[Bug 462557] [NEW] firefox startup SEGV on amd64 when I installed chromebug

hkoba buribullet at gmail.com
Wed Oct 28 11:32:11 UTC 2009 

Public bug reported:

Binary package hint: firefox

Today, I observed SEGV of firefox-3.5 on amd64.

1) Ubuntu 9.10
2) firefox:
  Installed: 3.5.3+build1+nobinonly-0ubuntu6
  Candidate: 3.5.3+build1+nobinonly-0ubuntu6
  Version table:
 *** 3.5.3+build1+nobinonly-0ubuntu6 0
        500 http://jp.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

Here is gdb session, with backtrace.
I suspect pointer truncation (64 -> 32)
('script' should be 0x7fffe4867ab8, but it is 0xe4867ab8)
===============================================================

-arashi(pts/0)% firefox-3.5 -g -no-remote -p develuser
/usr/bin/gdb /usr/lib/firefox-3.5.3/firefox -x /tmp/mozargs.FMhm5G
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/firefox-3.5.3/firefox...(no debugging symbols found)...done.
(gdb) set height 0
(gdb) run
Starting program: /usr/lib/firefox-3.5.3/firefox -no-remote -p develuser
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe6cf0910 (LWP 15893)]
[New Thread 0x7fffe62e5910 (LWP 15894)]
[New Thread 0x7fffe51ff910 (LWP 15895)]

Program received signal SIGSEGV, Segmentation fault.
js_PCToLineNumber (cx=0x7fffe6fe2000, script=0x7fffe4867000, pc=0xe4867ab8 <Address 0xe4867ab8 out of bounds>) at jsscript.cpp:1808
1808    jsscript.cpp: No such file or directory.
        in jsscript.cpp
Current language:  auto
The current source language is "auto; currently c++".
(gdb) bt
#0  js_PCToLineNumber (cx=0x7fffe6fe2000, script=0x7fffe4867000, pc=0xe4867ab8 <Address 0xe4867ab8 out of bounds>) at jsscript.cpp:1808
#1  0x00007ffff53a3594 in jsd_GetClosestLine (jsdc=0x7ffff670c280, jsdscript=0x7fffe4866220, pc=3834018488) at jsd_scpt.c:523
#2  0x00007ffff53a96cd in jsds_FilterHook (jsdc=0x7ffff670c280, state=<value optimized out>) at jsd_xpc.cpp:400
#3  0x00007ffff53aa2f3 in jsds_ExecutionHookProc (jsdc=0x7ffff670c280, jsdthreadstate=0x7fffe48656c0, type=1, callerdata=<value optimized out>,
    rval=0x7fffffff9108) at jsd_xpc.cpp:680
#4  0x00007ffff53a26ef in jsd_CallExecutionHook (jsdc=0x7ffff670c280, cx=<value optimized out>, type=3834018488, hook=0x7ffff53aa1c4 <jsds_ExecutionHookProc>,
    hookData=0x1, rval=<value optimized out>) at jsd_hook.c:177
#5  0x00007ffff636936f in JS_HandleTrap (cx=0x7fffe6f09800, script=0x7fffe4867000, pc=0x7fffe4867ab8 "S", rval=0x7fffffff9108) at jsdbgapi.cpp:318
#6  0x00007ffff6381c4f in js_Interpret (cx=0x7fffe6f09800) at jsinterp.cpp:5647
#7  0x00007ffff638ebfd in js_Execute (cx=0x7fffe6f09800, chain=0x7fffe6ff7c80, script=0xe4867ab8, down=0x0, flags=<value optimized out>, result=0x7fffffff93e0)
    at jsinterp.cpp:1622
#8  0x00007ffff6357a48 in JS_ExecuteScript (cx=0x7fffe6fe2000, obj=0x7fffe4867000, script=0xe4867ab8, rval=0x3e11) at jsapi.cpp:5036
#9  0x00007ffff4d7502c in mozJSComponentLoader::GlobalForLocation (this=0x7ffff6760250, aComponent=0x7fffe5203540, aGlobal=0x7fffe5227128,
    aLocation=<value optimized out>, exception=<value optimized out>) at mozJSComponentLoader.cpp:1386
#10 0x00007ffff4d7602f in mozJSComponentLoader::LoadModule (this=0x7ffff6760250, aComponentFile=0x7fffe5203540, aResult=0x7fffffff9780)
    at mozJSComponentLoader.cpp:691
#11 0x00007ffff54ed8f3 in nsFactoryEntry::GetFactory (this=0x7ffff66e0c10, aFactory=0x7fffffff97c8) at nsComponentManager.cpp:3601
#12 0x00007ffff54eda15 in nsComponentManagerImpl::CreateInstanceByContractID (this=<value optimized out>, aContractID=<value optimized out>, aDelegate=0x0,
    aIID=..., aResult=0x7fffffff9840) at nsComponentManager.cpp:1682
#13 0x00007ffff54eea6a in nsComponentManagerImpl::GetServiceByContractID (this=0x7ffff6692160, aContractID=<value optimized out>, aIID=<value optimized out>,
    result=0x7fffffff98c8) at nsComponentManager.cpp:2253
#14 0x00007ffff54c4bd4 in nsGetServiceByContractIDWithError::operator() (this=0x7fffffff9940, aIID=..., aInstancePtr=0xe4867ab8) at nsComponentManagerUtils.cpp:288
#15 0x00007ffff54c434a in nsCOMPtr_base::assign_from_gs_contractid_with_error (this=0x7fffffff99b0, gs=..., iid=...) at nsCOMPtr.cpp:141
#16 0x00007ffff52ed5ca in nsCOMPtr<nsISupports>::operator= (this=<value optimized out>, aSubject=<value optimized out>, aTopic=0x7ffff5565984 "app-startup",
    someData=<value optimized out>) at ../../../../dist/include/xpcom/nsCOMPtr.h:1031
#17 nsAppStartupNotifier::Observe (this=<value optimized out>, aSubject=<value optimized out>, aTopic=0x7ffff5565984 "app-startup", someData=<value optimized out>)
    at nsAppStartupNotifier.cpp:94
#18 0x00007ffff4d185e2 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:3161
#19 0x000000000040271f in ?? ()
#20 0x00007ffff6be3abd in __libc_start_main () from /lib/libc.so.6
#21 0x0000000000401f99 in ?? ()
#22 0x00007fffffffe468 in ?? ()
#23 0x000000000000001c in ?? ()
#24 0x0000000000000004 in ?? ()
#25 0x00007fffffffe7de in ?? ()
#26 0x0000000000000000 in ?? ()
(gdb) up 9
#9  0x00007ffff4d7502c in mozJSComponentLoader::GlobalForLocation (this=0x7ffff6760250, aComponent=0x7fffe5203540, aGlobal=0x7fffe5227128,
    aLocation=<value optimized out>, exception=<value optimized out>) at mozJSComponentLoader.cpp:1386
1386    mozJSComponentLoader.cpp: No such file or directory.
        in mozJSComponentLoader.cpp
(gdb) p nativePath
$1 = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fffffff94f0 "file:///usr/lib/firefox-3.5.3/components/fuelApplication.js",
        mLength = 59, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63,
    mFixedBuf = 0x7fffffff94f0 "file:///usr/lib/firefox-3.5.3/components/fuelApplication.js"},
  mStorage = "file:///usr/lib/firefox-3.5.3/components/fuelApplication.js\000\377\177\000"}
(gdb) p *script
$2 = {code = 0x7fffe4867ab8 "S", length = 1850, version = 4276, nfixed = 101, objectsOffset = 80 'P', upvarsOffset = 0 '\000', regexpsOffset = 0 '\000',
  trynotesOffset = 0 '\000', flags = 0 '\000', main = 0x7fffe4867afd ";", atomMap = {vector = 0x7fffe4867060, length = 160},
  filename = 0x7fffe52295fd "file:///usr/lib/firefox-3.5.3/components/fuelApplication.js", lineno = 1, nslots = 108, staticLevel = 0, principals = 0x7fffe6f5e548,
  u = {object = 0x0, nextToGC = 0x0}}
(gdb) down
#8  0x00007ffff6357a48 in JS_ExecuteScript (cx=0x7fffe6fe2000, obj=0x7fffe4867000, script=0xe4867ab8, rval=0x3e11) at jsapi.cpp:5036
5036    jsapi.cpp: No such file or directory.
        in jsapi.cpp
(gdb) up
#9  0x00007ffff4d7502c in mozJSComponentLoader::GlobalForLocation (this=0x7ffff6760250, aComponent=0x7fffe5203540, aGlobal=0x7fffe5227128,
    aLocation=<value optimized out>, exception=<value optimized out>) at mozJSComponentLoader.cpp:1386
1386    mozJSComponentLoader.cpp: No such file or directory.
        in mozJSComponentLoader.cpp
(gdb) info registers
rax            0x0      0
rbx            0x7fffe5203540   140737037481280
rcx            0x1      1
rdx            0xe4867ab8       3834018488
rsi            0x7fffe4867000   140737027403776
rdi            0x7fffe6fe2000   140737068802048
rbp            0x1      0x1
rsp            0x7fffffff92d0   0x7fffffff92d0
r8             0x1      1
r9             0x3e11   15889
r10            0x7fffffff8b40   140737488325440
r11            0x7fffe6fe6980   140737068820864
r12            0x7ffff6760250   140737328317008
r13            0x7fffe4867000   140737027403776
r14            0x7fffe5227128   140737037627688
r15            0x7fffe6f09800   140737067915264
rip            0x7ffff4d7502c   0x7ffff4d7502c <mozJSComponentLoader::GlobalForLocation(nsILocalFile*, JSObject**, char**, long*)+2594>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa3   [ IE DE PE IM DM ZM OM UM PM ]
(gdb) x/8i $pc-32
0x7ffff4d7500c <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2562>:     mov    0x128(%rsp),%rdx
0x7ffff4d75014 <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2570>:     lea    0x110(%rsp),%rcx
0x7ffff4d7501c <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2578>:     mov    0x80(%rsp),%rdi
0x7ffff4d75024 <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2586>:     mov    %rsi,(%r14)
0x7ffff4d75027 <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2589>:     callq  0x7ffff4d09440 <JS_ExecuteScript at plt>
0x7ffff4d7502c <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2594>:     test   %eax,%eax
0x7ffff4d7502e <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2596>:
    jne    0x7ffff4d7503e <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2612>
0x7ffff4d75030 <_ZN20mozJSComponentLoader17GlobalForLocationEP12nsILocalFilePP8JSObjectPPcPl+2598>:     movq   $0x0,(%r14)
(gdb)

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

-- 
firefox startup SEGV on amd64 when I installed chromebug
https://bugs.launchpad.net/bugs/462557
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list