=false) at /usr/src/debug/obj/xpcom/build/nsThreadUtils.cpp:245
#39 0x00007ffff5bb995b in mozilla::ipc::MessagePump::Run (this=0x7fffe983d600, 
    aDelegate=0x7ffff6de27c0)
    at /usr/src/debug/mozilla-esr10/ipc/glue/MessagePump.cpp:110
#40 0x00007ffff5cb1e72 in RunInternal (this=<optimized out>)
    at /usr/src/debug/mozilla-esr10/ipc/chromium/src/base/message_loop.cc:208
#41 RunHandler (this=<optimized out>)
    at /usr/src/debug/mozilla-esr10/ipc/chromium/src/base/message_loop.cc:201
#42 MessageLoop::Run (this=<optimized out>)
    at /usr/src/debug/mozilla-esr10/ipc/chromium/src/base/message_loop.cc:175
#43 0x00007ffff5ae2a10 in nsBaseAppShell::Run (this=0x7fffe982b660)
    at /usr/src/debug/mozilla-esr10/widget/src/xpwidgets/nsBaseAppShell.cpp:189
#44 0x00007ffff594603e in nsAppStartup::Run (this=0x7fffe426c2e0)
    at /usr/src/debug/mozilla-esr10/toolkit/components/startup/nsAppStartup.cpp:228
---Type <return> to continue, or q <return> to quit---
#45 0x00007ffff4f39201 in XRE_main (argc=<optimized out>, 
    argv=<optimized out>, aAppData=<optimized out>)
    at /usr/src/debug/mozilla-esr10/toolkit/xre/nsAppRunner.cpp:3551
#46 0x0000000000401dc6 in do_main (argv=0x7fffffffd288, argc=2, exePath=
    0x7fffffffb170 "/usr/lib64/firefox-10.0.3/libxpcom.so")
    at /usr/src/debug/mozilla-esr10/browser/app/nsBrowserApp.cpp:198
#47 main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/mozilla-esr10/browser/app/nsBrowserApp.cpp:281
(gdb)
Comment 2 Marja Van Waes 2012-05-26 13:06:32 CEST 
Hi,

This bug was filed against cauldron, but we do not have cauldron at the moment.

Please report whether this bug is still valid for Mageia 2.

Thanks :)

Cheers,
marja

Keywords: (none) => NEEDINFO

Comment 3 Shlomi Fish 2012-05-26 17:31:16 CEST 
Hi all,

(In reply to comment #2)
> Hi,
> 
> This bug was filed against cauldron, but we do not have cauldron at the moment.
> 
> Please report whether this bug is still valid for Mageia 2.
> 
> Thanks :)
> 
> Cheers,
> marja

Yes, it still happens on Mageia 2

Keywords: NEEDINFO => (none)
Version: Cauldron => 2

Manuel Hiebel 2012-05-26 17:44:46 CEST

Assignee: bugsquad => dmorganec
Summary: Khronos' WebGL Demos Crash Firefox in Mageia Cauldron. => Khronos' WebGL Demos Crash Firefox
Source RPM: (none) => firefox

Comment 4 Marja Van Waes 2012-07-06 15:03:37 CEST 
Please look at the bottom of this mail to see whether you're the assignee of this  bug, if you don't already know whether you are.


If you're the assignee:

We'd like to know for sure whether this bug was assigned correctly. Please change status to ASSIGNED if it is, or put OK on the whiteboard instead.

If you don't have a clue and don't see a way to find out, then please put NEEDHELP on the whiteboard.

Please assign back to Bug Squad or to the correct person to solve this bug if we were wrong to assign it to you, and explain why.

Thanks :)

**************************** 

@ the reporter and persons in the cc of this bug:

If you have any new information that wasn't given before (like this bug being valid for another version of Mageia, too, or it being solved) please tell us.

@ the reporter of this bug

If you didn't reply yet to a request for more information, please do so within two weeks from now.

Thanks all :-D
Hans Micheelsen 2012-10-28 21:29:57 CET

CC: (none) => micheelsen

D Morgan 2013-09-17 23:53:31 CEST

Assignee: dmorganec => bugsquad

Comment 5 Manuel Hiebel 2013-10-22 12:09:29 CEST 
This message is a reminder that Mageia 2 is nearing its end of life.
Approximately one month from now Mageia will stop maintaining and issuing updates for Mageia 2. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '2'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 2's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 2 is end of life.  If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete.

-- 
The Mageia Bugsquad
Comment 6 Shlomi Fish 2013-10-22 16:50:14 CEST 
This bug seems fixed in Cauldron/ Mageia 4 so I'm closing it.

Status: NEW => RESOLVED
Resolution: (none) => FIXED