Bug 6299

Summary: Firefox crash maginea website
Product: Mageia Reporter: Philippe Flat <philippe.flat>
Component: RPM PackagesAssignee: Olivier Blin <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: High CC: anssi.hannula, doktor5000, hhielscher, mageia, mageia, shlomif, thierry.vignaud, tmb
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
URL: http://www.maginea.com/fr/fr/
Whiteboard:
Source RPM: firefox 13.0-4.mga3 CVE:
Status comment:

Description Philippe Flat 2012-06-02 23:19:54 CEST 
Description of problem:

After opening the maginea website, each time I want to do something in this site Firefox crash.
No problem with Konqueror.
Cauldron, X86_64, KDE up to date

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.open the website
2.move the mouse to go to a menu
3.Firefox crash
Comment 1 Philippe Flat 2012-06-03 19:38:48 CEST 
I have the same problem on dailymotion: the crash appears when the mouse is on the video window and when the mouse moves.
I have lauched Firefox in a terminal, here is the message:
[philippe@localhost ~]$ firefox
WARNING: pipe error (3): Connexion ré-initialisée par le correspondant: file /home/iurt/rpm/BUILD/mozilla-release/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 419
Erreur de segmentation
[philippe@localhost ~]$
Comment 2 Olivier Blin 2012-06-03 21:27:24 CEST 
Same here, it seems to happen when using a Flash plugin.

Maybe a symbol clash between libmozjs and internal firefox js?

Backtrace:
(gdb) bt
#0  0x00007fffcc8845c0 in ?? ()
#1  0x00007fffbdb318e9 in getProperty (receiver=0x7fffc0b977c0, vp=0x7fffffff93b0, id=<optimized out>, cx=0x7fffcd539900, this=0x7fffc0b977c0)
    at jsobj.h:1229
#2  getProperty (vp=0x7fffffff93b0, id=<optimized out>, cx=0x7fffcd539900, this=0x7fffc0b977c0) at jsobj.h:1233
#3  fun_hasInstance (cx=0x7fffcd539900, obj=0x7fffc0b977c0, v=0x7fffffff9640, bp=0x7fffffff943c) at jsfun.cpp:1937
#4  0x00007ffff5db08d8 in js::LooselyEqual (cx=0x7fffcd539900, lval=<optimized out>, rval=<optimized out>, result=0x7fffffff993f)
    at /usr/src/debug/mozilla-release/js/src/jsinterp.cpp:757
#5  0x00007ffff5db4640 in js::Interpret (cx=0x7fffcd539900, entryFrame=0x7fffdf1000a8, interpMode=js::JSINTERP_NORMAL)
    at /usr/src/debug/mozilla-release/js/src/jsinterp.cpp:2236
#6  0x00007ffff5dbf6b6 in js::InvokeKernel (cx=0x7fffcd539900, args=..., construct=<optimized out>)
    at /usr/src/debug/mozilla-release/js/src/jsinterp.cpp:529
#7  0x00007ffff5dbfc1e in Invoke (construct=js::NO_CONSTRUCT, args=..., cx=0x7fffcd539900) at /usr/src/debug/mozilla-release/js/src/jsinterp.h:172
#8  js::Invoke (cx=0x7fffcd539900, thisv=..., fval=..., argc=1, argv=<optimized out>, rval=0x7fffffff9e80)
    at /usr/src/debug/mozilla-release/js/src/jsinterp.cpp:561
#9  0x00007ffff5d4909c in JS_CallFunctionValue (cx=<optimized out>, obj=<optimized out>, fval=..., argc=<optimized out>, argv=<optimized out>, 
    rval=<optimized out>) at /usr/src/debug/mozilla-release/js/src/jsapi.cpp:5432
#10 0x00007ffff56d57db in nsXPCWrappedJSClass::CallMethod (this=<optimized out>, wrapper=<optimized out>, methodIndex=3, info=0x7fffe2f5ba18, 
    nativeParams=<optimized out>) at /usr/src/debug/mozilla-release/js/xpconnect/src/XPCWrappedJSClass.cpp:1518
#11 0x00007ffff56cf897 in nsXPCWrappedJS::CallMethod (this=0x7fffc87cda80, methodIndex=3, info=0x7fffe2f5ba18, params=0x7fffffffa170)
    at /usr/src/debug/mozilla-release/js/xpconnect/src/XPCWrappedJS.cpp:617
#12 0x00007ffff5b97bb6 in PrepareAndDispatch (self=0x7fffc5525c60, methodIndex=<optimized out>, args=<optimized out>, gpregs=0x7fffffffa250, fpregs=
    0x7fffffffa280) at /usr/src/debug/mozilla-release/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:153
#13 0x00007ffff5b970f3 in SharedStub () from /usr/lib64/firefox-13.0/libxul.so
#14 0x00007ffff5253de3 in nsEventListenerManager::HandleEventInternal (this=0x7fffc87cdb00, aPresContext=0x7fffbbbe9800, aEvent=0x7fffffffa540, 
    aDOMEvent=0x7fffffffa490, aCurrentTarget=0x7fffcc24c9b0, aFlags=6, aEventStatus=0x7fffffffa498, aPusher=0x7fffffffa4b0)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventListenerManager.cpp:800
#15 0x00007ffff52713e4 in HandleEvent (aEventStatus=0x7fffffffa498, aCurrentTarget=<optimized out>, aDOMEvent=0x7fffffffa490, 
    aEvent=<optimized out>, aPresContext=<optimized out>, this=<optimized out>, aPusher=0x7fffffffa4b0, aFlags=6)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventListenerManager.h:169
#16 HandleEvent (aPusher=0x7fffffffa4b0, aFlags=6, aVisitor=..., this=0x7fffdf54b3b8, aMayHaveNewListenerManagers=<optimized out>)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventDispatcher.cpp:216
#17 HandleEvent (aPusher=0x7fffffffa4b0, aMayHaveNewListenerManagers=<optimized out>, aFlags=6, aVisitor=..., this=0x7fffdf54b3b8)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventDispatcher.cpp:298
#18 nsEventTargetChainItem::HandleEventTargetChain (this=0x7fffdf54b348, aVisitor=..., aFlags=6, aCallback=0x7fffffffa5d0, 
    aMayHaveNewListenerManagers=<optimized out>, aPusher=0x7fffffffa4b0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/mozilla-release/content/events/src/nsEventDispatcher.cpp:348
#19 0x00007ffff527221f in nsEventDispatcher::Dispatch (aTarget=<optimized out>, aPresContext=0x7fffbbbe9800, aEvent=0x7fffffffa540, aDOMEvent=0x0, 
    aEventStatus=0x7fffffffa5ec, aCallback=0x7fffffffa5d0, aTargets=0x0)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventDispatcher.cpp:682
#20 0x00007ffff525a6e6 in nsEventStateManager::DispatchMouseEvent (this=0x7fffc4c6bf20, aEvent=<optimized out>, aMessage=<optimized out>, 
    aTargetContent=0x7fffcc24c9b0, aRelatedContent=0x7fffc9065800) at /usr/src/debug/mozilla-release/content/events/src/nsEventStateManager.cpp:3805
#21 0x00007ffff525c003 in nsEventStateManager::NotifyMouseOut (this=0x7fffc4c6bf20, aEvent=0x7fffffffac00, aMovingInto=0x7fffc9065800)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventStateManager.cpp:3916
#22 0x00007ffff525c797 in nsEventStateManager::NotifyMouseOver (this=0x7fffc4c6bf20, aEvent=0x7fffffffac00, aContent=0x7fffc9065800)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventStateManager.cpp:3964
#23 0x00007ffff525cf63 in nsEventStateManager::GenerateMouseEnterExit (this=0x7fffc4c6bf20, aEvent=0x7fffffffac00)
    at /usr/src/debug/mozilla-release/content/events/src/nsEventStateManager.cpp:4003
#24 0x00007ffff525f870 in nsEventStateManager::PreHandleEvent (this=0x7fffc4c6bf20, aPresContext=0x7fffbbbe9800, aEvent=0x7fffffffac00, 
    aTargetFrame=0x7fffc5863788, aStatus=0x7fffffffab8c) at /usr/src/debug/mozilla-release/content/events/src/nsEventStateManager.cpp:1148
#25 0x00007ffff4fab354 in PresShell::HandleEventInternal (this=0x7fffc57407e0, aEvent=0x7fffffffac00, aStatus=0x7fffffffab8c)
    at /usr/src/debug/mozilla-release/layout/base/nsPresShell.cpp:6542
#26 0x00007ffff4faec0e in PresShell::HandlePositionedEvent (this=0x7fffc57407e0, aTargetFrame=<optimized out>, aEvent=0x7fffffffac00, aEventStatus=
    0x7fffffffab8c) at /usr/src/debug/mozilla-release/layout/base/nsPresShell.cpp:6230
#27 0x00007ffff4faf06e in PresShell::HandleEvent (this=0x7fffdd3f3220, aFrame=0x7fffc5863788, aEvent=0x7fffffffac00, 
    aDontRetargetEvents=<optimized out>, aEventStatus=0x7fffffffab8c) at /usr/src/debug/mozilla-release/layout/base/nsPresShell.cpp:6057
#28 0x00007ffff53a5319 in nsViewManager::DispatchEvent (this=<optimized out>, aEvent=0x7fffffffac00, aView=0x7fffd5c39de0, aStatus=0x7fffffffab8c)
    at /usr/src/debug/mozilla-release/view/src/nsViewManager.cpp:908
#29 0x00007ffff4fa2c1a in PresShell::DispatchSynthMouseMove (this=0x7fffc57407e0, aEvent=<optimized out>, aFlushOnHoverChange=true)
    at /usr/src/debug/mozilla-release/layout/base/nsPresShell.cpp:3549
#30 0x00007ffff4fa9e51 in PresShell::ProcessSynthMouseMoveEvent (this=0x7fffdd3f3220, aFromScroll=false)
    at /usr/src/debug/mozilla-release/layout/base/nsPresShell.cpp:5315
#31 0x00007ffff4fb2989 in nsRefreshDriver::Notify (this=0x7fffdd3f3040, aTimer=<optimized out>)
    at /usr/src/debug/mozilla-release/layout/base/nsRefreshDriver.cpp:368
#32 0x00007ffff4fb30f5 in nsRefreshDriver::Notify (this=<optimized out>, aTimer=<optimized out>)
    at /usr/src/debug/mozilla-release/layout/base/nsRefreshDriver.cpp:338
#33 0x00007ffff5b87c69 in nsTimerImpl::Fire (this=0x7fffb44d2380) at /usr/src/debug/mozilla-release/xpcom/threads/nsTimerImpl.cpp:511
#34 0x00007ffff5b87ea0 in nsTimerEvent::Run (this=<optimized out>) at /usr/src/debug/mozilla-release/xpcom/threads/nsTimerImpl.cpp:591
#35 0x00007ffff5b841ee in nsThread::ProcessNextEvent (this=0x7fffe810fc10, mayWait=<optimized out>, result=0x7fffffffafef)
    at /usr/src/debug/mozilla-release/xpcom/threads/nsThread.cpp:657
#36 0x00007ffff5b4aa0a in NS_ProcessNextEvent_P (thread=<optimized out>, mayWait=true) at /usr/src/debug/obj/xpcom/build/nsThreadUtils.cpp:245
---Type <return> to continue, or q <return> to quit---
#37 0x00007ffff5a9fdf6 in mozilla::ipc::MessagePump::Run (this=0x7fffe8152f80, aDelegate=0x7ffff6ded180)
    at /usr/src/debug/mozilla-release/ipc/glue/MessagePump.cpp:134
#38 0x00007ffff5baf262 in RunInternal (this=<optimized out>) at /usr/src/debug/mozilla-release/ipc/chromium/src/base/message_loop.cc:208
#39 RunHandler (this=<optimized out>) at /usr/src/debug/mozilla-release/ipc/chromium/src/base/message_loop.cc:201
#40 MessageLoop::Run (this=<optimized out>) at /usr/src/debug/mozilla-release/ipc/chromium/src/base/message_loop.cc:175
#41 0x00007ffff59c31c0 in nsBaseAppShell::Run (this=0x7fffe2fc1be0) at /usr/src/debug/mozilla-release/widget/xpwidgets/nsBaseAppShell.cpp:189
#42 0x00007ffff582584e in nsAppStartup::Run (this=0x7fffe2fd6290) at /usr/src/debug/mozilla-release/toolkit/components/startup/nsAppStartup.cpp:295
#43 0x00007ffff4dbdb44 in XRE_main (argc=<optimized out>, argv=<optimized out>, aAppData=<optimized out>)
    at /usr/src/debug/mozilla-release/toolkit/xre/nsAppRunner.cpp:3703
#44 0x0000000000401fc5 in do_main (argv=0x7fffffffdb38, argc=2) at /usr/src/debug/mozilla-release/browser/app/nsBrowserApp.cpp:190
#45 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/mozilla-release/browser/app/nsBrowserApp.cpp:277

CC: (none) => mageia
Source RPM: Fireffox 13.0-4.mga3 => firefox 13.0-4.mga3

Olivier Blin 2012-06-03 21:29:00 CEST

Severity: normal => critical

Helge Hielscher 2012-06-04 19:34:03 CEST

CC: (none) => hhielscher

Comment 3 Philippe Flat 2012-06-05 22:24:41 CEST 
I had the same problem today on a phoronix page (without flash).
The URL is : http://www.phoronix.com/scan.php?page=article&item=intel_ivy_tuning&num=1.
the problem appears when scrolling down.
Comment 4 Manuel Hiebel 2012-06-22 13:54:23 CEST 
bug still valid ? (yes I'am lot sorry O:) )
there was a fix for some weeks iirc

Keywords: (none) => NEEDINFO

Comment 5 Philippe Flat 2012-06-22 22:05:31 CEST 
I have tried the fix given by Colin (libproxy) and it's OK.
Thanks

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 6 Olivier Blin 2012-06-24 16:36:16 CEST 
Which fix?
If it is only about uninstalling lib64proxy-mozjs, this is not a fix, that's a mere workaround.
Default installations will still have this bug, reopening.

Priority: Normal => High
Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Manuel Hiebel 2012-06-24 16:41:46 CEST

Keywords: NEEDINFO => (none)

Olivier Blin 2012-06-25 00:50:31 CEST

CC: (none) => anssi.hannula

Olivier Blin 2012-06-25 00:50:38 CEST

CC: (none) => tmb

Comment 7 Olivier Blin 2012-06-25 00:50:51 CEST 
openSUSE bug references:
https://bugzilla.novell.com/show_bug.cgi?id=759123
https://bugzilla.mozilla.org/show_bug.cgi?id=763185

They chose to disable libmozjs support in libproxy to fix it, but this means we would have to pull a huge webkit live on live CDs (to satisfy libproxy deps).

I have tried to build libxul.so with -Bsymbolic -Bsymbolic-functions linker flags, but it seems some exported symbols are still clashing between libxul.so and libmozjs185.so (pulled by libproxy).
Olivier Blin 2012-06-25 00:58:47 CEST

CC: (none) => mageia

Olivier Blin 2012-06-25 00:58:54 CEST

CC: (none) => thierry.vignaud

Florian Hubold 2012-08-16 21:12:19 CEST

CC: (none) => doktor5000

Olivier Blin 2012-09-08 19:27:04 CEST

Assignee: bugsquad => mageia

Comment 8 Olivier Blin 2012-09-08 20:38:36 CEST 
Working on it

Status: REOPENED => ASSIGNED

Comment 9 Olivier Blin 2012-09-08 20:58:17 CEST 
Fixed in libproxy-0.4.7-9.mga3

I have finally obsoleted the mozjs plugin, like OpenSUSE did.

Thomas: it will pull the additional libjavascriptcoregtk library on KDE live CDs, but that's better (smaller) than the previous builds which pulled the whole libwebkitgtk.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 10 Olivier Blin 2012-09-08 20:59:27 CEST 
https://bugzilla.mozilla.org/show_bug.cgi?id=423334 might also be related
Comment 11 Manuel Hiebel 2012-10-26 23:02:16 CEST 
*** Bug 7237 has been marked as a duplicate of this bug. ***

CC: (none) => shlomif