[Bug 949807] [NEW] firefox 11 SIGSEGV on startup when ocra/accessibility are enabled

Xerxes Rånby xerxes at zafena.se
Thu Mar 8 09:56:07 UTC 2012


Public bug reported:

Testcase:
enable the ocra screenreader in ubuntu system settings under accessibility
firefox now crash on startup with a segmentation fault casued by firefox and libatk-1.0.so.0 interaction.

quit ocra and disable the screen reader
firefox can now start normally again

Tested using Ubuntu 12.04 precise using
firefox_11.0~b5+build1-0ubuntu1_i386.deb
and
libatk1.0-0_2.3.91-0ubuntu1_i386.deb

Backtrace:
xranby at xranby-ESPRIMO-P7935:~$ firefox -g
GNU gdb (Ubuntu/Linaro 7.4-0ubuntu1) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/firefox-11.0/firefox...Reading symbols from /usr/lib/debug/usr/lib/firefox-11.0/firefox...done.
done.
(gdb) run
Starting program: /usr/lib/firefox-11.0/firefox
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb77ffb40 (LWP 18856)]
...
[New Thread 0xa70fdb40 (LWP 18876)]

Program received signal SIGSEGV, Segmentation fault.
0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
534	/build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp: Filen eller katalogen finns inte.
(gdb) bt
#0  0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
#1  0x00c72331 in nsGenericElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsGenericElement.cpp:4697
#2  0x00fa154a in nsXULElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:2229
#3  0x00fa15b5 in nsXULElement::FindLocalOrProtoAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.h:625
#4  0x00fa17ac in nsXULElement::GetAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040, aResult=...)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:1221
#5  0x00c57735 in nsDocument::GetTitle (this=0xac0c7000, aTitle=...)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsDocument.cpp:5200
#6  0x0130169d in GetName (aName=..., this=0xa81ca500)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:142
#7  nsRootAccessible::GetName (this=0xa81ca500, aName=...)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:126
#8  0x01317698 in getNameCB (aAtkObj=0xa8fdd7f0)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:710
#9  0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
#10 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
#11 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
#12 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
#13 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
#14 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
    at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
#15 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
#16 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
...

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  Testcase:
  enable the ocra screenreader in ubuntu system settings under accessibility
  firefox now crash on startup with a segmentation fault casued by firefox and libatk-1.0.so.0 interaction.
  
  quit ocra and disable the screen reader
  firefox can now start normally again
+ 
+ Tested using Ubuntu 12.04 precise using
+ firefox_11.0~b5+build1-0ubuntu1_i386.deb
+ and
+ libatk1.0-0_2.3.91-0ubuntu1_i386.deb
  
  Backtrace:
  xranby at xranby-ESPRIMO-P7935:~$ firefox -g
  GNU gdb (Ubuntu/Linaro 7.4-0ubuntu1) 7.4
  Copyright (C) 2012 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "i686-linux-gnu".
  For bug reporting instructions, please see:
  <http://www.gnu.org/software/gdb/bugs/>...
  Reading symbols from /usr/lib/firefox-11.0/firefox...Reading symbols from /usr/lib/debug/usr/lib/firefox-11.0/firefox...done.
  done.
  (gdb) run
- Starting program: /usr/lib/firefox-11.0/firefox 
+ Starting program: /usr/lib/firefox-11.0/firefox
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
  [New Thread 0xb77ffb40 (LWP 18856)]
  [New Thread 0xb6adab40 (LWP 18857)]
  [New Thread 0xb62d9b40 (LWP 18858)]
  [New Thread 0xb58ffb40 (LWP 18859)]
  [New Thread 0xb50feb40 (LWP 18860)]
  [New Thread 0xb48fdb40 (LWP 18861)]
  [New Thread 0xb40fcb40 (LWP 18862)]
  [New Thread 0xb36ffb40 (LWP 18863)]
  [New Thread 0xb2efeb40 (LWP 18864)]
  [New Thread 0xabfffb40 (LWP 18865)]
  [New Thread 0xab4ffb40 (LWP 18866)]
  [New Thread 0xaaaffb40 (LWP 18867)]
  [New Thread 0xaa2feb40 (LWP 18868)]
  [New Thread 0xa9afdb40 (LWP 18869)]
  [Thread 0xaa2feb40 (LWP 18868) exited]
  [Thread 0xa9afdb40 (LWP 18869) exited]
  [Thread 0xaaaffb40 (LWP 18867) exited]
  [New Thread 0xaa2feb40 (LWP 18870)]
  [New Thread 0xaaaffb40 (LWP 18871)]
  [New Thread 0xa9afdb40 (LWP 18872)]
  [New Thread 0xa8affb40 (LWP 18873)]
  [New Thread 0xa80ffb40 (LWP 18874)]
  [New Thread 0xa78feb40 (LWP 18875)]
  [New Thread 0xa70fdb40 (LWP 18876)]
  
  Program received signal SIGSEGV, Segmentation fault.
  0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
  534	/build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp: Filen eller katalogen finns inte.
  (gdb) bt
  #0  0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
  #1  0x00c72331 in nsGenericElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsGenericElement.cpp:4697
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsGenericElement.cpp:4697
  #2  0x00fa154a in nsXULElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:2229
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:2229
  #3  0x00fa15b5 in nsXULElement::FindLocalOrProtoAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.h:625
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.h:625
  #4  0x00fa17ac in nsXULElement::GetAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040, aResult=...)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:1221
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:1221
  #5  0x00c57735 in nsDocument::GetTitle (this=0xac0c7000, aTitle=...)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsDocument.cpp:5200
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsDocument.cpp:5200
  #6  0x0130169d in GetName (aName=..., this=0xa81ca500)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:142
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:142
  #7  nsRootAccessible::GetName (this=0xa81ca500, aName=...)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:126
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:126
  #8  0x01317698 in getNameCB (aAtkObj=0xa8fdd7f0)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:710
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:710
  #9  0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #10 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #11 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
  #12 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #13 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #14 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
-     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
+     at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
  #15 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #16 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  ...

** Description changed:

  Testcase:
  enable the ocra screenreader in ubuntu system settings under accessibility
  firefox now crash on startup with a segmentation fault casued by firefox and libatk-1.0.so.0 interaction.
  
  quit ocra and disable the screen reader
  firefox can now start normally again
  
  Tested using Ubuntu 12.04 precise using
  firefox_11.0~b5+build1-0ubuntu1_i386.deb
  and
  libatk1.0-0_2.3.91-0ubuntu1_i386.deb
  
  Backtrace:
  xranby at xranby-ESPRIMO-P7935:~$ firefox -g
  GNU gdb (Ubuntu/Linaro 7.4-0ubuntu1) 7.4
  Copyright (C) 2012 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "i686-linux-gnu".
  For bug reporting instructions, please see:
  <http://www.gnu.org/software/gdb/bugs/>...
  Reading symbols from /usr/lib/firefox-11.0/firefox...Reading symbols from /usr/lib/debug/usr/lib/firefox-11.0/firefox...done.
  done.
  (gdb) run
  Starting program: /usr/lib/firefox-11.0/firefox
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
  [New Thread 0xb77ffb40 (LWP 18856)]
- [New Thread 0xb6adab40 (LWP 18857)]
- [New Thread 0xb62d9b40 (LWP 18858)]
- [New Thread 0xb58ffb40 (LWP 18859)]
- [New Thread 0xb50feb40 (LWP 18860)]
- [New Thread 0xb48fdb40 (LWP 18861)]
- [New Thread 0xb40fcb40 (LWP 18862)]
- [New Thread 0xb36ffb40 (LWP 18863)]
- [New Thread 0xb2efeb40 (LWP 18864)]
- [New Thread 0xabfffb40 (LWP 18865)]
- [New Thread 0xab4ffb40 (LWP 18866)]
- [New Thread 0xaaaffb40 (LWP 18867)]
- [New Thread 0xaa2feb40 (LWP 18868)]
- [New Thread 0xa9afdb40 (LWP 18869)]
- [Thread 0xaa2feb40 (LWP 18868) exited]
- [Thread 0xa9afdb40 (LWP 18869) exited]
- [Thread 0xaaaffb40 (LWP 18867) exited]
- [New Thread 0xaa2feb40 (LWP 18870)]
- [New Thread 0xaaaffb40 (LWP 18871)]
- [New Thread 0xa9afdb40 (LWP 18872)]
- [New Thread 0xa8affb40 (LWP 18873)]
- [New Thread 0xa80ffb40 (LWP 18874)]
- [New Thread 0xa78feb40 (LWP 18875)]
+ ...
  [New Thread 0xa70fdb40 (LWP 18876)]
  
  Program received signal SIGSEGV, Segmentation fault.
  0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
  534	/build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp: Filen eller katalogen finns inte.
  (gdb) bt
  #0  0x00c25d82 in nsAttrAndChildArray::IndexOfAttr (this=0xab5b3f4c, aLocalName=0xb3731040, aNamespaceID=0)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsAttrAndChildArray.cpp:534
  #1  0x00c72331 in nsGenericElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsGenericElement.cpp:4697
  #2  0x00fa154a in nsXULElement::GetAttrInfo (this=0xab5b3f10, aNamespaceID=0, aName=0xb3731040)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:2229
  #3  0x00fa15b5 in nsXULElement::FindLocalOrProtoAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.h:625
  #4  0x00fa17ac in nsXULElement::GetAttr (this=0xab5b3f10, aNameSpaceID=0, aName=0xb3731040, aResult=...)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/xul/content/src/nsXULElement.cpp:1221
  #5  0x00c57735 in nsDocument::GetTitle (this=0xac0c7000, aTitle=...)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/content/base/src/nsDocument.cpp:5200
  #6  0x0130169d in GetName (aName=..., this=0xa81ca500)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:142
  #7  nsRootAccessible::GetName (this=0xa81ca500, aName=...)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/base/nsRootAccessible.cpp:126
  #8  0x01317698 in getNameCB (aAtkObj=0xa8fdd7f0)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:710
  #9  0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #10 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #11 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
  #12 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #13 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #14 0x013176f5 in getNameCB (aAtkObj=0xa8fdd7f0)
      at /build/buildd/firefox-11.0~b5+build1/build-tree/mozilla/accessible/src/atk/nsAccessibleWrap.cpp:716
  #15 0x02c3d8d6 in atk_object_get_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  #16 0x02c3e483 in atk_object_set_name () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0
  ...

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/949807

Title:
  firefox 11 SIGSEGV on startup when ocra/accessibility are enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/949807/+subscriptions




More information about the Ubuntu-mozillateam-bugs mailing list