Browser crashes when browsing the vulnerabilities database part of the site

VERIFIED WORKSFORME

Status

()

Core
ImageLib
--
critical
VERIFIED WORKSFORME
17 years ago
17 years ago

People

(Reporter: Dmitriy Kropivnitskiy, Assigned: Stuart Parmenter)

Tracking

({crash})

Trunk
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010917
BuildID:    2001091717

Browser crashes when trying to access securityfocus.com. For testing I would
suggest going to 
http://www.securityfocus.com/cgi-bin/vulns.pl?section=vendor
and switching between the tabs a bit. Also choose a piece of software 
and then switch to a different tab.

Reproducible: Always
Steps to Reproduce:
See description

Actual Results:  Crash

Expected Results:  Browse

Comment 1

17 years ago
Reporter,

Can you use a Talkback-enabled build available here:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu-sea.tar.gz
and report a Talkback ID when crashing.
Do you have Java or Flash installed ?
(Reporter)

Comment 3

17 years ago
Yes it is the same bug as 101506. I have found it to happen more frequently
in this particular situation. Rather unfortunately securityfocus.com just
changed their site design, so this might be something different now. I have both 
flash and java, and I will run the  talkback version and get back to you.
(Reporter)

Comment 4

17 years ago
Created attachment 50901 [details]
Talk Back agent
(Reporter)

Comment 5

17 years ago
Here is the feedback agent info, with this build the behavior changed and out of
4 times I tried to replay the bug, 3 times mozilla froze and had to be killed.
4th time though it crashed all by itself and that's where I got the talkback from.

Comment 6

17 years ago
Reporter,

Can you mention the Talkback ID from your crash ?

Go to mozilla/components/ and launch the talkback binary, it should mention a
Talkback ID (such as TB1234567......) related to your crash. It's easier for
Netscape engineers to decode the stack with this.
BTW, can you also try without Flash nor Java and report Talkback ID (if you
manage to crash) ? It might ease confirming this bug as a dup of bug 101506.
(Reporter)

Comment 7

17 years ago
This is strange, since I have sent the whole thing as an attachment, but here
they are: TB35913205X and TB35913085K

Comment 8

17 years ago
Asa, can you retreive talkback data ?
Severity: major → critical
Keywords: crash

Comment 9

17 years ago
Incident ID 35913205
Stack Signature libc.so.6 + 0x70c3d (0x404e6c3d) 78391e4c
Bug ID
Trigger Time 2001-09-26 10:19:51
Email Address dkropivnitskiy@tigertesting.com
User Comments trying to change tab in /cgi-bin/vulns.pl
Build ID 2001092608
Product ID MozillaTrunk
Platform ID LinuxIntel
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Stack Trace
libc.so.6 + 0x70c3d (0x404e6c3d)
libc.so.6 + 0x70b03 (0x404e6b03)
libstdc++-libc6.1-1.so.2 + 0x30d1e (0x405b7d1e)
XPCWrappedNative::~XPCWrappedNative()
XPCWrappedNative::Release()
XPCWrappedNative::FlatJSObjectFinalized()
XPC_WN_NoHelper_Finalize()
js_FinalizeObject()
js_GC()
js_ForceGC()
JS_GC()
nsJSContext::GC()
GlobalWindowImpl::SetNewDocument()
DocumentViewerImpl::Init()
nsDocShell::SetupNewViewer()
nsWebShell::SetupNewViewer()
nsDocShell::Embed()
nsWebShell::Embed()
nsDocShell::CreateContentViewer()
nsDSURIContentListener::DoContent()
nsDocumentOpenInfo::DispatchContent()
nsDocumentOpenInfo::OnStartRequest()
nsHttpChannel::ProcessNormal()
nsHttpChannel::ProcessResponse()
nsHttpChannel::OnStartRequest()
nsOnStartRequestEvent::HandleEvent()
nsARequestObserverEvent::HandlePLEvent()
PL_HandleEvent()
PL_ProcessPendingEvents()
nsEventQueueImpl::ProcessPendingEvents()
event_processor_callback()
our_gdk_io_invoke()
libglib-1.2.so.0 + 0xec40 (0x4034fc40)
libglib-1.2.so.0 + 0x10308 (0x40351308)
libglib-1.2.so.0 + 0x10913 (0x40351913)
libglib-1.2.so.0 + 0x10aac (0x40351aac)
libgtk-1.2.so.0 + 0x8d7e7 (0x402747e7)
nsAppShell::Run()
nsAppShellService::Run()
main1()
main()
libc.so.6 + 0x1d2eb (0x404932eb) 

and 

Incident ID 35913085
Stack Signature libc.so.6 + 0x70c2e (0x404e6c2e) 1afd528b
Bug ID
Trigger Time 2001-09-26 10:09:24
Email Address dkropivnitskiy@tigertesting.com
User Comments Tried to change the tab in /cgi-bin/vulns.pl
Build ID 2001092608
Product ID MozillaTrunk
Platform ID LinuxIntel
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Stack Trace
libc.so.6 + 0x70c2e (0x404e6c2e)
libc.so.6 + 0x70b03 (0x404e6b03)
PR_Free()
nsMemoryImpl::Free()
nsMemory::Free()
JSClassSweeper()
JS_DHashTableEnumerate()
XPCJSRuntime::GCCallback()
DOMGCCallback()
js_GC()
js_ForceGC()
JS_GC()
nsJSContext::GC()
GlobalWindowImpl::SetNewDocument()
DocumentViewerImpl::Init()
nsDocShell::SetupNewViewer()
nsWebShell::SetupNewViewer()
nsDocShell::Embed()
nsWebShell::Embed()
nsDocShell::CreateContentViewer()
nsDSURIContentListener::DoContent()
nsDocumentOpenInfo::DispatchContent()
nsDocumentOpenInfo::OnStartRequest()
nsHttpChannel::ProcessNormal()
nsHttpChannel::ProcessResponse()
nsHttpChannel::OnStartRequest()
nsOnStartRequestEvent::HandleEvent()
nsARequestObserverEvent::HandlePLEvent()
PL_HandleEvent()
PL_ProcessPendingEvents()
nsEventQueueImpl::ProcessPendingEvents()
event_processor_callback()
our_gdk_io_invoke()
libglib-1.2.so.0 + 0xec40 (0x4034fc40)
libglib-1.2.so.0 + 0x10308 (0x40351308)
libglib-1.2.so.0 + 0x10913 (0x40351913)
libglib-1.2.so.0 + 0x10aac (0x40351aac)
libgtk-1.2.so.0 + 0x8d7e7 (0x402747e7)
nsAppShell::Run()
nsAppShellService::Run()
main1()
main()
libc.so.6 + 0x1d2eb (0x404932eb) 

Comment 10

17 years ago
Sig11 can be a hardware problem: http://www.bitwizard.nl/sig11/ . Perhaps it's very
sensitive, and the slightest bug triggers the crash. Try to run RC5 (
http://www.distributed.net/ ) and compiling kernel, I reproduce Sig11 with this
every time on my AMD K6 machine.

Perhaps dup of bug 98756 (I got a Sig11 on this one with AMD CPU, but might be a
hardware problem ?) or dup of bug 86591.

Sig11 being a hardware problem is very strange because bug 101506 was submitted
nearly at the same as this one and on the same site (securityfocus.com).
(Reporter)

Comment 11

17 years ago
I have been compiling kernels on this system many times. I have seen load 60
on this system without problems. All the rest of the applications run just fine
including memory hogging ones ( KDE, GNOME, netscape, nessus ). More then that,
if I don't go to securityfocus.com I can browse for hours without crashing.
(Reporter)

Comment 12

17 years ago
Oh, yes, and in case you have been wondering the ids I have sent you are from
the times mozilla froze on securityfocus.com since after it crashes on that one
it doesn't leave the talkback info.
(Reporter)

Comment 13

17 years ago
This is a normal one TB35924293E

Comment 14

17 years ago
Sorry if I seemed 'agressive', the Sig11 also occurs on my machine with a
K6/2-500 and I was told it's a hardware problem although it's been a stable web
server for years. I'm trying to reproduce Sig11 problems on non-K6 machines,
perhaps it's finally nothing to do with a hardware problem after all...

Comment 15

17 years ago
Incident ID 35924293
Stack Signature nsCOMPtr_base::~nsCOMPtr_base() f823c795
Bug ID
Trigger Time 2001-09-26 14:46:25
Email Address dkropivnitskiy@tigertesting.com
User Comments Tried to switch tabs again
Build ID 2001092608
Product ID MozillaTrunk
Platform ID LinuxIntel
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Stack Trace
nsCOMPtr_base::~nsCOMPtr_base()
XPCWrappedNative::~XPCWrappedNative()
XPCWrappedNative::Release()
XPCWrappedNative::FlatJSObjectFinalized()
<snip>....

Comment 16

17 years ago
*** Bug 102137 has been marked as a duplicate of this bug. ***

Comment 17

17 years ago
*** Bug 101506 has been marked as a duplicate of this bug. ***

Comment 18

17 years ago
Adding talkback data from bug 101506 which is obviously the same bug happening
on same platform and same URL:

Incident ID 35847433
Stack Signature libX11.so.6 + 0x2102f (0x403b102f) f4e0ddf9
Bug ID
Trigger Time 2001-09-25 03:27:45
Email Address tet@accucard.com
User Comments Just reading the page. It had finished loading, and after a few
seconds (maybe a minute or so), the browser just died. Note that this is
repeatable by going to the same site.
Build ID 2001091311
Product ID Netscape6.20
Platform ID LinuxIntel
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Stack Trace
libX11.so.6 + 0x2102f (0x403b102f)
nsImageGTK::DrawToImage()
gfxImageFrame::DrawTo()
imgContainer::DoComposite()
imgContainer::Notify()
nsTimerGtk::FireTimeout()
process_timers()
TimerCallbackFunc()
libglib-1.2.so.0 + 0x12731 (0x4036e731)
libglib-1.2.so.0 + 0x117f3 (0x4036d7f3)
libglib-1.2.so.0 + 0x11dd9 (0x4036ddd9)
libglib-1.2.so.0 + 0x11f8c (0x4036df8c)
libgtk-1.2.so.0 + 0x94803 (0x40282803)
nsAppShell::Run()
nsAppShellService::Run()
main1()
main()
libc.so.6 + 0x1c177 (0x404b0177) 

and without flash:
Incident ID 35852616
Stack Signature libc.so.6 + 0x80017 (0x40514017) bbbb7e01
Bug ID
Trigger Time 2001-09-25 05:54:49
Email Address tet@accucard.com
User Comments Just leaving the page to go to a new one (by typing in a new URL)
Build ID 2001091311
Product ID Netscape6.20
Platform ID LinuxIntel
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Stack Trace
libc.so.6 + 0x80017 (0x40514017)
libc.so.6 + 0x7fd59 (0x40513d59)
libstdc++-libc6.1-1.so.2 + 0x3132e (0x405f532e)
nsImageGTK::~nsImageGTK()
nsImageGTK::Release()
nsCOMPtr_base::~nsCOMPtr_base()
gfxImageFrame::~gfxImageFrame()
gfxImageFrame::Release()
nsSupportsArray::Clear()
imgContainer::~imgContainer()
imgContainer::Release()
nsCOMPtr_base::~nsCOMPtr_base()
imgRequest::~imgRequest()
imgRequest::Release()
EventHandler()
PL_HandleEvent()
PL_ProcessEventsBeforeID()
processQueue()
nsVoidArray::EnumerateForwards()
nsAppShell::ProcessBeforeID()
handle_gdk_event()
libgdk-1.2.so.0 + 0x17e4f (0x4033ae4f)
libglib-1.2.so.0 + 0x117f3 (0x4036d7f3)
libglib-1.2.so.0 + 0x11dd9 (0x4036ddd9)
libglib-1.2.so.0 + 0x11f8c (0x4036df8c)
libgtk-1.2.so.0 + 0x94803 (0x40282803)
nsAppShell::Run()
nsAppShellService::Run()
main1()
main()
libc.so.6 + 0x1c177 (0x404b0177) 
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 19

17 years ago
->imagelib.
Assignee: asa → pavlov
Component: Browser-General → ImageLib
QA Contact: doronr → tpreston
*** Bug 102889 has been marked as a duplicate of this bug. ***
The last stack trace is the same as one of the ones in bug 92577, which is a
topcrash.
*** Bug 103666 has been marked as a duplicate of this bug. ***

Comment 23

17 years ago
I'm no longer seeing a crash here, reporter are you still seeing this with a new
build?  I'm closing out as WFM but please reopen if you are still crashing
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME

Comment 24

17 years ago
Still WFM linux build 2002012808, marking as such
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.